You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Chris Knight <Ch...@nasa.gov> on 2003/05/02 19:29:44 UTC
ProxyPass /foo https://foo.web.site
I've seen a bunch of discussions on the web wondering if Apache supports
reverse-proxying SSL web servers and no discussion on this mailing list.
Looking at the latest code it obviously doesn't support HTTPS reverse
proxying. There don't seem to be any feature requests in the bug
database either.
Would there be interest in adding support for reverse-proxying HTTPS?
Would there be technical/security issues with doing such? Obviously, the
reverse proxy server would have to have a list of valid certificate
authorities that it would use to establish the validity of the SSL
certificate of the server being reverse-proxied. I'm also assuming that
it's fairly trivial to access the OpenSSL client API and that
integrating it with Apache would also be trivial (it's already part of
mod_ssl, but would have to be separately linked with mod_proxy.)
What say you?
(Also, if anyone knows of an existing reverse proxy that can connect to
HTTPS on the backend and produce HTTP on the frontend, I would greatly
appreciate it!)
Re: ProxyPass /foo https://foo.web.site
Posted by Chris Knight <Ch...@nasa.gov>.
Allan Edwards wrote:
> Chris Knight wrote:
>
>> Correct me if I'm wrong, but I believe this only works if the Apache
>> server is running HTTPS on the front side...I would like to speak
>> HTTP to the client and HTTPS to the server.
>
>
> No, it lets you talk SSL on the backend. You don't need this
> directive to talk SSL on the front end (with non SSL on the backend).
Ah yes, you're right! The documentation only gives an SSL frontend
example. Thanks! (The below directives work great.)
<VirtualHost *>
ProxyPass /proxy https://foo.bar.com/
SSLProxyEngine on
</VirtualHost>
Re: ProxyPass /foo https://foo.web.site
Posted by Allan Edwards <ak...@us.ibm.com>.
Chris Knight wrote:
> Correct me if I'm wrong, but I believe this only works if the Apache
> server is running HTTPS on the front side...I would like to speak HTTP
> to the client and HTTPS to the server.
No, it lets you talk SSL on the backend. You don't need this
directive to talk SSL on the front end (with non SSL on the backend).
Allan
Re: ProxyPass /foo https://foo.web.site
Posted by Chris Knight <Ch...@nasa.gov>.
Allan Edwards wrote:
> Chris Knight wrote:
>
>> Would there be interest in adding support for reverse-proxying HTTPS?
>
> Does the SSLProxyEngine directive in 2.0 not do what you want?
Correct me if I'm wrong, but I believe this only works if the Apache
server is running HTTPS on the front side...I would like to speak HTTP
to the client and HTTPS to the server.
Re: ProxyPass /foo https://foo.web.site
Posted by Allan Edwards <ak...@us.ibm.com>.
Chris Knight wrote:
> Would there be interest in adding support for reverse-proxying HTTPS?
Does the SSLProxyEngine directive in 2.0 not do what you want?
Allan