httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From A M <amm.pr...@gmail.com>
Subject [users@httpd] Example Apache reverse proxy configuration for HTTPS frontend and several HTTP backends
Date Sat, 07 Mar 2015 22:59:31 GMT
Hello experts,

I am trying to set up a classical frontend HTTPS Apache Reverse Proxy
for a couple of plain backend HTTP servers sitting on a backend private
network. The plaform is Centos 6, the Apache rpm is
httpd-2.2.15-39.el6.centos.

I first created three DNS entries, all pointing to the same public IP:

         apachefrontend.example.com
         appserver1.example.com
         appserver2.example.com

I then generated the SSL cert and key for the frontend host and verified
that
SSL config was correct (all settings and key/cert were defined inside the
file
/etc/httpd/conf.d/ssl.conf). The URL "https://apachefrontend.example.com"
replied OK.

I have then set up a forced redirection to port 443 on the mother
server and defined two virtual hosts, in this manner:

..
NameVirtualHost *:80

<VirtualHost *:80>
     ServerName apachefrontend.example.com
     RedirectMatch ^/(.*)    https://apachefrontend.example.com/$1
</VirtualHost>

<VirtualHost *:80>
     ServerName appserver1.example.com
     ProxyRequests Off
     ProxyPass / http://appserver1.backend/
     ProxyPassReverse / http://appserver1.backend/
</VirtualHost>

<VirtualHost *:80>
     ServerName appserver2.example.com
     ProxyRequests Off
     ProxyPass / http://appserver2.backend/
     ProxyPassReverse / http://appserver2.backend/
</VirtualHost>
..

Now,

- If I go to "http://apachefrontend.example.com", I am
correctly ending up at "https://apachefrontend.example.com";

- If I go to "http://appserver1[2].example.com", I arrive to
the backend servers allright, but only via the port 80.

This behaviour is apparently correct, but so far I have not found
the right configuration options needed  to enforce the secure
connection to the backend servers via the reverse proxy (I may
not enable SSL on the backend servers as they are running some
privately managed applications and cannot be tweaked).

Could someone kindly post an example of working configuration
of the same type?

Thanks ahead for any advice!

Andy.

Mime
View raw message