httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 53201] New: [PATCH] Improve docs describing a forward proxy config to enable proxying SSL requests
Date Mon, 07 May 2012 16:42:16 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=53201

          Priority: P2
            Bug ID: 53201
          Assignee: docs@httpd.apache.org
           Summary: [PATCH] Improve docs describing a forward proxy config
                    to enable proxying SSL requests
          Severity: normal
    Classification: Unclassified
                OS: All
          Reporter: wgoulet@gmail.com
          Hardware: All
            Status: NEW
           Version: 2.4-HEAD
         Component: Documentation
           Product: Apache httpd-2

Hi,

While setting up a forward proxy server in httpd-2.2.16, it wasn't
immediately obvious to me from reading docs that I needed to enable
mod_proxy_connect to enable the forward proxy to handle CONNECT
requests for proxying SSL traffic. Plus, the mod_ssl SSLProxyEngine
directive could easily be confused as a required component to enable a
forward proxy to properly proxy SSL requests.

Here are patches I've prepared for mod_ssl.xml and mod_proxy.xml to
add additional descriptive text to the <ProxyRequest> directive in
mod_proxy.xml and <SSLProxyEngine> directive in mod_ssl.xml. They are
applied to the latest versions of the docs in trunk.

Thanks,
Walter

wgoulet@ubuntu:~/apachepatch$ cat mod_ssl.xml.patch
--- mod_ssl.xml.trunk    2012-05-01 20:39:23.704643002 -0700
+++ mod_ssl.xml    2012-05-01 20:39:01.632624877 -0700
@@ -1736,7 +1736,7 @@
 is usually used inside a <directive module="core"
 type="section">VirtualHost</directive> section to enable SSL/TLS for proxy
 usage in a particular virtual host. By default the SSL/TLS Protocol Engine is
-disabled for proxy image both for the main server and all configured
virtual hosts.</p>
+disabled for proxy image both for the main server and all configured
virtual hosts. Note that the SSLProxyEngine directive should not, in
general, be included in a virtual host that will be acting as a
forward proxy (using <Proxy> or <ProxyRequest> directives.
SSLProxyEngine is not required to enable a forward proxy server to
proxy SSL/TLS requests.</p>
 <example><title>Example</title>
 <highlight language="config">
 &lt;VirtualHost _default_:443&gt;

wgoulet@ubuntu:~/apachepatch$ cat mod_proxy.xml.patch
--- mod_proxy.xml.trunk    2012-05-01 20:38:38.448808512 -0700
+++ mod_proxy.xml    2012-05-01 20:42:01.296343935 -0700
@@ -562,6 +562,9 @@
     need also <module>mod_proxy_http</module> or
<module>mod_proxy_ftp</module>
     (or both) present in the server.</p>

+    <p>In order to get the functionality of proxying HTTPS sites, you
+    need <module>mod_proxy_connect</module> enabled in the server.</p>
+
     <note type="warning"><title>Warning</title>
       <p>Do not enable proxying with <directive
       module="mod_proxy">ProxyRequests</directive> until you have <a
wgoulet@ubuntu:~/apachepatch$

-- 
You are receiving this mail because:
You are the assignee for the bug.

Mime
View raw message