Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
Received-SPF: pass (asf.osuosl.org: local policy)
In-Reply-To: <8C29B2F93BAE9047A906EF6D6F9C5D4330794B@exchange2k301.gaia.fr>
To: users@httpd.apache.org
MIME-Version: 1.0
Message-ID: 
 <OFDA0F3FBF.E27F6B54-ON88257029.0081B55D-88257029.008267C8@mmsa.com>
From: Jignesh Badani <jbadani@mmsa.com>
Date: Thu, 23 Jun 2005 16:42:53 -0700
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [users@httpd] Questions about reverse proxy with https

Yes, "SSLProxyEngine On" will do the trick. But Carlo, you want to keep in =

mind that for internal server(s), you will/should probably use a=20
self-signed certificate and for Apache (mod=5Fproxy) to like the self-signe=
d=20
cert from a no-name CA, you will need to add the following 2 directives to =

your virtual in addition to the one above:

SSLProxyVerify optional=5Fno=5Fca
SSLProxyVerifyDepth 1

The above tells mod=5Fproxy that the backend may or may not present a valid=
=20
cert from a trusted CA !

Thanks
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -=20
- -=20
- Jignesh Badani
Intranet/Extranet Technical Services
Mitsubishi Motors North America
Cypress, CA, 90630
(W) - 714-934-3563=20


Axel-St=E9phane  SMORGRAV <Axel-Stephane.SMORGRAV@europe.adp.com>=20
06/22/2005 11:53 AM
Please respond to
users@httpd.apache.org


To
<users@httpd.apache.org>
cc

Subject
RE: [users@httpd] Questions about reverse proxy with https


Yes this is possible. From memory the only thing you need is to set=20
"SSLProxyEngine On". Take a look at the mod=5Fssl documentation at=20
httpd.apache.org.

-ascs

-----Original Message-----
From: Carlo Montanari [mailto:carlo.montanari@t-systems.it]=20
Sent: Wednesday, June 22, 2005 12:43 PM
To: users@httpd.apache.org
Subject: [users@httpd] Questions about reverse proxy with https

Hi list.
I'm in the process of building a reverse proxy architecture based on=20
Apache with mod=5Fproxy, in order to publish on the Internet an internal=20
website now residing only on our Intranet.
The site is quite critical, so it's required that it must be available=20
externally only in https. So far so good.
Now some people in our management are requiring that also the=20
communication between the reverse proxy and the internal site must be=20
encrypted, and this is raising some doubts to me as I have never worked=20
with such a configuration.
Please anybody can help me with any hint?
First of all, is it possible at all to implement this with mod=5Fproxy?
If so, is there any documentation about it?
Any thoughts about the matter?

Thanks, Carlo

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org