RE: Reverse Proxy HTTPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <users@xxxxxxxxxxxxxxxx>
Subject: RE: Reverse Proxy HTTPS
From: James Ellis <ellisje22@xxxxxxxxxxx>
Date: Tue, 18 Mar 2008 18:54:45 +0000
Importance: Normal
In-reply-to: <e498c1660803181141o137650d8w408b4103be6f6525@xxxxxxxxxxxxxx>
Reply-to: users@xxxxxxxxxxxxxxxx

Joshua,

Thank you for your feedback.

> You can do simple port-forwarding (not HTTP proxying) to pass along
> the encrypted stream, but then you have to do it for the whole server,
> not just the /clustertest path.

Could you tell me which modules in Apache I'd use for port forwarding?

Thanks,
Jim

> Date: Tue, 18 Mar 2008 14:41:28 -0400
> From: joshua@xxxxxxxx
> To: users@xxxxxxxxxxxxxxxx
> Subject: Re: Reverse Proxy HTTPS
>
> On Tue, Mar 18, 2008 at 1:38 PM, James Ellis <ellisje22@xxxxxxxxxxx> wrote:
> >
> > I am trying to get a reverse proxy working for the following architecture:
> >
> > Browser --> HTTPS --> ServerA --> HTTPS --> Server B
> >
> > I can get a half-a$$ solution working like this:
> >
> > <VirtualHost _default_:443>
> > SSLProxyEngine on
> > SSLEngine on
> > SSLCertificateFile "C:/Program Files/Apache Software
> > Foundation/Apache2.2/conf/server.crt"
> > SSLCertificateKeyFile "C:/Program Files/Apache Software
> > Foundation/Apache2.2/conf/server.key"
> > ProxyPass /clustertest https://XXX.XXX.X.XXX:444/clustertest
> > </VirtualHost>
> >
> > ...but this isn't exactly how I want it. It's taking the certificate from
> > ServerA and encrypting request, but then creating a new SSL session to talk
> > to ServerB.
> >
> > I would like to be able to take the certificate from ServerB, encrypt the
> > request and have ServerA just "pass on" the whole encrypted request to
> > ServerB.
> >
> > Is this possible?
>
> What you want can't work because the path information is inside the
> encrypted request and that will only be available to ServerA if it
> decrypts the request.
>
> You can do simple port-forwarding (not HTTP proxying) to pass along
> the encrypted stream, but then you have to do it for the whole server,
> not just the /clustertest path.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>

Follow-Ups:
- Re: Reverse Proxy HTTPS
  - From: Joshua Slive

References:
- Reverse Proxy HTTPS
  - From: James Ellis
- Re: Reverse Proxy HTTPS
  - From: Joshua Slive

Prev by Date: Re: Reverse Proxy HTTPS
Next by Date: Proxying woes.
Previous by thread: Re: Reverse Proxy HTTPS
Next by thread: Re: Reverse Proxy HTTPS
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]