httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Axel-Stephane SMORGRAV" <Axel-Stephane.SMORG...@europe.adp.com>
Subject RE: [users@httpd] Re: Re: Reverse Proxy to SSL web server: configuration example
Date Mon, 07 Jan 2008 14:53:33 GMT
You need SSLProxyEngine On ONLY if you intend to proxy to a SSL-enabled server as seems to
be your case. 

However if your reverse proxy takes care of SSL termination, encrypting the backend connection
may not be very useful. 


-ascs
 
-----Message d'origine-----
De : news [mailto:news@ger.gmane.org] De la part de Zvi Kave
Envoyé : lundi 7 janvier 2008 15:49
À : users@httpd.apache.org
Objet : [users@httpd] Re: Re: Reverse Proxy to SSL web server: configuration example

Axel,

To complete all the parameters, I saw that directive SSLProxyEngine On is needed as well.(It
was hiding there from previous test) So to make it clear, here are the successfull directives:
(The SSL key/crt files are copied from the web server)

<VirtualHost *:80>
    ServerAdmin admin@web.com
    ServerName proxy80.com
    ProxyPass / http://mywebserver.com/
    ProxyPassReverse / http://mywebserver.com/
    ErrorLog logs/error80.log
    TransferLog logs/access80.log
</VirtualHost>
# This creates a virtual host for SSL conections. They'll be proxy'ed w/o SSL.
<VirtualHost *:443>
    ServerAdmin admin@web.com
    ServerName proxy443.com
    SSLProxyEngine On
    ProxyPass / https://mywebserver.com/
    ProxyPassReverse / https://mywebserver.com/
    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/server.crt
    SSLCertificateKeyFile /etc/httpd/conf/server.key
    ErrorLog logs/ssl-error.log
    TransferLog logs/ssl-access.log
</VirtualHost>

Best regards,

Zvi

"Axel-Stephane SMORGRAV" <Axel-Stephane.SMORGRAV@europe.adp.com> wrote in message news:28D87C00C6E83540A814CFAE3FA63E3F5FEF66@EXCHSUR.gaia.fr...
Definitely yes.


-ascs

-----Message d'origine-----
De : news [mailto:news@ger.gmane.org] De la part de Zvi Kave
Envoyé : lundi 7 janvier 2008 15:02
À : users@httpd.apache.org
Objet : [users@httpd] Re: Reverse Proxy to SSL web server: configuration 
example

Do you mean, that I must copy the SSL crt/key files from the web  server to 
the proxy server ?

Zvi


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message