Re: single SSL proxy to multiple non-SSL name-based hosts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Mar 18, 2011 at 2:40 PM, Alex Duckers <alex.duckers@xxxxxxxxx> wrote:
> Hi All - I imagine this is fairly common, but I've had trouble making it work.
> I'm on RHEL 5.4, with Apache/2.2.3.
>
> I've got two sites to deal with, sitea.company.com and siteb.company.com.
> I've set up DNS for each of these to resolve the same ip address.
> I have an Apache server listening on that IP address.
>
> I'd like that apache server to do the following:
> Â Â Â Â* take requests for HTTPS://sitea.company.com, terminate SSL, and proxy the HTTP to an internal server called sitea.internal.net.
> Â Â Â Â* take requests for HTTPS://siteb.company.com, terminate SSL, and proxy the HTTP to an internal server called siteb.internal.net.
>
> Both names can use the same SSL certificate; I'll probably get a wildcard cert for this.
>
> I was able to make it work for a single site with a very basic config, adding ProxyPass and ProxyPass reverse to the httpd.conf file. ÂBut this sends everything to that single host. ÂWhen I try to break it out with virtualhosts, it either isn't terminating SSL properly, or doesn't PROXY properly.
>
> I'm sure I'm missing something pretty simple. ÂAnyone have a recipe for this?
>
> Thanks
>
>

NameVirtualHost *:443
<VirtualHost *:443>
  ServerName a.company.com
  SSLEngine On
  SSLCertificateFile /path/to/star.company.com/apache.crt
  SSLCertificateKeyFile /path/to/star.company.com/apache.key
  SSLCACertificateFile /path/to/star.company.com/ca.crt
  ProxyPass / http://a.company.com/
  ProxyPassReverse / http://a.company.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName b.company.com
  SSLEngine On
  SSLCertificateFile /path/to/star.company.com/apache.crt
  SSLCertificateKeyFile /path/to/star.company.com/apache.key
  SSLCACertificateFile /path/to/star.company.com/ca.crt
  ProxyPass / http://b.company.com/
  ProxyPassReverse / http://b.company.com/
</VirtualHost>

Cheers

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux