You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Chris Knight <Ch...@nasa.gov> on 2003/05/02 19:29:44 UTC

ProxyPass /foo https://foo.web.site

I've seen a bunch of discussions on the web wondering if Apache supports 
reverse-proxying SSL web servers and no discussion on this mailing list. 
Looking at the latest code it obviously doesn't support HTTPS reverse 
proxying. There don't seem to be any feature requests in the bug 
database either.

Would there be interest in adding support for reverse-proxying HTTPS? 
Would there be technical/security issues with doing such? Obviously, the 
reverse proxy server would have to have a list of valid certificate 
authorities that it would use to establish the validity of the SSL 
certificate of the server being reverse-proxied. I'm also assuming that 
it's fairly trivial to access the OpenSSL client API and that 
integrating it with Apache would also be trivial (it's already part of 
mod_ssl, but would have to be separately linked with mod_proxy.)

What say you?

(Also, if anyone knows of an existing reverse proxy that can connect to 
HTTPS on the backend and produce HTTP on the frontend, I would greatly 
appreciate it!)

Re: ProxyPass /foo https://foo.web.site

Posted by Chris Knight <Ch...@nasa.gov>.

Allan Edwards wrote:

> Chris Knight wrote:
>
>> Correct me if I'm wrong, but I believe this only works if the Apache 
>> server is running HTTPS on the front side...I would like to speak 
>> HTTP to the client and HTTPS to the server.
>
>
> No, it lets you talk SSL on the backend. You don't need this
> directive to talk SSL on the front end (with non SSL on the backend).

Ah yes, you're right! The documentation only gives an SSL frontend 
example. Thanks! (The below directives work great.)

<VirtualHost *>
ProxyPass /proxy https://foo.bar.com/
SSLProxyEngine on
</VirtualHost>

Re: ProxyPass /foo https://foo.web.site

Posted by Allan Edwards <ak...@us.ibm.com>.

Chris Knight wrote:
> Correct me if I'm wrong, but I believe this only works if the Apache 
> server is running HTTPS on the front side...I would like to speak HTTP 
> to the client and HTTPS to the server.

No, it lets you talk SSL on the backend. You don't need this
directive to talk SSL on the front end (with non SSL on the backend).

Allan

Re: ProxyPass /foo https://foo.web.site

Posted by Chris Knight <Ch...@nasa.gov>.

Allan Edwards wrote:

> Chris Knight wrote:
>
>> Would there be interest in adding support for reverse-proxying HTTPS? 
>
> Does the SSLProxyEngine directive in 2.0 not do what you want?

Correct me if I'm wrong, but I believe this only works if the Apache 
server is running HTTPS on the front side...I would like to speak HTTP 
to the client and HTTPS to the server.

Re: ProxyPass /foo https://foo.web.site

Posted by Allan Edwards <ak...@us.ibm.com>.

Chris Knight wrote:
> Would there be interest in adding support for reverse-proxying HTTPS? 

Does the SSLProxyEngine directive in 2.0 not do what you want?

Allan