You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Todd Nine <to...@gmail.com> on 2007/03/04 23:34:14 UTC

[users@httpd] SSL Proxying with reverse_proxy

Hi all,
  I found a post on ssl tunneling here

http://mail-archives.apache.org/mod_mbox/httpd-users/200701.mbox/ajax/%3c20070123005748.tsjwdzdd4oogw80c@mail.orbitel.bg%3e

I need to so something similar, but I'm not sure that I fully understand the
examples given.  The thread that gives the example

<VirtualHost *:443>
       ServerName wsecure.foo.com

       SSLEngine on

...

</VirtualHost>

is where I'm stuck.  I thought that it wasn't possible to use name based
virtual hosting with SSL since the host name header is encrypted, is this
correct?  I have a single public IP address, and I'm using it with mod_proxy
to proxy about 6 other vmware hosts.  Now I need to add SSL to one of the
hosts, but I will ultimately need to have more than one server with SSL
encryption.  Below is my current http setup

HTTP Request --> web-gateway (name based virtual hosting and mod_proxy)--->
target http server.

In order to add SSL for more than one domain, can I do the following with
open source software?

HTTPS Request --> SSL Decryption  --> HTTP request -- >web-gateway (name
based virtual hosting and mod_proxy) --> target http


As you can see, I just want to do the decryption, then send the http payload
on to the web gateway.  I'm unsure how to do this.  When I try the
configuration below in conf.d/ssl.conf

Listen 443

<VirtualHost 10.0.0.11:443>
    ProxyRequests Off
    ProxyPreserveHost On

    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    ProxyPass / http://webgateway.mydomain.com:80/
    ProxyPassReverse / http://webgateway.mydomain.com:80/

    <Location />
        Order allow,deny
        Allow from all
    </Location>
</VirtualHost>



I get this error message, so I'm assuming that Apache is not doing SSL
decryption before it forwards the request to port 80.

[Sun Mar 04 11:23:57 2007] [warn] [client 69.11.208.44] proxy: no HTTP
0.9request (with no host line) on incoming request and
preserve host set forcing hostname to be webgateway.mydomain.com for uri /
[Sun Mar 04 11:23:57 2007] [error] [client 10.0.0.11] Invalid method in
request \x80=\x01\x03 / HTTP/1.1


What software can I use to do this?  Does Apache have a module, or do I need
to get some special purpose software?  If I need a separate application for
encryption and decryption, can someone recommend something?

Thanks for your help and your time,
Todd