RE: Problem using apache as a reverse proxy for https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for the answer,

As far as I understand it, this would mean that the client talks to my proxy with one certificate and then the proxy decrypts and encrypts the request and uses the original servers certificate to communicate with the original server, i.e.

Client ----- cert A ---> Proxy ----> cert B ----> Server

What I would like is:

Client ----- cert B ---> Proxy ----> cert B ----> Server

Without the Proxy "reading" the request, simply passing it on.

Is this possible at all?

I have to put the proxy in the middle without changing certificates.

Cheers, Frank

> -----Ursprüngliche Nachricht-----
> Von: jslive@xxxxxxxxx [mailto:jslive@xxxxxxxxx] Im Auftrag 
> von Joshua Slive
> Gesendet: Donnerstag, 14. Dezember 2006 16:01
> An: users@xxxxxxxxxxxxxxxx
> Betreff: Re:  Problem using apache as a reverse 
> proxy for https
> 
> On 12/14/06, frank rittinger 
> <frank.rittinger@xxxxxxxxxxxxxxxxxxxx> wrote:
> > Hello list,
> >
> > I'm trying to get apache2 working as a reverse proxy.
> >
> > Regular HTTP requests just work fine, but I can't get it 
> working for 
> > HTTPS requests.
> >
> > On startup of apache, I get the following error in the logs:
> > You configured HTTP(80) on the standard HTTPS(443) port!
> >
> > Although, I just want to pass on the requests, do I still 
> have to set 
> > up SSL support properly?
> >
> > I have such a vhosts definition:
> >
> > <VirtualHost 10.1.2.45:443>
> >       SSLProxyEngine on
> >         ProxyRequests Off
> >       ProxyPreserveHost On
> >       ProxyPass / https://10.1.2.27:443/
> >       ProxyPassReverse / https://10.1.2.27:443/
> >       ServerName test.com:443
> > </VirtualHost>
> >
> > Apache 2.0.x on SuSE Linux 9.3. With modules proxy, ssl, 
> > proxy_connect, proxy_http.
> 
> You configured SSL for the proxy->backend connection, but you 
> haven't configured SSL for the client->proxy connection.  You 
> would need at least SSLEngine On in the vhost (and perhaps a 
> bunch of other stuff for certificates, etc, depending on the config).
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux