I created a Self-Signed SSL Certificate for Apache and changed my Apache configuration file on Apache Reverse Proxy Server as below: <VirtualHost *:80> ServerName 192.168.56.9 ProxyPreserveHost On ProxyPass / http://192.168.56.9/ ProxyPassReverse / http://192.168.56.9/ Redirect / https://192.168.56.9/ </VirtualHost> <VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/selfsigned.crt SSLCertificateKeyFile /etc/pki/tls/private/selfsigned.key </VirtualHost> But when I browse my Reverse Proxy Server IP, then it is HTTP and not HTTPS. why? It doesn't show "https://www.tecmint.com/wp-content/uploads/2020/05/SSL-Certificate-Warning.png"; error too. On Monday, April 19, 2021, 03:18:25 PM GMT+4:30, Nick Folino <nick@xxxxxxxxx> wrote: http://httpd.apache.org/docs/2.4/ssl/ Nick On Mon, Apr 19, 2021 at 6:37 AM Jason Long <hack3rcon@xxxxxxxxx.invalid> wrote: > Thank you. > On my Apache Reverse Proxy, I have a .conf as below: > > # cat /etc/httpd/conf.d/reverse_proxy.conf > <VirtualHost *:80> > ProxyPreserveHost On > ProxyPass / http://192.168.56.9/ > ProxyPassReverse / http://192.168.56.9/ > </VirtualHost> > > > And my website configuration file is on "192.168.56.9" server. Thus, if I setup Let's Encrypt on my Apache Reverse Proxy Server, then I just need below lines in a separate .conf file? > > <IfModule mod_ssl.c> > <VirtualHost *:443> > ServerAdmin root@localhost > ServerName Example.example > ServerAlias www.Example.example > ErrorLog /var/log/httpd/error.log > CustomLog /var/log/httpd/access.log common > SSLEngine On > Include /etc/letsencrypt/options-ssl-apache.conf > SSLCertificateFile /etc/letsencrypt/live/Example.example/fullchain.pem > SSLCertificateKeyFile /etc/letsencrypt/live/Example.example/privkey.pem > </VirtualHost> > </IfModule> > > > About about self-signed certificate, could above file contain two separate certification? > > > > > On Monday, April 19, 2021, 02:48:24 PM GMT+4:30, Michael Wechner <michael.wechner@xxxxxxxxx> wrote: > > > > > > Hi Jason > > Definitely "Apache Reverse Proxy (Public IP)", whereas you could use for > example > > https://letsencrypt.org/ > https://certbot.eff.org/ > > Depending on how your connection between "Apache Reverse Proxy (Public > IP) ---> Web Site (Internal IP)" is protected, you might also want to > consider a self-signed certificate for "Web Site (Internal IP)" > > HTH > > Michael > > Am 19.04.21 um 12:07 schrieb Jason Long: >> Hello, >> In below diagram, which server must use HTTPS certification? >> >> The Internet ---> Apache Reverse Proxy (Public IP) ---> Web Site (Internal IP) >> >> >> Thank you. > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|