httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Moseley <>
Subject [users@httpd] mod_proxy SSL forward proxy
Date Wed, 24 Aug 2011 09:16:45 GMT
Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8r
OS X 10.6.8

I need help with a forward proxy setup and SSL.

I have created a simple httpd.conf file with two virtual hosts, listening on
8080 and 8443 (accepting SSL connections).  I'm using a self-signed
certificate for testing.  WIth this config both of these requests work just

https://localhost:8443/foo.txt (issues a warning about the self-signed cert,
of course)

I enabled mod_proxy (and _http and _connect) and then I set up both Firefox
and Chrome to proxy http to localhost:8080 and https to localhost:8443.

The forward proxy works fine for non-SSL requests.  Any non-SSL site I go to
is passed through my local Apache proxy.  But, the SSL pages do not work,
and with LogLevel debug I see:

[Wed Aug 24 11:54:42 2011] [info] SSL Library Error: 336027803
error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request
speaking HTTP to HTTPS port!?

So, I assume I'm not understanding the configuration needed to proxy the SSL

Here's my httpd.config.  Again, this config will serve local files over http
or https fine.  And when a browser is set up to proxy via localhost:8080
normal http proxy works fine (and I can see all we pages I access logged as
they are proxied).

But, with the browser https proxy config set to localhost 8443 https
requests fails with the error above.

moseley@bair ~/Documents/apache $ cat httpd.conf

ServerRoot /Users/moseley/Documents/apache
Lockfile accept.lock

LoadModule ssl_module         /usr/libexec/apache2/

LoadModule proxy_module         /usr/libexec/apache2/
LoadModule proxy_http_module         /usr/libexec/apache2/
LoadModule proxy_connect_module

LoadModule log_config_module  /usr/libexec/apache2/

LogLevel Debug

CustomLog logs/access_log \
    "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Listen localhost:8080
Listen localhost:8443

DocumentRoot /Users/moseley/Documents/apache/htdocs


SSLSessionCache dbm:ssl.cache

<VirtualHost *:8080>
    ProxyRequests ON

<VirtualHost *:8443>
    ProxyRequests ON

    # This needed?
    AllowCONNECT 443 8443

    SSLEngine on

    SSLCertificateFile certs3/server.crt
    SSLCertificateKeyFile certs3/server.key


Bill Moseley

View raw message