Re: [users@httpd] Vitualhosts ssl and apache2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Vincent. I had found this example searching more but not sure it is of any value. 

Regards,
David

<VirtualHost 1.2.3.4:80>
        ServerName webmail.example.org
        DocumentRoot /var/www/html/exchange
RedirectMatch ^/(index.html?)$ https://webmail.example.org/exchange/ 
        RedirectMatch ^/exchange$ https://webmail.example.org/exchange/
</VirtualHost>

<VirtualHost 1.2.3.4:443>
        # This secures the server from being used as a third party
        # proxy server
        ProxyRequests Off

        # Allows the proxying of a SSL connection
        SSLProxyEngine On
        ProxyVia On

        DocumentRoot /home/user/mail_proxy/html/
        RequestHeader set Front-End-Https "On"

        ServerName mail

        # Set up SSL to work with this host
        SSLEngine On
        SSLCertificateFile /etc/apache/webmail-proxy/server.crt
        SSLCertificateKeyFile /etc/apache/webmail-proxy/server.key
SSLProxyMachineCertificateFile /etc/apache/webmail-proxy/certnew.cer 

        ProxyPass /exchange/ https://mail-internal/exchange/
        ProxyPassReverse /exchange/ https://mail-internal/exchange/

        ProxyPass /exchweb/ https://mail-internal/exchweb/
        ProxyPassReverse /exchweb/ https://mail-internal/exchweb/

        ProxyPass /public/ https://mail-internal/public/
        ProxyPassReverse /public/ https://mail-internal/public/

        ProxyPreserveHost On
</VirtualHost>

Vincent Bray wrote:

On 8/2/06, Vincent Bray <noodlet@xxxxxxxxx> wrote:

On 8/2/06, David Pratt <fairwinds@xxxxxxxxxxx> wrote:
> Hi Vincent. I have NameVirtualHost(s) set up as follows.
>
> NameVirtualHost *:80
> NameVirtualHost *.443
>
> Sorry I did not include this in my previous message. The twisted SSL
> server is pretty much stand alone and uses its own certificate source.
> What I want to do is have the server running on localhost:8443 proxied
> on 443 for a particular path.  Will I still need Apache's SSLEngine for
> this?

Hi,
Looking in to this a little further (thanks google) has confirmed what
I thought; that reverse proxying ssl is largely pointless. This rather
old message explains the scenario:

http://www.squid-cache.org/mail-archive/squid-users/200005/0744.html

That leaves you either, a) forgetting about ssl authentication between
the user agent and zope, b) exposing zope to the client directly, or
c) using something at the tcp level to forward the encrypted
connection to zope's port.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux