You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Todd Nine <to...@gmail.com> on 2007/03/04 23:34:14 UTC
[users@httpd] SSL Proxying with reverse_proxy
Hi all,
I found a post on ssl tunneling here
http://mail-archives.apache.org/mod_mbox/httpd-users/200701.mbox/ajax/%3c20070123005748.tsjwdzdd4oogw80c@mail.orbitel.bg%3e
I need to so something similar, but I'm not sure that I fully understand the
examples given. The thread that gives the example
<VirtualHost *:443>
ServerName wsecure.foo.com
SSLEngine on
...
</VirtualHost>
is where I'm stuck. I thought that it wasn't possible to use name based
virtual hosting with SSL since the host name header is encrypted, is this
correct? I have a single public IP address, and I'm using it with mod_proxy
to proxy about 6 other vmware hosts. Now I need to add SSL to one of the
hosts, but I will ultimately need to have more than one server with SSL
encryption. Below is my current http setup
HTTP Request --> web-gateway (name based virtual hosting and mod_proxy)--->
target http server.
In order to add SSL for more than one domain, can I do the following with
open source software?
HTTPS Request --> SSL Decryption --> HTTP request -- >web-gateway (name
based virtual hosting and mod_proxy) --> target http
As you can see, I just want to do the decryption, then send the http payload
on to the web gateway. I'm unsure how to do this. When I try the
configuration below in conf.d/ssl.conf
Listen 443
<VirtualHost 10.0.0.11:443>
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://webgateway.mydomain.com:80/
ProxyPassReverse / http://webgateway.mydomain.com:80/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
I get this error message, so I'm assuming that Apache is not doing SSL
decryption before it forwards the request to port 80.
[Sun Mar 04 11:23:57 2007] [warn] [client 69.11.208.44] proxy: no HTTP
0.9request (with no host line) on incoming request and
preserve host set forcing hostname to be webgateway.mydomain.com for uri /
[Sun Mar 04 11:23:57 2007] [error] [client 10.0.0.11] Invalid method in
request \x80=\x01\x03 / HTTP/1.1
What software can I use to do this? Does Apache have a module, or do I need
to get some special purpose software? If I need a separate application for
encryption and decryption, can someone recommend something?
Thanks for your help and your time,
Todd