Re: Is it possible to install/configure SSL certificates on a server behind a reverse proxy?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
From: Jim Albert <jim@xxxxxxxxxxxxx>
Date: Thu, 13 Jan 2022 14:57:58 -0500
In-reply-to: <kZQZ1MCkW_z2awKjqQd08E_0VkHNzyks5g_6XCvknnOgA65HKM-VM7XQgDfJhVRYRDyUkiqz9nd5QIbyFODGuLeN_CdVBzDZHa1Nafp0Zkk=@protonmail.com>
Organization: Netrition - The Internet's Premier Nutrition Superstore!
Reply-to: users@xxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.5.0

You absolutely want SSL certificates installed on your public facing proxy... signed by a well trusted CA if you want the rest of the world to trust your proxy.
If you want your proxy to communicate encrypted to your back end/private web server then you need an SSL certificate on the back end.
Only your proxy needs to trust your back end/private web server so the back end would be fine with either self signed or signed by your own CA and have the proxy trust either.

Depending on how your public SSL certificate is configured or if the proxy will ignore any warnings on a mismatched CN/Subject Alternate Names you could use it for both.

On 1/13/2022 6:58 AM, Jeroen Verhoeckx wrote:

Thanks, great to know that it is possible!

You write that you need to install the SSL certificates on both the reverse proxy and in the virtual machine (or another local server)?

Is that really necessary? I try to avoid duplication whenever that is possible.

Do you have an example set-up somewhere?

Thanks!!

--------------------------------------------------------

Support the independent web, use Firefox

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Wednesday, January 12th, 2022 at 5:23 PM, Dino Ciuffetti <dino@xxxxxxxxx> wrote:

My question:

Would it have been possible to install the SSL certificates in the virtual machines?

YES. It's possibile to send Internet HTTPS traffic to an internal HTTPS service behind apache httpd as a reverse proxy.

You eventally need to install same SSL certificates (but you don't have to necessarily) on both the reverse proxy and the internal service, enable SSLProxyProtol on your VHs and send the traffic to HTTPS via your ProxyPass.

-- 
Jim Albert

Follow-Ups:
- Re: Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
  - From: Jeroen Verhoeckx

References:
- Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
  - From: Jeroen Verhoeckx
- Re: Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
  - From: Dino Ciuffetti
- Re: Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
  - From: Jeroen Verhoeckx

Prev by Date: Re: How to configure and use mod_markdown
Next by Date: Re: Re: How to configure and use mod_markdown
Previous by thread: Re: Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
Next by thread: Re: Is it possible to install/configure SSL certificates on a server behind a reverse proxy?
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]