You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jon Brule <jo...@paramountcomputing.com> on 2007/03/19 18:00:06 UTC
[users@httpd] Re: Reverse Proxy - How to disable HTTP access?
Sigh... Relief...
After some digging and playing, I figured out that I needed to do the
proxy change in the mod_ssl configuration file
(/etc/httpd/conf.d/ssl.conf) and not in the main configuration file
(/etc/httpd/conf/httpd.conf). As a result, I am configuring the
reverse proxy under the default SSL virtual host using the following syntax:
<VirtualHost _default_:443>
SSLEngine on
.
.
.
SSLProxyEngine on
ProxyPass /timesheet http://localhost:8080/system
ProxyPassReverse /timesheet http://localhost:8080/system
</VirtualHost>
Doing this enables the proxy only for the SSL virtual host, which is
exactly what I wanted to do!!!
Also, it seems that I may use genkey(1) to update the server certificate...
Hope this info helps someone else too...
Thanks,
Jon Brule
At 11:04 AM 3/19/2007, Jon Brule wrote:
>Good Morning,
>
>First, I must apologize and confess to being a reverted newbie...
>Years ago (pre 2000), I worked with the Apache web server, but I
>find myself suffering from C.R.S. syndrome...
>
>I have setup a reverse proxy for an internal HTTP Tomcat web service
>on a default configuration for Apache 2.2 web server. My additional
>configuration is as follows (system / host names changed to protect
>the guilty):
>
> #
> # Reverse Proxy Server: Backend system on Tomcat server
> #
> <IfModule mod_proxy.c>
> ProxyRequests Off
>
> <Proxy http://internet.com/system/*>
> Order deny,allow
> Deny from all
> </Proxy>
>
> ProxyPass /timesheet http://localhost:8080/system
> ProxyPassReverse /timesheet http://localhost:8080/system
> </IfModule>
>
>The reverse proxy works fine when I attempt to go to the
>http://internet.com/system URL. I also discovered that SSL is
>available by default on my installation (Apache was installed via
>RedHat Fedora Core 6) using a default SSL localhost self-signed
>certificate. This means that the application is also available
>through the https://internet.com/system URL.
>
>My chief question (one for which I am still coming the archives) is
>how do I disable the proxy configuration for the HTTP URL? I want
>only to proxy the system's access when the HTTPS protocol is used to
>connect to Apache. Can I do it with this type of configuration, or
>do I need to think about a virtual host?
>
>Also, I assume the following to be an FAQ: How does one change the
>default localhost self-signed certificate to a custom one
>(self-signed or official)? Is this strictly done with OpenSSL work,
>or does it require some Apache configuration as well? Again, looking
>through the archives for this one too...
>
>Any info would be greatly appreciated...
>
>Thanks,
>Jon Brule
Regards,
Jon
_________________
Jon R. Brule
Paramount Computing Associates
585-231-2037 / 8*221-2037 (Xerox Office)
585-345-9622 (PCA Main Number)
585-721-3554 (Mobile)