Yes, "SSLProxyEngine On" will do the trick. But Carlo, you want to keep in mind that for internal server(s), you will/should probably use a self-signed certificate and for Apache (mod_proxy) to like the self-signed cert from a no-name CA, you will need to add the following 2 directives to your virtual in addition to the one above: SSLProxyVerify optional_no_ca SSLProxyVerifyDepth 1 The above tells mod_proxy that the backend may or may not present a valid cert from a trusted CA ! Thanks - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Jignesh Badani Intranet/Extranet Technical Services Mitsubishi Motors North America Cypress, CA, 90630 (W) - 714-934-3563 Axel-Stéphane SMORGRAV <Axel-Stephane.SMORGRAV@xxxxxxxxxxxxxx> 06/22/2005 11:53 AM Please respond to users@xxxxxxxxxxxxxxxx To <users@xxxxxxxxxxxxxxxx> cc Subject RE: [users@httpd] Questions about reverse proxy with https Yes this is possible. From memory the only thing you need is to set "SSLProxyEngine On". Take a look at the mod_ssl documentation at httpd.apache.org. -ascs -----Original Message----- From: Carlo Montanari [mailto:carlo.montanari@xxxxxxxxxxxx] Sent: Wednesday, June 22, 2005 12:43 PM To: users@xxxxxxxxxxxxxxxx Subject: [users@httpd] Questions about reverse proxy with https Hi list. I'm in the process of building a reverse proxy architecture based on Apache with mod_proxy, in order to publish on the Internet an internal website now residing only on our Intranet. The site is quite critical, so it's required that it must be available externally only in https. So far so good. Now some people in our management are requiring that also the communication between the reverse proxy and the internal site must be encrypted, and this is raising some doubts to me as I have never worked with such a configuration. Please anybody can help me with any hint? First of all, is it possible at all to implement this with mod_proxy? If so, is there any documentation about it? Any thoughts about the matter? Thanks, Carlo --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|