You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Florian Lindner <ma...@xgm.de> on 2005/05/20 21:38:24 UTC

[users@httpd] SSL-Proxy

Hello,
since only SSL on the default vhost is possible I want to create a proxy for 
the other vhosts:

<VirtualHost *:443>
        ServerName centershock.net

        SSLEngine On
        SSLCertificateFile /etc/apache2/conf/ssl/server.crt
        SSLCertificateKeyFile /etc/apache2/conf/ssl/server.key

        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        ProxyPass /ssl/xgm.de http://xgm.de
        ProxyPassReverse /ssl/xgm.de http://xgm.de
</VirtualHost>

So the URL https://centershock.net/ssl/xgm.de/ should be the same like 
http://xgm.de only over SSL.

But this seem to be not correct. I get a 403 error (not allowed)

What is wrong?

Thanks,

Florian

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

[users@httpd] Re: SSL-Proxy

Posted by Florian Lindner <ma...@xgm.de>.

Am Sonntag, 22. Mai 2005 10:19 schrieb Joost de Heer:
> > <VirtualHost *:443>
> >         ServerName centershock.net
> >
> >         SSLEngine On
> >         SSLCertificateFile /etc/apache2/conf/ssl/server.crt
> >         SSLCertificateKeyFile /etc/apache2/conf/ssl/server.key
> >
> >         <Proxy *>
> >                 Order deny,allow
> >                 Allow from all
> >         </Proxy>
> >
> >         ProxyPass /ssl/xgm.de http://xgm.de
> >         ProxyPassReverse /ssl/xgm.de http://xgm.de
> > </VirtualHost>
> >
> > So the URL https://centershock.net/ssl/xgm.de/ should be the same like
> > http://xgm.de only over SSL.
> >
> > But this seem to be not correct. I get a 403 error (not allowed)
>
> <Proxy> doesn't need to be used for Reverse Proxies. You should remove it.

I have

         <Proxy *>
                 Order deny,allow
                 Allow from all
         </Proxy>

removed


> Does http://xgm.de work? I guess you've added a 'deny to all' to it to
> avoid people reaching it directly. But this also forbids the reverse proxy
> to reach it. Allow the IP address of the reverse proxy to reach that
> vhost.

http://xgm.de ist public available. (go ahead and check it out). The xgm.de 
ist pointing on the same machine and the vhost is running on the same 
machine.

Thanks,

Florian

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org