Archive for July, 2012

Enabling mod_status in an Apache Virtual Host that is using mod_proxy

Tuesday, July 31st, 2012

I recently ran into an issue where I needed to monitor a reverse proxy which proxied requests to several internal servers (aka load balancer).

The issue was that all requests going to this specific virtual host were proxied to the balancer members configured within the virtual host, including requests to /server-status.

The fix is to add the following line above the ProxyPass directive:

       ProxyPass /server-status !

This directive tells mod_proxy to not proxy requests with a path of /server-status and results in a correct response from mod_status.

TLS Issue with Amazon OpenLDAP 2.4.23-15

Monday, July 9th, 2012

Today I had an issue getting a good TLS connection from an OpenLDAP client to an OpenLDAP server on an EC2 instance using the packages supplied by Amazon.

The problem packages were:

openldap-2.4.23-15.13.amzn1.x86_64
openldap-clients-2.4.23-15.13.amzn1.x86_64

The problem was resolved through updating to version 2.4.23-20 via:

yum -y update openldap-clients

The problem was produced via the following ldapsearch command:

# ldapsearch -xZZ -d 4
TLS: did not find any valid CA certificates in /etc/openldap/cacerts
TLS: could perform TLS system initialization.
TLS: error: could not initialize moznss security context - error -5939:No more entries in the directory
TLS: can't create ssl handle.
ldap_start_tls: Connect error (-11)