You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jon Brule <jo...@paramountcomputing.com> on 2007/03/19 18:00:06 UTC

[users@httpd] Re: Reverse Proxy - How to disable HTTP access?

Sigh... Relief...

After some digging and playing, I figured out that I needed to do the 
proxy change in the mod_ssl configuration file 
(/etc/httpd/conf.d/ssl.conf) and not in the main configuration file 
(/etc/httpd/conf/httpd.conf). As a result, I am configuring the 
reverse proxy under the default SSL virtual host using the following syntax:

         <VirtualHost _default_:443>
             SSLEngine on
             .
             .
             .
             SSLProxyEngine on
             ProxyPass /timesheet http://localhost:8080/system
             ProxyPassReverse /timesheet http://localhost:8080/system
         </VirtualHost>

Doing this enables the proxy only for the SSL virtual host, which is 
exactly what I wanted to do!!!

Also, it seems that I may use genkey(1) to update the server certificate...

Hope this info helps someone else too...

Thanks,
Jon Brule

At 11:04 AM 3/19/2007, Jon Brule wrote:
>Good Morning,
>
>First, I must apologize and confess to being a reverted newbie... 
>Years ago (pre 2000), I worked with the Apache web server, but I 
>find myself suffering from C.R.S. syndrome...
>
>I have setup a reverse proxy for an internal HTTP Tomcat web service 
>on a default configuration for Apache 2.2 web server. My additional 
>configuration is as follows (system / host names changed to protect 
>the guilty):
>
>         #
>         # Reverse Proxy Server: Backend system on Tomcat server
>         #
>         <IfModule mod_proxy.c>
>         ProxyRequests Off
>
>         <Proxy http://internet.com/system/*>
>             Order deny,allow
>             Deny from all
>         </Proxy>
>
>         ProxyPass /timesheet http://localhost:8080/system
>         ProxyPassReverse /timesheet http://localhost:8080/system
>         </IfModule>
>
>The reverse proxy works fine when I attempt to go to the 
>http://internet.com/system URL. I also discovered that SSL is 
>available by default on my installation (Apache was installed via 
>RedHat Fedora Core 6) using a default SSL localhost self-signed 
>certificate. This means that the application is also available 
>through the https://internet.com/system URL.
>
>My chief question (one for which I am still coming the archives) is 
>how do I disable the proxy configuration for the HTTP URL? I want 
>only to proxy the system's access when the HTTPS protocol is used to 
>connect to Apache. Can I do it with this type of configuration, or 
>do I need to think about a virtual host?
>
>Also, I assume the following to be an FAQ: How does one change the 
>default localhost self-signed certificate to a custom one 
>(self-signed or official)? Is this strictly done with OpenSSL work, 
>or does it require some Apache configuration as well? Again, looking 
>through the archives for this one too...
>
>Any info would be greatly appreciated...
>
>Thanks,
>Jon Brule

Regards,
Jon
_________________
Jon R. Brule
Paramount Computing Associates
585-231-2037 / 8*221-2037 (Xerox Office)
585-345-9622 (PCA Main Number)
585-721-3554 (Mobile)