httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] Problem using apache as a reverse proxy for https
Date Thu, 14 Dec 2006 15:39:12 GMT
On 12/14/06, frank rittinger <frank.rittinger@virtual-identity.com> wrote:
> Thanks for the answer,
>
> As far as I understand it, this would mean that the client talks to my proxy with one
certificate and then the proxy decrypts and encrypts the request and uses the original servers
certificate to communicate with the original server, i.e.
>
> Client ----- cert A ---> Proxy ----> cert B ----> Server
>
> What I would like is:
>
> Client ----- cert B ---> Proxy ----> cert B ----> Server
>
> Without the Proxy "reading" the request, simply passing it on.
>
> Is this possible at all?
>
> I have to put the proxy in the middle without changing certificates.

This goes a little beyond my level of expertise, but...

If you don't want the proxy decrypting the traffic, then you don't
want an HTTP proxy, you want a port-forwarder.  Just tell your OS or
firewall to forward port 443 on to the back-end server.  But remember
that a certificate is associated with a particular hostname, so you'll
need to be careful to get that right.

(In the case of a foward-proxy, there is actually a specific provision
for this in the form of the CONNECT method.  But that won't work in a
reverse-proxy situation.)

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message