Re: Apache Reverse Proxy and HTTPS.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Jason

The reverse proxy entries should look something like

<VirtualHost *:80>
    ServerAdmin michael.wechner@xxxxxxxxx
    ServerName www.wechner.ch
    ServerAlias wechner.ch
    ErrorLog ${APACHE_LOG_DIR}/wechner.ch-error_log
    CustomLog ${APACHE_LOG_DIR}/wechner.ch-access_log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =wechner.ch [OR]
RewriteCond %{SERVER_NAME} =www.wechner.ch
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

which means when you enter http://wechner.ch you will get redirected to https://wechner.ch


<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin michael.wechner@xxxxxxxxx
    ServerName www.wechner.ch
    ServerAlias wechner.ch
    ErrorLog ${APACHE_LOG_DIR}/wechner.ch-error_log
    CustomLog ${APACHE_LOG_DIR}/wechner.ch-access_log combined

    ProxyPassReverseCookiePath /yanel /

    ProxyPass           /  http://127.0.0.1:7070/yanel/wechner/
    ProxyPassReverse    /  http://127.0.0.1:7070/yanel/wechner/

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/katerinaoliveros.com-0001/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/katerinaoliveros.com-0001/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/katerinaoliveros.com-0001/chain.pem
</VirtualHost>

and the virtual host config  for 443 should contain the ProxyPass entries.

Actually certbot should do all of this for you automatically. Maybe you can try the following

- Delete the virtual host config for 443/HTTPS
- Make sure the virtual host config for 80/HTTP without SSL works
- Run certbot
- When certbot asks you whether you want to redirct from HTTP to HTTPS, then select yes

HTH

Michael



Am 19.04.21 um 14:26 schrieb Jason Long:
I created a Self-Signed SSL Certificate for Apache and changed my Apache configuration file on Apache Reverse Proxy Server as below:

<VirtualHost *:80>
         ServerName 192.168.56.9
         ProxyPreserveHost On
         ProxyPass / http://192.168.56.9/
         ProxyPassReverse / http://192.168.56.9/
         Redirect / https://192.168.56.9/
</VirtualHost>
<VirtualHost *:443>
     SSLEngine on
     SSLCertificateFile /etc/pki/tls/certs/selfsigned.crt
     SSLCertificateKeyFile /etc/pki/tls/private/selfsigned.key
</VirtualHost>

But when I browse my Reverse Proxy Server IP, then it is HTTP and not HTTPS. why?
It doesn't show "https://www.tecmint.com/wp-content/uploads/2020/05/SSL-Certificate-Warning.png"; error too.




On Monday, April 19, 2021, 03:18:25 PM GMT+4:30, Nick Folino <nick@xxxxxxxxx> wrote:





http://httpd.apache.org/docs/2.4/ssl/

Nick

On Mon, Apr 19, 2021 at 6:37 AM Jason Long <hack3rcon@xxxxxxxxx.invalid> wrote:
Thank you.
On my Apache Reverse Proxy, I have a .conf as below:

# cat /etc/httpd/conf.d/reverse_proxy.conf
<VirtualHost *:80>
         ProxyPreserveHost On
         ProxyPass / http://192.168.56.9/
         ProxyPassReverse / http://192.168.56.9/
</VirtualHost>


And my website configuration file is on "192.168.56.9" server. Thus, if I setup Let's Encrypt on my Apache Reverse Proxy Server, then I just need below lines in a separate .conf file?

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin root@localhost
ServerName Example.example
ServerAlias www.Example.example
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log common
SSLEngine On
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/Example.example/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/Example.example/privkey.pem
</VirtualHost>
</IfModule>


About about self-signed certificate, could above file contain two separate certification?




On Monday, April 19, 2021, 02:48:24 PM GMT+4:30, Michael Wechner <michael.wechner@xxxxxxxxx> wrote:





Hi Jason

Definitely "Apache Reverse Proxy (Public IP)", whereas you could use for
example

https://letsencrypt.org/
https://certbot.eff.org/

Depending on how your connection between "Apache Reverse Proxy (Public
IP) ---> Web Site (Internal IP)" is protected, you might also want to
consider a self-signed certificate for "Web Site (Internal IP)"

HTH

Michael

Am 19.04.21 um 12:07 schrieb Jason Long:
Hello,
In below diagram, which server must use HTTPS certification?

The Internet ---> Apache Reverse Proxy (Public IP) ---> Web Site (Internal IP)


Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux