Reverse Proxy https to http

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I am trying to configure my proxy to be able to accept HTTPS and
forward requests to backend server which is in HTTP

user-->(https://mydomain.com/abc)---------ssl: [reverse
proxy]:http--------------->http://backend.ca/8082/abc

I want to preserve the URL as https//mydomain.com/abc.

I looked at my firewall logs and noticed 6 https sessions and one http.
The http session is what is not working in my rewriting I presume.
My goal is to preserve https protocol client side, although the
backend is in http.....

Also, when I use Preserverhost on when using https to http, it fails
right away BUT https to https works good.

Thx
here is my config file


User nobody
Group nobody
ServerAdmin xxxxxxxxxxxxxxx@xxxxxxxxxxxxx
ServerName mydomain.com
UseCanonicalName Off
ServerSignature Off
HostnameLookups Off
SecServerSignature "Serveur-Web/1.0"
ServerRoot "/usr/apache2"
DocumentRoot "/var/apache2/htdocs"
PidFile /var/apache2/logs/httpd.pid
ScoreBoardFile /var/apache2/logs/httpd.scoreboard
Listen 80
Timeout 60
KeepAlive On
MaxKeepAliveRequests  100
KeepAliveTimeout 15
<IfModule prefork.c>
MinSpareServers     10
MaxSpareServers     20
StartServers        10
MaxClients         256
MaxRequestsPerChild  0
</IfModule>
<IfModule worker.c>
StartServers         2
MaxClients         250
MinSpareThreads     25
MaxSpareThreads     75
ThreadsPerChild     25
</IfModule>
LimitRequestBody     10240
LimitRequestFields      40
LimitRequestFieldsize 1500
LimitRequestline       500
CoreDumpDirectory /var/apache2/logs
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory "/var/apache2/htdocs">
Order allow,deny
Allow from all
</Directory>
<Directory "/www">
Order allow,deny
Allow from all
</Directory>
<IfModule mod_mime.c>
TypesConfig /etc/apache2/mime.types
</IfModule>
DefaultType text/plain
<IfModule mod_mime.c>
AddEncoding x-compress              .Z
AddEncoding x-gzip                  .gz .tgz
AddType application/x-compress      .Z
AddType application/x-gzip          .gz .tgz
AddType application/x-tar           .tgz
AddType application/x-x509-ca-cert  .crt
AddType application/x-pkcs7-crl     .crl
</IfModule>
LogLevel notice
ErrorLog syslog:local7
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
ErrorLog /var/apache2/logs/error_log
CustomLog /var/apache2/logs/access_log combined
<IfDefine SSL>
LoadModule ssl_module modules/mod_ssl.so
</IfDefine>
<IfModule mod_ssl.c>
Include /etc/apache2/ssl.conf
</IfModule>
RewriteEngine on
RewriteLog /var/apache2/logs/rewrite.log
RewriteLogLevel 2

RewriteCond %{SERVER_PROTOCOL} !^https [NC]
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,QSA]

NameVirtualHost 10.6.3.205:443
NameVirtualHost 10.6.3.103:443
<IfModule mod_ssl.c>
<VirtualHost 10.6.3.205:443>
ServerName mydomain1.com
ServerAlias mydomain1
ProxyBadHeader Ignore
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine On
SSLProxyEngine on
DocumentRoot "/var/apache2/htdocs"
ProxyPass https://mydomain1.com/ https://backend3.ca:44322/
ProxyPass / https://backend3.ca:44322/
ProxyPassReverse https://backend3.ca:44322/ https://mydomain1.com/
LogLevel info
ErrorLog                               /var/apache2/logs/mydomain1.com.error.log
TransferLog
/var/apache2/logs/mydomain1.com.access.log
RewriteLogLevel 0
RewriteLog
/var/apache2/logs/mydomain1.com.rewrite.log
</VirtualHost>
<VirtualHost 10.6.3.103:443>
ServerName mydomain.com
ServerAlias mydomain
ProxyBadHeader Ignore
ProxyRequests Off
RewriteEngine On
SSLProxyEngine on
RewriteEngine on
RewriteRule       ^/lsw2(.*)$  https://backend1.sap.ca:26961/lsw2/$1
[NC,P,L]    # this works

#this for some reason becomes http from client perspective
#PreserveHost on does not work with lsw, so I disabled it....
RewriteRule       ^/lsw(.*)$    http://backend2.ca:8082/lsw$1     [NC,P,L]
ProxyPassReverse  /lsw          http://backend2.ca:8082/lsw
Redirect permanent /lsw https://mydomain.com/lsw
LogLevel info
ErrorLog                               /var/apache2/logs/mydomain.com.error.log
TransferLog                            /var/apache2/logs/mydomain.com.access.log
RewriteLogLevel 0
RewriteLog
/var/apache2/logs/mydomain.com.rewrite.log
</VirtualHost>
</IfModule>
LoadModule security_module    modules/mod_security.so
SecFilterEngine On
SecFilterCheckURLEncoding On
SecFilterCheckUnicodeEncoding On
SecFilter hidden
SecFilterForceByteRange 32 126
SecAuditEngine RelevantOnly
SecAuditLog /var/apache2/logs/audit_log
SecFilterDebugLog /var/apache2/logs/modsec_debug_log
SecFilterDebugLevel 0
SecFilterDefaultAction "deny,log,status:500"
SecFilterSelective HTTP_Transfer-Encoding "!^$"
SecFilter /etc/passwd
SecFilterSelective ARGS "bin/"
SecFilterSelective ARGS "^(.*)[][\"|\#|\^|\{|\}|<|\||\`|>|\@|\$|\*](.*)$"
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux