Re: url proxying

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Apr 11, 2008 at 9:48 AM, Melanie Pfefer
<melanie_pfefer@xxxxxxxxxxx> wrote:
> Hi everybody,
>
>  I want to enable proxying from apache to a tomcat application running on ssl.
>
>  Redirection is working:
>  RewriteRule /abc/  https://remoteserver:8443/abc/ [R=301,L]
>
>
>  But proxying is not:
>  RewriteRule /abc/  https://remoteserver:8443/abc/ [P,L]
>
>  In redirection:
>  http://myapache/abc/ goes to https://remoteserver:8443/abc/ but this is shown in the url which is not my intention.
>
>  Any idea how to fix the proxying?
>  thanks

Apache can't proxy to https urls out of the box. You need to do some work.

you need to add the following to your config.

# turn on SSL proxying.
SSLProxyEngine On

# to tell Apache where to find CA certificates to check remote server
certificates with:
# (You can choose yourself where you put these certificates)
SSLProxyCACertificatePath /path/to/ca/certificates.

Then in this path you need to put the CA certificate(s) used to sign
the certificate(s) used by the server(s) you communicate with. If you
want to talk to a server that uses a "self signed" certificate you
will need to put it in this dir too.

Once you've done that you need to run c_rehash in that directory.
c_rehash is part of a standard openssl distribution. c_rehash creates
hashed aliases in this dir. Apache needs these.

In order to test if everything is there you can do the following:

openssl s_client -CApath /path/to/ca/certificates -connect remoteserver:8443

if the conenction succeeds just try to do a
GET /abc/

and see if you get something. If all goes well it should work for apache also.

Krist









-- 
krist.vanbesien@xxxxxxxxx
krist@xxxxxxxxxxxxx
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux