httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "J. Greenlees" <ja...@shaw.ca>
Subject Re: [users@httpd] SSL and two apache servers -- making ssl relay work.
Date Wed, 13 Nov 2002 00:58:07 GMT
you would have to have a separate ssl connection between the two 
servers, rather than the same one. it may only work if all traffic 
between the two is on same certificate, then the proxy server sends to 
client on the site's certificate.

haven't tried squid myself so I don't know if it would work for this.

PeterKorman wrote:
> On Tue, Nov 12, 2002 at 12:48:35PM -0800, rdkurth@starband.net wrote:
> 
>>My questions are probably stupid but I am not sure what to even ask to
>>get the answers I need so here goes.
>>I have two Apache server installed on Linux.
>>The first server handles all the virtual sites the second handles a
>>control panel for managing the server. That is all it does it is not
>>used for anything else.
> 
> 
> If I understand your post correctly, I asked a general question like
> this a while back. Never got an answer. I'd be happy with a text that
> discusses the possibilities.  I wanna run a webmail server where you
> run your control panel. Servers are on 2 different physical machines.  I
> I can proxypass and proxypassreverse back and forth through to the second
> machine until I want to use SSL. SSL breaks the path.
> 
> What I could find suggests that the SSL stuff must only be between the
> client browser and the relay server (your virtual site server).  The
> relay server must then exchange cleartext with the control panel. This
> is (allegedly) because an SSL Server-End connection wont let a relay
> machine know enough about the packets for the relay server to do its
> job. Client to server relay works without a hitch through an SSL
> pipe. But Server-to-Server-to-client is a different matter.
> 
> I don't have knowledge at the ladder diagram level for SSL.  I'd guess I
> could give a more precise a (and more confusing) explanation if I did.
> 
> I'm not sure apache can do whats required, but I'd be delighted if it
> could. I'm almost sure its a black art.  It's possible that you can do
> all relays through squid. Squid advertises SSL proxy capability, but
> back when I tried it, squid SSL proxy capability was still pretty new. I
> ran too high on frustration and too low on energy before the solution
> emerged.
> 
> Sorry I can't be more help.
> 
> Cheers,
> 
> JPK



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message