[geloest] Webmin Website mit Fehlermeldung

sharbich · Beitrag von **sharbich** » 17.07.2019 21:04:00

Hallo Ihr Lieben,
ich nutze den Apache Webserver als Proxy. So kann ich direkt ohne Port Angabe die Webmin Seite öffnen. Hier die proxy.conf dazu:

Code: Alles auswählen

        <VirtualHost *:443>
                ServerName webmin.example.com
                ProxyPass / https://webmin.example.com:10000/
                ProxyPassReverse / https://webmin.example.com:10000/
                ProxyPreserveHost on
                SSLProxyEngine on
                SSLEngine on
                SSLCertificateFile /etc/ssl/certs/webmin.example.com.pem
                SSLCertificateKeyFile /etc/ssl/private/webmin.example.com.key
                SSLProxyVerify none
                SSLProxyCheckPeerCN off
                SSLProxyCheckPeerName off
                SSLProxyCheckPeerExpire off
                ErrorLog /var/log/apache2/apache-webmin-error.log
                TransferLog /var/log/apache2/apache-webmin-access.log
                CustomLog /var/log/apache2/apache-webmin-request.log combined
        </VirtualHost>

Leider bekomme ich beim Zugriff auf diese Seite immer folgende Fehlermeldung:

Code: Alles auswählen

Proxy Error
The proxy server could not handle the request GET /.
Reason: Error during SSL Handshake with remote server

Apache/2.4.38 (Debian) Server at webmin.example.com Port 443

Das apache-webmin-error log sagt dazu folgendes:

