We Keep Coding

TYPO3 Backend with reverseProxyIP and ssl

My server configuration is a TYPO3 installation Vs. 6.2.31 combined with a reverse proxy. The system is running fine with http.
When we try to switch to https we geht this Error Message in the backend:
"Connection Problem
Sorry, but an error occurred while connecting to the server. Please check your network connection."
And the page tree is not loading.
When switching back to http all is working one again.
Our settings:
[SYS][reverseProxyIP] = (IP of our reverse Proxy)
[SYS][reverseProxyHeaderMultiValue] = last
[SYS][reverseProxySSL] = *
What i tried:
deactivate all extensions apart from the system extensions
no entry in syslog (error reporting is on development)
no entries in the server logs
lockSSL in install tool 3 results in never ending 302 redirects
lockSSL with option 2 results in this error message:
Fatal error: Uncaught exception 'RuntimeException' with message 'TYPO3 Backend not accessed via SSL: TYPO3 Backend is configured to only be accessible through SSL. Change the URL in your browser and try again.' in /srv/httpd/sites/fland_ww1/typo3_src-6.2.31/typo3/sysext/core/Classes/Core/Bootstrap.php:897 Stack trace: #0 /srv/httpd/sites/fland_ww1/typo3_src-6.2.31/typo3/init.php(54): TYPO3\CMS\Core\Core\Bootstrap->checkSslBackendAndRedirectIfNeeded() #1 /srv/httpd/sites/fland_ww1/typo3_src-6.2.31/typo3/index.php(21): require('/srv/httpd/site...') #2 {main} thrown in /srv/httpd/sites/fland_ww1/typo3_src-6.2.31/typo3/sysext/core/Classes/Core/Bootstrap.php on line 897
It seems that some requests e.g. for the page tree are made without ssl - ajax calls i presume - but i dont have a clue how to debug it.
Andy ideas?
Thanks!

I have the same version at a customer and with a load balancer / proxy.
The only difference is [SYS][reverseProxyHeaderMultiValue] = first.
Also, [BE][lockSSL] = 1 is set.
Maybe it helps?

This thread is quite old, but because many people do read until now i will try an answer. We could solve the problem (and once again in a different installation) with the following settings:
[SYS][reverseProxyIP] = (IP of our reverse Proxy)
[SYS][reverseProxyHeaderMultiValue] = firt
[SYS][reverseProxySSL] = *
AND - that is important - changes in the server config too:
RequestHeader set X-Forwarded-Proto "https"
SetEnv proxy-nokeepalive 1
SetEnv proxy-initial-not-pooled 1
I assume it was the first:
RequestHeader set X-Forwarded-Proto "https"
So in the end the problem was in the server config.

OpenAM error 500 "Unable to do Single Sign On or Federation" when browser loads successURL

I just installed OpenAM 13.0.0, created an hosted IDP, and registered a remote SP.
Within the remote SP (a product called Questetra), I configured the entityID, login URL, logout URL, and certificate using values found in the XML at http://idp:8080/openam/saml2/jsp/exportmetadata.jsp?entityid=http://idp:8080/openam&realm=/
Problem: OpenAM says 500 Internal Server Error at the step where the browser loads the successURL.
Any idea what is happening?
Any tips on how to debug? There is nothing special in the Tomcat and OpenAM logs.
Shortened Wireshark trace
HTTP/1.1 200 OK
[...]
{"successURL":"/SSORedirect/metaAlias/idp?ReqID=a41de50e29c99ff3422f82b7g660ch6&index=null&acsURL=http%3A%2F%2Fthesp%3A8080%2Fuserweb%2Fsaml%2FSSO%2Falias%2Fbpm&spEntityID=http%3A%2F%2Fthesp%3A8080%2Fuserweb%2F&binding=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Abindings%3AHTTP-POST"}
GET /openam/SSORedirect/metaAlias/idp?ReqID=a41de50e29c99ff3422f82b7g660ch6&index=null&acsURL=http%3A%2F%2Fthesp%3A8080%2Fuserweb%2Fsaml%2FSSO%2Falias%2Fbpm&spEntityID=http%3A%2F%2Fthesp%3A8080%2Fuserweb%2F&binding=urn%3Aoasis%3Anames%3Atc%3ASAML%3A2.0%3Abindings%3AHTTP-POST HTTP/1.1
[...]
HTTP/1.1 500 Internal Server Error
[...]
<html>[...]HTTP Status 500 - Unable to do Single Sign On or Federation[...]</html>
Full trace at https://gist.github.com/nicolas-raoul/5ff26f37a95bc8088c6af7fe6ea5e468
Tomcat 7.0.72, Ubuntu 2016.04.1 LTS, Firefox 50.1.0

