You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Brooks, Jim" <ji...@benefitpoint.com> on 2004/11/29 23:38:51 UTC

[users@httpd] http to https proxy

I have an internal java application sending out web services requests to various external servers through an apache proxy.  Currently the ssl encryption is being done on the app servers, but we would like to shift that to our webservers that have ssl cards.

client (app) ...http... proxy ...https... server

I have seen references to ProxyPass or ReWrite that seem close to what I would like, but nothing that seems to work just right.  Any help or pointers, or that one trick that makes it works would be much appreciated.



Thanks,
Jim Brooks


I'm on Solaris 8 w/ apache 2.0.43.

httpd.conf:
****************
ServerRoot "/opt/apache/apache2/web_04"
ServerName web11.benefitpoint.com:8002
Listen 172.16.3.202:8002
User nobody
Group nobody
ProxyRequests On

LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogLevel DEBUG
CustomLog logs/access_log common
ErrorLog logs/error_log

SSLProxyEngine on
SSLCryptoDevice cswift

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin

SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

SSLMutex  file:logs/ssl_mutex

SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom 512


RewriteEngine on
RewriteRule   ^http:\\ ^https:\\     [R]
RewriteLog logs/rewrite_log
RewriteLogLevel 1

SSLEngine on
SSLCipherSuite ALL
SSLCertificateFile /opt/apache/apache2/web_01/conf/ssl.crt/web11.crt
SSLCertificateKeyFile /opt/apache/apache2/web_01/conf/ssl.key/web11.key
SSLCACertificateFile /opt/apache/apache2/web_02/conf/ssl.crt/cbundle.crt

***************************



Jim Brooks,
Configuration Management

jim.brooks at BenefitPoint.com
tele (925) 210-8204

BenefitPoint, Inc.  
1340 Treat Blvd
Walnut Creek, CA 94597
Customer Support 415.277.5700
<www.benefitpoint.com>

This electronic transmission (and any attached document or file) is confidential and intended for the sole use of the individual(s) to whom it is addressed. Any further distribution or copying of this message is strictly prohibited. If you received this message in error, please notify the sender, and destroy the message (and attached files), immediately. BenefitPoint is not liable for any use or misuse contrary to these directions.




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org