[users@httpd] Add SSL + https to Apache2 Proxied site - won't start!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello all,

I've been using a site configured to Proxy requests to another port for
one ServerName and another on the same Apache2 directly serving PHP pages.
 That's been working fine.  But now I want to add SSL to the proxied pages
and it isn't going so smoothly.  I had hints from a coworker and tried
integrating that with my existing vhost files, but even at the best of
times Apache2 fails startup.

I have been looking through the how-to
(http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html) , but this page
never says anything about host files (it only uses the httpd.conf file)
nor using port 443 so I'm less sure how relevant it is.  The
ssl_faq.html's Certificates' portion does clearly explain how to create
the certificates themselves.  That part seems fine.

I did add the ssl and rewrite modules, relieving those early errors. 
Configuration-wise the advice I've gotten makes it looks like I need to
first add a rewrite for the http requests:

NameVirtualHost *:80
<VirtualHost *:80>
     ServerAdmin webmaster@xxxxxxxxxxxxxxxxxxxxxx
     ServerName site1.domain.com
     RewriteEngine on
     RewriteRule ^/$ https://site1.domain.com [R,L]
     CustomLog logs/site1-80_log combined
     ErrorLog logs/site1-80_error
</VirtualHost>

And then add a couple parts to my Proxied VirtualHost to process it
correctly:

NameVirtualHost *:443
<VirtualHost *:443>
    ServerAdmin webmaster@localhost
    ServerName site1.domain.com
    ProxyPassReverse   / http://localhost:3000/
    ProxyPass          / http://localhost:3000/
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
    SSLCertificateFile /etc/ssl/server.crt
    SSLCertificateKeyFile /etc/ssl/server.pem
    CustomLog logs/site1-443_log combined
    ErrorLog logs/site1-443_error
</VirtualHost>

A related question is: should the Alias/Directory/Location entries
following these need to be changed?  They should all be https content, so
the above tags should take care of that, correct?

The /etc/hosts file has this entry since we want both this secured portion
and a separate unsecured portion in a separate vhost file:
  127.0.0.1   localhost   site1.domain.com   domain.com

I am unsure what else is relevant here.  If there are suggestions or
questions I can answer, please let me know.


Thanks for your insights,

-Chris

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux