httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <tevans...@googlemail.com>
Subject Re: [users@httpd] single SSL proxy to multiple non-SSL name-based hosts
Date Fri, 18 Mar 2011 14:51:11 GMT
On Fri, Mar 18, 2011 at 2:40 PM, Alex Duckers <alex.duckers@gmail.com> wrote:
> Hi All - I imagine this is fairly common, but I've had trouble making it work.
> I'm on RHEL 5.4, with Apache/2.2.3.
>
> I've got two sites to deal with, sitea.company.com and siteb.company.com.
> I've set up DNS for each of these to resolve the same ip address.
> I have an Apache server listening on that IP address.
>
> I'd like that apache server to do the following:
>        * take requests for HTTPS://sitea.company.com, terminate SSL, and proxy the
HTTP to an internal server called sitea.internal.net.
>        * take requests for HTTPS://siteb.company.com, terminate SSL, and proxy the
HTTP to an internal server called siteb.internal.net.
>
> Both names can use the same SSL certificate; I'll probably get a wildcard cert for this.
>
> I was able to make it work for a single site with a very basic config, adding ProxyPass
and ProxyPass reverse to the httpd.conf file.  But this sends everything to that single host.
 When I try to break it out with virtualhosts, it either isn't terminating SSL properly,
or doesn't PROXY properly.
>
> I'm sure I'm missing something pretty simple.  Anyone have a recipe for this?
>
> Thanks
>
>

NameVirtualHost *:443
<VirtualHost *:443>
  ServerName a.company.com
  SSLEngine On
  SSLCertificateFile /path/to/star.company.com/apache.crt
  SSLCertificateKeyFile /path/to/star.company.com/apache.key
  SSLCACertificateFile /path/to/star.company.com/ca.crt
  ProxyPass / http://a.company.com/
  ProxyPassReverse / http://a.company.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName b.company.com
  SSLEngine On
  SSLCertificateFile /path/to/star.company.com/apache.crt
  SSLCertificateKeyFile /path/to/star.company.com/apache.key
  SSLCACertificateFile /path/to/star.company.com/ca.crt
  ProxyPass / http://b.company.com/
  ProxyPassReverse / http://b.company.com/
</VirtualHost>

Cheers

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message