SSL Proxying with reverse_proxy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: SSL Proxying with reverse_proxy
From: "Todd Nine" <todd.nine@xxxxxxxxx>
Date: Sun, 4 Mar 2007 17:34:14 -0500
Delivered-to: mailing list users@xxxxxxxxxxxxxxxx
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; b=oeKA/KTkJMlNbi3tp30mI2D3Zb5bEOwhDPgiyVsKt+EAbup2jgYPGColdKixsV3xofXRcgJl6K14NznwwaUa8CKMTTEXNmV4j2/PZDF2N1iWNsbBwapLgdcUuRgrRWuL3Qkzidxs9SJksmBur48UUwisfgrFg/BwqS1buDh8gII=
Mailing-list: contact users-help@xxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: users@xxxxxxxxxxxxxxxx

Hi all,
I found a post on ssl tunneling here

http://mail-archives.apache.org/mod_mbox/httpd-users/200701.mbox/ajax/%3c20070123005748.tsjwdzdd4oogw80c@xxxxxxxxxxxxxxx%3e

I need to so something similar, but I'm not sure that I fully understand the examples given. The thread that gives the example

<VirtualHost *:443>
ServerName wsecure.foo.com

SSLEngine on

...

</VirtualHost>

is where I'm stuck. I thought that it wasn't possible to use name based virtual hosting with SSL since the host name header is encrypted, is this correct? I have a single public IP address, and I'm using it with mod_proxy to proxy about 6 other vmware hosts. Now I need to add SSL to one of the hosts, but I will ultimately need to have more than one server with SSL encryption. Below is my current http setup

HTTP Request --> web-gateway (name based virtual hosting and mod_proxy)---> target http server.

In order to add SSL for more than one domain, can I do the following with open source software?

HTTPS Request --> SSL Decryption --> HTTP request -- >web-gateway (name based virtual hosting and mod_proxy) --> target http

As you can see, I just want to do the decryption, then send the http payload on to the web gateway. I'm unsure how to do this. When I try the configuration below in conf.d/ssl.conf

Listen 443

<VirtualHost 10.0.0.11:443>
    ProxyRequests Off
    ProxyPreserveHost On

    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    ProxyPass / http://webgateway.mydomain.com:80/
    ProxyPassReverse / http://webgateway.mydomain.com:80/

    <Location />
        Order allow,deny
        Allow from all
    </Location>
</VirtualHost>

I get this error message, so I'm assuming that Apache is not doing SSL decryption before it forwards the request to port 80.

[Sun Mar 04 11:23:57 2007] [warn] [client 69.11.208.44] proxy: no HTTP 0.9 request (with no host line) on incoming request and
preserve host set forcing hostname to be webgateway.mydomain.com for uri /
[Sun Mar 04 11:23:57 2007] [error] [client 10.0.0.11] Invalid method in request \x80=\x01\x03 / HTTP/1.1

What software can I use to do this? Does Apache have a module, or do I need to get some special purpose software? If I need a separate application for encryption and decryption, can someone recommend something?

Thanks for your help and your time,
Todd

Prev by Date: Re: localhost problem
Next by Date: Failing redirects
Previous by thread: localhost problem
Next by thread: Failing redirects
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]