Code: Alles auswählen

[Wed Jul 17 21:01:43.239766 2019] [ssl:info] [pid 18588] [client 192.168.30.67:40278] AH01998: Connection closed to child 0 with abortive shutdown (server webmin.example.com:443)
[Wed Jul 17 21:01:43.270948 2019] [socache_shmcb:debug] [pid 18589] mod_socache_shmcb.c(495): AH00831: socache_shmcb_store (0x1e -> subcache 30)
[Wed Jul 17 21:01:43.270975 2019] [socache_shmcb:debug] [pid 18589] mod_socache_shmcb.c(849): AH00847: insert happened at idx=0, data=(0:32)
[Wed Jul 17 21:01:43.270983 2019] [socache_shmcb:debug] [pid 18589] mod_socache_shmcb.c(854): AH00848: finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/212
[Wed Jul 17 21:01:43.270989 2019] [socache_shmcb:debug] [pid 18589] mod_socache_shmcb.c(516): AH00834: leaving socache_shmcb_store successfully
[Wed Jul 17 21:01:43.271125 2019] [socache_shmcb:debug] [pid 18589] mod_socache_shmcb.c(495): AH00831: socache_shmcb_store (0xd7 -> subcache 23)
[Wed Jul 17 21:01:43.271153 2019] [socache_shmcb:debug] [pid 18589] mod_socache_shmcb.c(849): AH00847: insert happened at idx=0, data=(0:32)
[Wed Jul 17 21:01:43.271164 2019] [socache_shmcb:debug] [pid 18589] mod_socache_shmcb.c(854): AH00848: finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/212
[Wed Jul 17 21:01:43.271173 2019] [socache_shmcb:debug] [pid 18589] mod_socache_shmcb.c(516): AH00834: leaving socache_shmcb_store successfully
[Wed Jul 17 21:01:43.271378 2019] [ssl:debug] [pid 18589] ssl_engine_kernel.c(383): [client 192.168.30.67:40280] AH02034: Initial (No.1) HTTPS request received for child 1 (server webmin.example.com:443)
[Wed Jul 17 21:01:43.271430 2019] [authz_core:debug] [pid 18589] mod_authz_core.c(846): [client 192.168.30.67:40280] AH01628: authorization result: granted (no directives)
[Wed Jul 17 21:01:43.271453 2019] [gnutls:debug] [pid 18589] gnutls_hooks.c(1354): [client 192.168.30.67:40280] request declined in mgs_hook_fixups
[Wed Jul 17 21:01:43.271522 2019] [proxy:debug] [pid 18589] mod_proxy.c(1248): [client 192.168.30.67:40280] AH01143: Running scheme https handler (attempt 0)
[Wed Jul 17 21:01:43.271533 2019] [proxy_ajp:debug] [pid 18589] mod_proxy_ajp.c(739): [client 192.168.30.67:40280] AH00894: declining URL https://webmin.example.com:10000/
[Wed Jul 17 21:01:43.271541 2019] [proxy:debug] [pid 18589] proxy_util.c(2319): AH00942: HTTPS: has acquired connection for (webmin.example.com)
[Wed Jul 17 21:01:43.271551 2019] [proxy:debug] [pid 18589] proxy_util.c(2372): [client 192.168.30.67:40280] AH00944: connecting https://webmin.example.com:10000/ to webmin.example.com:10000
[Wed Jul 17 21:01:43.271591 2019] [proxy:debug] [pid 18589] proxy_util.c(2581): [client 192.168.30.67:40280] AH00947: connected / to webmin.example.com:10000
[Wed Jul 17 21:01:43.271687 2019] [proxy:debug] [pid 18589] proxy_util.c(3050): AH02824: HTTPS: connection established with 192.168.20.28:10000 (webmin.example.com)
[Wed Jul 17 21:01:43.271713 2019] [proxy:debug] [pid 18589] proxy_util.c(3218): AH00962: HTTPS: connection complete to 192.168.20.28:10000 (webmin.example.com)
[Wed Jul 17 21:01:43.271728 2019] [gnutls:debug] [pid 18589] gnutls_hooks.c(1252): [remote 192.168.20.28:10000] mgs_hook_pre_connection declined connection
[Wed Jul 17 21:01:43.271734 2019] [ssl:info] [pid 18589] [remote 192.168.20.28:10000] AH01964: Connection to child 0 established (server webmin.example.com:443)
[Wed Jul 17 21:01:43.273659 2019] [ssl:info] [pid 18589] [remote 192.168.20.28:10000] AH02003: SSL Proxy connect failed
[Wed Jul 17 21:01:43.273715 2019] [ssl:info] [pid 18589] SSL Library Error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
[Wed Jul 17 21:01:43.273729 2019] [ssl:info] [pid 18589] [remote 192.168.20.28:10000] AH01998: Connection closed to child 0 with abortive shutdown (server webmin.example.com:443)
[Wed Jul 17 21:01:43.273772 2019] [ssl:info] [pid 18589] [remote 192.168.20.28:10000] AH01997: SSL handshake failed: sending 502
[Wed Jul 17 21:01:43.273783 2019] [proxy:error] [pid 18589] (20014)Internal error (specific information not available): [client 192.168.30.67:40280] AH01084: pass request body failed to 192.168.20.28:10000 (webmin.example.com)
[Wed Jul 17 21:01:43.273827 2019] [proxy:error] [pid 18589] [client 192.168.30.67:40280] AH00898: Error during SSL Handshake with remote server returned by /
[Wed Jul 17 21:01:43.273834 2019] [proxy_http:error] [pid 18589] [client 192.168.30.67:40280] AH01097: pass request body failed to 192.168.20.28:10000 (webmin.example.com) from 192.168.30.67 ()
[Wed Jul 17 21:01:43.273840 2019] [proxy:debug] [pid 18589] proxy_util.c(2334): AH00943: HTTPS: has released connection for (webmin.example.com)
[Wed Jul 17 21:01:43.274166 2019] [ssl:debug] [pid 18589] ssl_engine_io.c(1106): [client 192.168.30.67:40280] AH02001: Connection closed to child 1 with standard shutdown (server webmin.example.com:443)