I solved this same error by taking the Certificate value directly from the metadata file exported from OpenAM and entering that directly again, to ensure that it was the exact same.

Indy10 HTTPS - socket error 10060 - connection timeout

I'm getting "Socket Error #10060, Connection timed out" when trying to access a https link.
Here is how you can reproduce it with INDY 10.6.2.0 and OpenSSL 1.0.2d DLLs (also happens with older Indy 10 version and dlls):
create a project and add a TButton, TIdHTTP and TMemo objects to the form
add to button onclick this code:
IdHTTP1.Request.UserAgent:='Indy';
IdHTTP1.HandleRedirects:=true;
Memo1.text:=IdHTTP1.Get('https://www.itv.com');`
now compile and run it, it will download correctly the file.
BUT if you are using a service like www.smartydns.com which redirects DNS request to their server, INDY sample above will not work and fail with "Socket Error #10060, Connection timed out" message.
Have tried it with WGET too (https://eternallybored.org/misc/wget/) and in version 1.13 its initializing the SSL handshake and freezes, but works without problems with version 1.15.
So the question is, what IdHTTP settings do I have to use to make it work, or is it a bug in Indy10 ?

Server returned HTTP response code: 400 for URL in Tomee

I am trying to run my JSF project using Apache tomee-1.7.1-plume, JSF 2.1 in netbeans 8.0.2 but its not running with the following error. I don't know what is the problem> thanks in advance for help.
Server returned HTTP response code: 400 for URL: http://localhost:8080/manager/text/deploy?config=file%3A%2FC%3A%2FUsers%2FWindows%2FAppData%2FLocal%2FTemp%2Fcontext7091578542594637291.xml&path=/test
C:\Users\Windows\Documents\NetBeansProjects\test\nbproject\build-impl.xml:1050: The module has not been deployed.
See the server log for details.
BUILD FAILED (total time: 42 seconds)

javax.xml.ws.soap.SOAPFaultException: Could not send Message - at JaxWsClientProxy.invoke - caused by HTTP response code: 401 for URL

I moved a working code from dev to test and encountered the following error(s) in test:
javax.xml.ws.soap.SOAPFaultException: Could not send Message.
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:143)
......
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:64)
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:236)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:472)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:302)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:254)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:123)
at $Proxy739.copyIntoItems(Unknown Source)
Caused by: java.io.IOException: Server returned HTTP response code: 401 for URL: http://<sharepointportal>/_vti_bin/Copy.asmx
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1436)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:379)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2046)
Environment specs:
Java 1.6
Tomcat 6
Eclipse Helios
Maven2
CXF 2.2.3
As a background work, tried to explore about the error in similar category
bad URL (ruled out as i am using same URL in dev and test. and the url, userid, password are all accessible from both the machines),
connection timeout( error is not 404 or it doesnt specify connection timed out... it says 401 response code for url)
Checked if all the jars and same versions are included in the test environment.
Can someone shed some light to understand and resolve the error?
please let me know if any more details are to be included.

401 is an authentication error.
Authentication fails either at the destination URL http:///_vti_bin/Copy.asmx (3 slashes ?) or on a forward proxy on the way.
Are you connecting to _vti_bin via a proxy in test ?