httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Krist van Besien <krist.vanbes...@gmail.com>
Subject Re: [users@httpd] Reverse proxy from HTTP to HTTPS or HTTPS to HTTPS how?
Date Tue, 31 Mar 2009 11:16:42 GMT
On Tue, Mar 31, 2009 at 12:35 PM, anebi@iguanait.com <anebi@iguanait.com> wrote:

> I know how to create a reverse proxy for HTTP -> HTTP, but i don't know
> how to do it for HTTP to HTTPS. I know there is a SSLProxyengine that i
> should activate, but probably i need to do more than these to get
> working this.

You need to enable Apache as an SSL client. This is what I wrote about
on this list last year:

Apache can't proxy to https urls out of the box. You need to do some work.

you need to add the following to your config.

# turn on SSL proxying.
SSLProxyEngine On

# to tell Apache where to find CA certificates to check remote server
certificates with:
# (You can choose yourself where you put these certificates)
SSLProxyCACertificatePath /path/to/ca/certificates.

Then in this path you need to put the CA certificate(s) used to sign
the certificate(s) used by the server(s) you communicate with. If you
want to talk to a server that uses a "self signed" certificate you
will need to put it in this dir too.

Once you've done that you need to run c_rehash in that directory.
c_rehash is part of a standard openssl distribution. c_rehash creates
hashed aliases in this dir. Apache needs these.

In order to test if everything is there you can do the following:

openssl s_client -CApath /path/to/ca/certificates -connect remoteserver:8443

if the conenction succeeds just try to do a
GET /abc/

and see if you get something. If this test is succesfull apache should work too.

Krist

-- 
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message