[Wed Jul 17 21:01:43.510653 2019] [ssl:info] [pid 18591] [client 192.168.30.67:40282] AH01998: Connection closed to child 3 with abortive shutdown (server webmin.example.com:443)
[Wed Jul 17 21:01:43.531177 2019] [socache_shmcb:debug] [pid 18590] mod_socache_shmcb.c(495): AH00831: socache_shmcb_store (0x86 -> subcache 6)
[Wed Jul 17 21:01:43.531215 2019] [socache_shmcb:debug] [pid 18590] mod_socache_shmcb.c(849): AH00847: insert happened at idx=0, data=(0:32)
[Wed Jul 17 21:01:43.531223 2019] [socache_shmcb:debug] [pid 18590] mod_socache_shmcb.c(854): AH00848: finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/212
[Wed Jul 17 21:01:43.531229 2019] [socache_shmcb:debug] [pid 18590] mod_socache_shmcb.c(516): AH00834: leaving socache_shmcb_store successfully
[Wed Jul 17 21:01:43.531504 2019] [ssl:debug] [pid 18590] ssl_engine_kernel.c(383): [client 192.168.30.67:40284] AH02034: Initial (No.1) HTTPS request received for child 2 (server webmin.example.com:443), referer: https://webmin.example.com/
[Wed Jul 17 21:01:43.531561 2019] [authz_core:debug] [pid 18590] mod_authz_core.c(846): [client 192.168.30.67:40284] AH01628: authorization result: granted (no directives), referer: https://webmin.example.com/
[Wed Jul 17 21:01:43.531591 2019] [gnutls:debug] [pid 18590] gnutls_hooks.c(1354): [client 192.168.30.67:40284] request declined in mgs_hook_fixups, referer: https://webmin.example.com/
[Wed Jul 17 21:01:43.531667 2019] [proxy:debug] [pid 18590] mod_proxy.c(1248): [client 192.168.30.67:40284] AH01143: Running scheme https handler (attempt 0), referer: https://webmin.example.com/
[Wed Jul 17 21:01:43.531679 2019] [proxy_ajp:debug] [pid 18590] mod_proxy_ajp.c(739): [client 192.168.30.67:40284] AH00894: declining URL https://webmin.example.com:10000/favicon.ico, referer: https://webmin.example.com/
[Wed Jul 17 21:01:43.531692 2019] [proxy:debug] [pid 18590] proxy_util.c(2319): AH00942: HTTPS: has acquired connection for (webmin.example.com)
[Wed Jul 17 21:01:43.531700 2019] [proxy:debug] [pid 18590] proxy_util.c(2372): [client 192.168.30.67:40284] AH00944: connecting https://webmin.example.com:10000/favicon.ico to webmin.example.com:10000, referer: https://webmin.example.com/
[Wed Jul 17 21:01:43.531739 2019] [proxy:debug] [pid 18590] proxy_util.c(2581): [client 192.168.30.67:40284] AH00947: connected /favicon.ico to webmin.example.com:10000, referer: https://webmin.example.com/
[Wed Jul 17 21:01:43.531845 2019] [proxy:debug] [pid 18590] proxy_util.c(3050): AH02824: HTTPS: connection established with 192.168.20.28:10000 (webmin.example.com)
[Wed Jul 17 21:01:43.531875 2019] [proxy:debug] [pid 18590] proxy_util.c(3218): AH00962: HTTPS: connection complete to 192.168.20.28:10000 (webmin.example.com)
[Wed Jul 17 21:01:43.531890 2019] [gnutls:debug] [pid 18590] gnutls_hooks.c(1252): [remote 192.168.20.28:10000] mgs_hook_pre_connection declined connection
[Wed Jul 17 21:01:43.531897 2019] [ssl:info] [pid 18590] [remote 192.168.20.28:10000] AH01964: Connection to child 0 established (server webmin.example.com:443)
[Wed Jul 17 21:01:43.534061 2019] [ssl:info] [pid 18590] [remote 192.168.20.28:10000] AH02003: SSL Proxy connect failed
[Wed Jul 17 21:01:43.534138 2019] [ssl:info] [pid 18590] SSL Library Error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
[Wed Jul 17 21:01:43.534160 2019] [ssl:info] [pid 18590] [remote 192.168.20.28:10000] AH01998: Connection closed to child 0 with abortive shutdown (server webmin.example.com:443)
[Wed Jul 17 21:01:43.534202 2019] [ssl:info] [pid 18590] [remote 192.168.20.28:10000] AH01997: SSL handshake failed: sending 502
[Wed Jul 17 21:01:43.534214 2019] [proxy:error] [pid 18590] (20014)Internal error (specific information not available): [client 192.168.30.67:40284] AH01084: pass request body failed to 192.168.20.28:10000 (webmin.example.com), referer: https://webmin.example.com/
[Wed Jul 17 21:01:43.534240 2019] [proxy:error] [pid 18590] [client 192.168.30.67:40284] AH00898: Error during SSL Handshake with remote server returned by /favicon.ico, referer: https://webmin.example.com/
[Wed Jul 17 21:01:43.534247 2019] [proxy_http:error] [pid 18590] [client 192.168.30.67:40284] AH01097: pass request body failed to 192.168.20.28:10000 (webmin.example.com) from 192.168.30.67 (), referer: https://webmin.example.com/
[Wed Jul 17 21:01:43.534255 2019] [proxy:debug] [pid 18590] proxy_util.c(2334): AH00943: HTTPS: has released connection for (webmin.example.com)
[Wed Jul 17 21:01:43.534592 2019] [ssl:debug] [pid 18590] ssl_engine_io.c(1106): [client 192.168.30.67:40284] AH02001: Connection closed to child 2 with standard shutdown (server webmin.example.com:443)

