You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Bill Beattie <bi...@gov.ab.ca> on 2014/03/14 21:39:12 UTC

[users@httpd] Apache as reverse proxy for internal IIS web server

Hello,
Pardon my ignorance as I am new to Apache.

We would like to use Apache 2.4 as a reverse proxy (located outside firewall) to an internal IIS web server hosting an SSL based website.
The basic install of Apache has been completed, running on a Windows 2008 R2 box.  I am using a compiled version of Apache.
The IIS webserver is running on Windows 2008 R2.
Question is should the SSL certificate be installed on the IIS webserver, having the reverse proxy just direct traffic to it OR should the SSL certificate be installed on the reverse proxy? Which method is best for security? What steps are involved to configure the Apache reverse proxy to make it work?
I have spent a lot of time already reading through many documents, etc but I cannot find any relating to my scenario.
Thank you very much for your time.  It is greatly appreciated!
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.

Re: [users@httpd] Apache as reverse proxy for internal IIS web server

Posted by Daniel Ruggeri <DR...@primary.net>.

On 3/14/2014 3:39 PM, Bill Beattie wrote:
>
> *Hello,*
>
> *Pardon my ignorance as I am new to Apache.*
>
> * *
>
> *We would like to use Apache 2.4 as a reverse proxy (located outside
> firewall) to an internal IIS web server hosting an SSL based website.*
>
> *The basic install of Apache has been completed, running on a Windows
> 2008 R2 box.  I am using a compiled version of Apache.*
>
> *The IIS webserver is running on Windows 2008 R2.*
>
> *Question is should the SSL certificate be installed on the IIS
> webserver, having the reverse proxy just direct traffic to it OR
> should the SSL certificate be installed on the reverse proxy? Which
> method is best for security? What steps are involved to configure the
> Apache reverse proxy to make it work?*
>
> *I have spent a lot of time already reading through many documents,
> etc but I cannot find any relating to my scenario.*
>
> *Thank you very much for your time.  It is greatly appreciated!*
>

Hi, Bill;
   Since the reverse proxy (httpd 2.4) is the server that will be
handling the connection with the client, you will want to configure SSL
on the reverse proxy.

Tip: Configuration of SSL between httpd and IIS is optional but may be a
good idea if IIS ever generates a full link or redirect. When httpd
generates such things, it uses the protocol that it answered (so if you
speak cleartext to apache, the Location header will have http://). My
guess is that IIS would behave similarly.

-- 
Daniel Ruggeri