Secure reverse proxy losing https

Alles, was den Apache betrifft, kann hier besprochen werden.

Secure reverse proxy losing https

Postby caesar_gdi » 06. September 2011 15:44

I am having trouble with Apache2.2 I want apache to be a secure reverse proxy for a non-secure host. here is my config

Code: Select all
<VirtualHost *:80>

        ServerName atlsaba1.saba.com
        ServerAlias atlsaba1
        SSLProxyEngine on

        ProxyPreserveHost On
        RewriteEngine On
        RewriteCond     %{SERVER_PORT} ^443$
        RewriteCond     %{HTTP_HOST} !^atlsaba1.saba.com/$

        ProxyPass       / http://atlcentra2.saba.com/
        ProxyPassReverse /SiteRoots/main/  http://atlcentra2.saba.com/
        ProxyPassReverse /main/  http://atlcentra2.saba.com/

</VirtualHost>
<VirtualHost *:443>
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv3:+EXP:+eNULL
        SSLCertificateFile "C:\ssl\atlsabaCA\CA\server\certificates\atlsabaWEB.CRT"
        SSLCACertificateFile "C:\ssl\atlsabaCA\CA\atlsabaCA.CRT"
        SSLCertificateKeyFile "C:\ssl\atlsabaCA\CA\server\keys\atlsabaWEB.KEY"
      SSLVerifyClient none
      
        ServerName atlsaba1.saba.com
        ServerAlias atlsaba1
        SSLProxyEngine on

        ProxyPreserveHost On
        ProxyPass       / http://atlcentra2.saba.com/
        ProxyPassReverse /SiteRoots/main/  http://atlcentra2.saba.com/
        ProxyPassReverse /main/  http://atlcentra2.saba.com/
         
</VirtualHost>


https://atlsaba1.saba.com is redirected to http://atlsaba1.saba.com

Does anyone know how I can maintain the https?
caesar_gdi
 
Posts: 1
Joined: 06. September 2011 15:31

Re: Secure reverse proxy losing https

Postby glitzi85 » 15. September 2011 15:14

Hi,

i do not fully understand your post, but i think you have a gateway server (atlsaba1) where all http-requests should be redirected to the https-port and there all requests should be proxied to server atlcentra2.

Here is how i would do it:

Code: Select all
<VirtualHost *:80>
        ServerName atlsaba1.saba.com
        ServerAlias atlsaba1
        RedirectMatch (.*) https://atlsaba1.saba.com
</VirtualHost>

<VirtualHost *:443>
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv3:+EXP:+eNULL
        SSLCertificateFile "C:\ssl\atlsabaCA\CA\server\certificates\atlsabaWEB.CRT"
        SSLCACertificateFile "C:\ssl\atlsabaCA\CA\atlsabaCA.CRT"
        SSLCertificateKeyFile "C:\ssl\atlsabaCA\CA\server\keys\atlsabaWEB.KEY"
        SSLVerifyClient none
     
        ServerName atlsaba1.saba.com
        ServerAlias atlsaba1
        SSLProxyEngine on

        ProxyPreserveHost On
        ProxyPass       / http://atlcentra2.saba.com/
        ProxyPassReverse / http://atlcentra2.saba.com/
        <Location />
                 Order allow,deny
                 allow from all
        </Location>
<VirtualHost>


This code is not tested in any way. Please make sure to point DocumentRoot for the SSL-Host to something secure (If no DocumentRoot is specified, the Value of the main server is used). Best idea would be to point it to an empty directory, because the <Location />-Part is very dangerous (but necessary)!

For this to work you need mod_alias, mod_proxy and mod_ssl!

glitzi
User avatar
glitzi85
 
Posts: 1920
Joined: 05. March 2004 23:26
Location: Dahoim


Return to Apache

Who is online

Users browsing this forum: No registered users and 9 guests