On Tue, 26 Mar 2002, Patrick Herborn wrote:
> I have been trying to configure the following setup:
>
> PRIVATE LAN | INTERNET
> |
> back_end <--HTTP--> Apache <--HTTPS--> Client
> |
> |
>
> Ie the Apache box is acting as a bastion host between the Internet and a
> private LAN segment. I have a valid cert and key on the Apache box, and SSL
> negotiation works fine. I also have the whole thing working with pure HTTP (no
> SSL) but with both, ie running SSL to the Apache box, then plain HTTP to the
> back end, it breaks.
I assume that you have a virtual host defined on the Apache server with
the same name as the back_end. Use mod_rewrite's [P] flag to generate the
HTTP request to back_end. Use mod_proxy's ProxyPassReverse to capture the
response from back_end and return it to the client.
Re-read Ralph Engelshall's notes on mod_rewrite 3 or 4 times. It takes
time for what my grandmother would have called "jookery-pookery" to sink
in.
When I developed a system running Stronghold several years ago, I recall
running into problems with SSL (ssleay) until I realized that you needed
to simulate ProxyPass using mod_rwrite. I don't think this is a mod_ssl
problem. It's more of a problem of under which shell is the pea.
Merton Campbell Crockett
--
BEGIN: vcard
VERSION: 3.0
FN: Merton Campbell Crockett
ORG: General Dynamics Advanced Information Systems;
Intelligence Solutions
N: Crockett;Merton;Campbell
EMAIL;TYPE=internet: [EMAIL PROTECTED]
TEL;TYPE=work,voice,msg,pref: +1(805)497-5045
TEL;TYPE=pager,msg: +1(877)528-0049
TEL;TYPE=fax,work: +1(805)497-5050
TEL;TYPE=cell,voice,msg: +1(805)377-6762
END: vcard
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