Habt Ihr noch einen Tipp für mich was ich noch in der Konfiguration anpassen muss?
Vorab Lieben Dank von Stefan Harbich

sharbich · Beitrag von **sharbich** » 18.07.2019 00:20:54

Hallo Ihr Lieben,
ich konnte das Problem selbst lösen. Ich habe es jetzt geschafft die Webmin Seite über HTTPS über den Apache Proxy zu öffnen. Ich musste die Zertifikate im VHost und in der Webmin Konfiguration hinterlegen. Da ich ein Zertifikat über meine eigene CA erstellt habe und den key nicht in Klartext hinterlegt habe (Fängt an mit -----BEGIN RSA PRIVATE KEY-----) kam damit der Webmin Dienst nicht klar. Erst als ich den key in Klartext hinterlegt habe:

Code: Alles auswählen

openssl rsa -in key.pem -out key.key

Kam der Apache und der Webmin Dienst damit zurecht. Ich poste Euch mal meine VHOST und Webmin Konfiguration.
VHOST

Code: Alles auswählen

root@dsme01:~# nano /etc/apache2/mods-available/proxy.conf
        <VirtualHost *:443>
                ServerName webmin.example.com
                ProxyPass / https://webmin.example.com:10000/
                ProxyPassReverse / https://webmin.example.com:10000/
                ProxyPreserveHost on
                SSLProxyEngine on
                SSLEngine on
                SSLCertificateFile /etc/ssl/certs/webmin.example.com.pem
                SSLCertificateKeyFile /etc/ssl/private/webmin.example.com.key
                SSLProxyVerify none
                SSLProxyCheckPeerCN off
                SSLProxyCheckPeerName off
                SSLProxyCheckPeerExpire off
                ErrorLog /var/log/apache2/apache-webmin-error.log
                TransferLog /var/log/apache2/apache-webmin-access.log
                CustomLog /var/log/apache2/apache-webmin-request.log combined
        </VirtualHost>

Webmin

Code: Alles auswählen

root@dsme01:~# nano /etc/webmin/miniserv.conf 
port=10000
addtype_cgi=internal/cgi
realm=Webmin Server
logfile=/var/webmin/miniserv.log
errorlog=/var/webmin/miniserv.error
pidfile=/var/webmin/miniserv.pid
logtime=168
ppath=
## ssl=0
ssl=1
no_ssl2=1
no_ssl3=1
env_WEBMIN_CONFIG=/etc/webmin
env_WEBMIN_VAR=/var/webmin
atboot=1
logout=/etc/webmin/logout-flag
bind=192.168.20.28
listen=10000
denyfile=\.pl$
log=1
blockhost_failures=5
blockhost_time=60
syslog=1
session=1
premodules=WebminCore
userfile=/etc/webmin/miniserv.users
certfile=/etc/ssl/certs/webmin.example.com.pem
keyfile=/etc/ssl/private/webmin.example.com.key
passwd_file=/etc/shadow
passwd_uindex=0
passwd_pindex=1
passwd_cindex=2
passwd_mindex=4
passwd_mode=0
preroot=gray-theme
passdelay=1
cipher_list_def=1
sudo=1
allow=192.168.20.28
ssl_redirect=0
no_sslcompression=
no_tls1_1=
extracas=
ssl_honorcipherorder=0
no_tls1_2=
no_tls1=
unixauth=@webminadmins=root
pamany=
root=/usr/share/webmin
mimetypes=/usr/share/webmin/mime.types
server=MiniServ/1.920

debianforum.de

[geloest] Webmin Website mit Fehlermeldung

[geloest] Webmin Website mit Fehlermeldung

Re: Webmin Website mit Fehlermeldung