httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From PeterKorman <calvin-apache...@eigenvision.com>
Subject Re: [users@httpd] SSL and two apache servers -- making ssl relay work.
Date Wed, 13 Nov 2002 14:48:22 GMT
On Tue, Nov 12, 2002 at 04:58:07PM -0800, J. Greenlees wrote:
> PeterKorman wrote:
> >On Tue, Nov 12, 2002 at 12:48:35PM -0800, rdkurth@starband.net wrote:
> >
> >>My questions are probably stupid but I am not sure what to even ask to
> >>get the answers I need so here goes.
> >>I have two Apache server installed on Linux.
> >>The first server handles all the virtual sites the second handles a
> >>control panel for managing the server. That is all it does it is not
> >>used for anything else.
> >
> >
> >If I understand your post correctly, I asked a general question like
> >this a while back. Never got an answer. I'd be happy with a text that
> >discusses the possibilities.  I wanna run a webmail server where you
> >run your control panel. Servers are on 2 different physical machines.  I
> >I can proxypass and proxypassreverse back and forth through to the second
> >machine until I want to use SSL. SSL breaks the path.
> >
> >What I could find suggests that the SSL stuff must only be between the
> >client browser and the relay server (your virtual site server).  The
> >relay server must then exchange cleartext with the control panel. This
> >is (allegedly) because an SSL Server-End connection wont let a relay
> >machine know enough about the packets for the relay server to do its
> >job. Client to server relay works without a hitch through an SSL
> >pipe. But Server-to-Server-to-client is a different matter.
> >
> >I don't have knowledge at the ladder diagram level for SSL.  I'd guess I
> >could give a more precise a (and more confusing) explanation if I did.
> >
> >I'm not sure apache can do whats required, but I'd be delighted if it
> >could. I'm almost sure its a black art.  It's possible that you can do
> >all relays through squid. Squid advertises SSL proxy capability, but
> >back when I tried it, squid SSL proxy capability was still pretty new. I
> >ran too high on frustration and too low on energy before the solution
> >emerged.
> >
> >Sorry I can't be more help.
>
> you would have to have a separate ssl connection between the two 
> servers, rather than the same one. it may only work if all traffic 
> between the two is on same certificate, then the proxy server sends to 
> client on the site's certificate.
> 
> haven't tried squid myself so I don't know if it would work for this.

Server to Server SSL? Can you suggest a document that discusses 
the particulars?

I guess internal servers could just keep a persistant SSL connection.
But I don't know how I would initiate that connection.

JPK

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message