RE: [users@httpd] Questions about reverse proxy with https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yes, "SSLProxyEngine On" will do the trick. But Carlo, you want to keep in 
mind that for internal server(s), you will/should probably use a 
self-signed certificate and for Apache (mod_proxy) to like the self-signed 
cert from a no-name CA, you will need to add the following 2 directives to 
your virtual in addition to the one above:

SSLProxyVerify optional_no_ca
SSLProxyVerifyDepth 1

The above tells mod_proxy that the backend may or may not present a valid 
cert from a trusted CA !

Thanks
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
- - 
- Jignesh Badani
Intranet/Extranet Technical Services
Mitsubishi Motors North America
Cypress, CA, 90630
(W) - 714-934-3563 




Axel-Stéphane  SMORGRAV <Axel-Stephane.SMORGRAV@xxxxxxxxxxxxxx> 
06/22/2005 11:53 AM
Please respond to
users@xxxxxxxxxxxxxxxx


To
<users@xxxxxxxxxxxxxxxx>
cc

Subject
RE: [users@httpd] Questions about reverse proxy with https






Yes this is possible. From memory the only thing you need is to set 
"SSLProxyEngine On". Take a look at the mod_ssl documentation at 
httpd.apache.org.

-ascs

-----Original Message-----
From: Carlo Montanari [mailto:carlo.montanari@xxxxxxxxxxxx] 
Sent: Wednesday, June 22, 2005 12:43 PM
To: users@xxxxxxxxxxxxxxxx
Subject: [users@httpd] Questions about reverse proxy with https

Hi list.
I'm in the process of building a reverse proxy architecture based on 
Apache with mod_proxy, in order to publish on the Internet an internal 
website now residing only on our Intranet.
The site is quite critical, so it's required that it must be available 
externally only in https. So far so good.
Now some people in our management are requiring that also the 
communication between the reverse proxy and the internal site must be 
encrypted, and this is raising some doubts to me as I have never worked 
with such a configuration.
Please anybody can help me with any hint?
First of all, is it possible at all to implement this with mod_proxy?
If so, is there any documentation about it?
Any thoughts about the matter?

Thanks, Carlo

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux