https://issues.apache.org/bugzilla/show_bug.cgi?id=53201
Priority: P2
Bug ID: 53201
Assignee: [email protected]
Summary: [PATCH] Improve docs describing a forward proxy config
to enable proxying SSL requests
Severity: normal
Classification: Unclassified
OS: All
Reporter: [email protected]
Hardware: All
Status: NEW
Version: 2.4-HEAD
Component: Documentation
Product: Apache httpd-2
Hi,
While setting up a forward proxy server in httpd-2.2.16, it wasn't
immediately obvious to me from reading docs that I needed to enable
mod_proxy_connect to enable the forward proxy to handle CONNECT
requests for proxying SSL traffic. Plus, the mod_ssl SSLProxyEngine
directive could easily be confused as a required component to enable a
forward proxy to properly proxy SSL requests.
Here are patches I've prepared for mod_ssl.xml and mod_proxy.xml to
add additional descriptive text to the <ProxyRequest> directive in
mod_proxy.xml and <SSLProxyEngine> directive in mod_ssl.xml. They are
applied to the latest versions of the docs in trunk.
Thanks,
Walter
wgoulet@ubuntu:~/apachepatch$ cat mod_ssl.xml.patch
--- mod_ssl.xml.trunk 2012-05-01 20:39:23.704643002 -0700
+++ mod_ssl.xml 2012-05-01 20:39:01.632624877 -0700
@@ -1736,7 +1736,7 @@
is usually used inside a <directive module="core"
type="section">VirtualHost</directive> section to enable SSL/TLS for proxy
usage in a particular virtual host. By default the SSL/TLS Protocol Engine is
-disabled for proxy image both for the main server and all configured
virtual hosts.</p>
+disabled for proxy image both for the main server and all configured
virtual hosts. Note that the SSLProxyEngine directive should not, in
general, be included in a virtual host that will be acting as a
forward proxy (using <Proxy> or <ProxyRequest> directives.
SSLProxyEngine is not required to enable a forward proxy server to
proxy SSL/TLS requests.</p>
<example><title>Example</title>
<highlight language="config">
<VirtualHost _default_:443>
wgoulet@ubuntu:~/apachepatch$ cat mod_proxy.xml.patch
--- mod_proxy.xml.trunk 2012-05-01 20:38:38.448808512 -0700
+++ mod_proxy.xml 2012-05-01 20:42:01.296343935 -0700
@@ -562,6 +562,9 @@
need also <module>mod_proxy_http</module> or
<module>mod_proxy_ftp</module>
(or both) present in the server.</p>
+ <p>In order to get the functionality of proxying HTTPS sites, you
+ need <module>mod_proxy_connect</module> enabled in the server.</p>
+
<note type="warning"><title>Warning</title>
<p>Do not enable proxying with <directive
module="mod_proxy">ProxyRequests</directive> until you have <a
wgoulet@ubuntu:~/apachepatch$
--
You are receiving this mail because:
You are the assignee for the bug.
