httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nelson, Robert D." <RDNel...@Mail.Donaldson.com>
Subject RE: [users@httpd] Apache proxy and SSL
Date Fri, 10 Jan 2003 20:19:27 GMT
Ken:

> Where people on the outside would enter https://www.acme.com 
> and the proxy
> would forward it to http://www.acme.com. We want to build a 
> secure extranet
> box and we need SSL for privacy. We plan to put an SSL 
> accelerator card in
> this box. We don't want to put SSL accelerators on the other 
> web application
> servers.
> 
> Someone told me there's a "proxy pass" configuration that 
> would allow me to
> proxy a URL and make the required scheme change.

What is commonly done is to set up your exterior box with mod_proxy and SSL
enabled.  Then, in the VirtualHost for the domain, proxy it back to the
interior server via HTTP.  For example:

 end user <--HTTPS--> External Server <--HTTP--> Internal Server

This way the traffic is SSL'd from the end user to your proxy web server.
Take a look at the docs for how to do this...

 http://httpd.apache.org/docs-2.0/mod/mod_proxy.html

...and...

 http://httpd.apache.org/docs-2.0/mod/mod_ssl.html

I've heard that getting the connection from the external server to the
internal server to run via SSL is more difficult.  Someone should be able to
comment on that.

 ~ Robert


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message