Hi Jason
The reverse proxy entries should look something like
<VirtualHost *:80>
ServerAdmin michael.wechner@xxxxxxxxx
ServerName www.wechner.ch
ServerAlias wechner.ch
ErrorLog ${APACHE_LOG_DIR}/wechner.ch-error_log
CustomLog ${APACHE_LOG_DIR}/wechner.ch-access_log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =wechner.ch [OR]
RewriteCond %{SERVER_NAME} =www.wechner.ch
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
which means when you enter http://wechner.ch you will get redirected to
https://wechner.ch
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin michael.wechner@xxxxxxxxx
ServerName www.wechner.ch
ServerAlias wechner.ch
ErrorLog ${APACHE_LOG_DIR}/wechner.ch-error_log
CustomLog ${APACHE_LOG_DIR}/wechner.ch-access_log combined
ProxyPassReverseCookiePath /yanel /
ProxyPass / http://127.0.0.1:7070/yanel/wechner/
ProxyPassReverse / http://127.0.0.1:7070/yanel/wechner/
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/katerinaoliveros.com-0001/cert.pem
SSLCertificateKeyFile
/etc/letsencrypt/live/katerinaoliveros.com-0001/privkey.pem
SSLCertificateChainFile
/etc/letsencrypt/live/katerinaoliveros.com-0001/chain.pem
</VirtualHost> and the virtual host config for 443 should contain the ProxyPass entries.Actually certbot should do all of this for you automatically. Maybe you can try the following
- Delete the virtual host config for 443/HTTPS - Make sure the virtual host config for 80/HTTP without SSL works - Run certbot- When certbot asks you whether you want to redirct from HTTP to HTTPS, then select yes
HTH Michael Am 19.04.21 um 14:26 schrieb Jason Long:
I created a Self-Signed SSL Certificate for Apache and changed my Apache configuration file on Apache Reverse Proxy Server as below: <VirtualHost *:80> ServerName 192.168.56.9 ProxyPreserveHost On ProxyPass / http://192.168.56.9/ ProxyPassReverse / http://192.168.56.9/ Redirect / https://192.168.56.9/ </VirtualHost> <VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/selfsigned.crt SSLCertificateKeyFile /etc/pki/tls/private/selfsigned.key </VirtualHost> But when I browse my Reverse Proxy Server IP, then it is HTTP and not HTTPS. why? It doesn't show "https://www.tecmint.com/wp-content/uploads/2020/05/SSL-Certificate-Warning.png"; error too. On Monday, April 19, 2021, 03:18:25 PM GMT+4:30, Nick Folino <nick@xxxxxxxxx> wrote: http://httpd.apache.org/docs/2.4/ssl/ Nick On Mon, Apr 19, 2021 at 6:37 AM Jason Long <hack3rcon@xxxxxxxxx.invalid> wrote:Thank you. On my Apache Reverse Proxy, I have a .conf as below: # cat /etc/httpd/conf.d/reverse_proxy.conf <VirtualHost *:80> ProxyPreserveHost On ProxyPass / http://192.168.56.9/ ProxyPassReverse / http://192.168.56.9/ </VirtualHost> And my website configuration file is on "192.168.56.9" server. Thus, if I setup Let's Encrypt on my Apache Reverse Proxy Server, then I just need below lines in a separate .conf file? <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin root@localhost ServerName Example.example ServerAlias www.Example.example ErrorLog /var/log/httpd/error.log CustomLog /var/log/httpd/access.log common SSLEngine On Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/Example.example/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/Example.example/privkey.pem </VirtualHost> </IfModule> About about self-signed certificate, could above file contain two separate certification? On Monday, April 19, 2021, 02:48:24 PM GMT+4:30, Michael Wechner <michael.wechner@xxxxxxxxx> wrote: Hi Jason Definitely "Apache Reverse Proxy (Public IP)", whereas you could use for example https://letsencrypt.org/ https://certbot.eff.org/ Depending on how your connection between "Apache Reverse Proxy (Public IP) ---> Web Site (Internal IP)" is protected, you might also want to consider a self-signed certificate for "Web Site (Internal IP)" HTH Michael Am 19.04.21 um 12:07 schrieb Jason Long:Hello, In below diagram, which server must use HTTPS certification? The Internet ---> Apache Reverse Proxy (Public IP) ---> Web Site (Internal IP) Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|