httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jignesh Badani <jbad...@mmsa.com>
Subject RE: [users@httpd] Questions about reverse proxy with https
Date Thu, 23 Jun 2005 23:42:53 GMT
Yes, "SSLProxyEngine On" will do the trick. But Carlo, you want to keep in 
mind that for internal server(s), you will/should probably use a 
self-signed certificate and for Apache (mod_proxy) to like the self-signed 
cert from a no-name CA, you will need to add the following 2 directives to 
your virtual in addition to the one above:

SSLProxyVerify optional_no_ca
SSLProxyVerifyDepth 1

The above tells mod_proxy that the backend may or may not present a valid 
cert from a trusted CA !

Thanks
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
- - 
- Jignesh Badani
Intranet/Extranet Technical Services
Mitsubishi Motors North America
Cypress, CA, 90630
(W) - 714-934-3563 




Axel-St├ęphane  SMORGRAV <Axel-Stephane.SMORGRAV@europe.adp.com> 
06/22/2005 11:53 AM
Please respond to
users@httpd.apache.org


To
<users@httpd.apache.org>
cc

Subject
RE: [users@httpd] Questions about reverse proxy with https






Yes this is possible. From memory the only thing you need is to set 
"SSLProxyEngine On". Take a look at the mod_ssl documentation at 
httpd.apache.org.

-ascs

-----Original Message-----
From: Carlo Montanari [mailto:carlo.montanari@t-systems.it] 
Sent: Wednesday, June 22, 2005 12:43 PM
To: users@httpd.apache.org
Subject: [users@httpd] Questions about reverse proxy with https

Hi list.
I'm in the process of building a reverse proxy architecture based on 
Apache with mod_proxy, in order to publish on the Internet an internal 
website now residing only on our Intranet.
The site is quite critical, so it's required that it must be available 
externally only in https. So far so good.
Now some people in our management are requiring that also the 
communication between the reverse proxy and the internal site must be 
encrypted, and this is raising some doubts to me as I have never worked 
with such a configuration.
Please anybody can help me with any hint?
First of all, is it possible at all to implement this with mod_proxy?
If so, is there any documentation about it?
Any thoughts about the matter?

Thanks, Carlo

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message