Hi Steve, I tried the same few months back and had prepared one document for support team and future developers, see if it is useful for you. Copy pasting only how toinstall and configure apache with ssl part of this document. How to Compile and Install apache with mod_ssl: Steps below would describe how to compile the apache source code on unix environments. We need to enable the ssl and proxy module support in the new installation. Extract the httpd-2.0.55.tar.gz file as below gzip -d httpd-2_0_NN.tar.gz tar xvf httpd-2_0_NN.tar Configure how to compile and which modules to compile by executing configure script as below $cd httpd-2.0.55 $./configure --prefix=/usr/local/apache/live \ >--enable-ssl=static \ >--enable-proxy=static \ >--enable-proxy-http=static Run following commands to compile and install Apache. $make $make install Here we have compiled the source with static linking so there wont be separate ".so" files for each modules. Instead it will be built in as default pack. By doing this we need not have use LoadModule directive to load the module whilst starting the service. Configure SSL: 1. Create Certificates Goto openssl/bin/ directory and execute below mentioned steps to generate the key and self signed certificate files. ./openssl req -config openssl.cnf -new -out 172.24.6.57.csr ./openssl rsa -in privkey.pem -out 172.24.6.57.key ./openssl x509 -in 172.24.6.57.csr -out 172.24.6.57.cert -req -signkey 172.24.6.57.key -days 365 Copy 172.24.6.57.key and 172.24.6.57.cert files from openssl/bin/ directory to you apache conf directory. 2. Configure httpd.conf for SSL Add following lines at respective location in the httpd.conf file Listen 443 ServerName 172.24.6.57:443 NameVirtualHost 172.24.6.57:443 SSLMutex default SSLRandomSeed startup builtin SSLSessionCache none <VirtualHost 172.24.6.57:443> SSLEngine On SSLCertificateFile "/data2/basapp/apache/apachessl/conf/ssl/172.24.6.57.cert" SSLCertificateKeyFile "/data2/basapp/apache/apachessl/conf/ssl/172.24.6.57.key" # Proceed with your proxy and server settings here. </VirtualHost> Now I had reverse proxy for redirecting the address to actual webserver, to achive the I used below directive in my virtual host(Both ssl and normal ports) <IfModule mod_proxy.c> ProxyRequests off <Proxy *> order deny,allow Allow from all </Proxy> ProxyBadHeader Ignore Alias /bas/ "/data2/basapp/apache/apache1/htdocs/" Alias /bas "/data2/basapp/apache/apache1/htdocs/" ProxyPass /bas/ http://172.24.226.59:7001/bas/ ProxyPassReverse /bas/ http://172.24.226.59:7001/bas/ </IfModule> Please let me know if you had achieved it in different way. Regards, D Anil -----Original Message----- From: sniedermeyer@xxxxxxx [mailto:sniedermeyer@xxxxxxx] Sent: Friday, June 30, 2006 2:52 AM To: users@xxxxxxxxxxxxxxxx Subject: [users@httpd] SSL and reverse proxying Hello Everyone, Just joined the list today. I've used Apache HTTP Server for simple static sites with the default configuration and am looking at using it for reverse proxying now. I'm a newbie and am confused about how to proceed with enabling HTTPS to the reverse proxy server and then from the reverse proxy server to a back end application server. I have valid certificates for both servers, but I'm getting lost in the documentation for allowing the reverse proxy server to gracefully pass on HTTPS requests to the application server so that a web browser doesn't complain about a certificate that's not for the correct server. Does anyone know of a good tutorial, book, or example config file I could reference? I tried looking for a good Apache book that covered the basics as well as the SSL and proxying I'm trying to accomplish for Apache 2.2 and haven't found one yet. Thanks for any help you can pass along. I'll be sure to reciprocate as I learn more ;) ____________________________ Steven Niedermeyer Information Technology Services City of Bellingham 625 Halleck St Bellingham, WA 98225 Phone: (360) 676-6671 x156 Fax: (360) 676-7693 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx ============================================================================================================================ Tech Mahindra, formerly Mahindra-British Telecom. Disclaimer: The contents of this E-mail (including the contents of the enclosure(s) or attachment(s) if any) are privileged and confidential material of Tech Mahindra and should not be disclosed to, used by or copied in any manner by anyone other than the intended addressee(s). In case you are not the desired addressee, you should delete this message and/or re-direct it to the sender. The views expressed in this E-mail message (including the enclosure(s) or attachment(s) if any) are those of the individual sender, except where the sender expressly, and with authority, states them to be the views of Tech Mahindra. This e-mail message including attachment/(s), if any, is believed to be free of any virus. However, it is the responsibility of the recipient to ensure that it is virus free and Tech Mahindra is not responsible for any loss or damage arising in any way from its use. ============================================================================================================================ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|