This is to report a problem with Apache with mod_ssl and mod_proxy, and to request the community’s help in resolving it.
Objective: The objective is to set up Apache as a reverse proxy, to receive encrypted HTTPS traffic over the Internet and to convert it to HTTP and direct it to a web server through a firewall.
Problem: Apache seems to be redirecting traffic to the virtual hosts on the local filesystem correctly, but mod_proxy does not seem to send requests to remote URL (as specified by ProxyRemote directive below). SSL does display correct certificate from requesting browser.
Troubleshooting Steps Taken: Experimenting with the target URL (IP and hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) I have not been able to establish that proxy is doing anything at all.
Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well as statically linked in modules.
Here’s the system configuration:
Linux version 2.2.16-22smp
gcc version egcs-2.91.66
Server version: Apache/1.3.27 (Unix)
Compiled-in modules:
http_core.c
mod_env.c
mod_log_config.c
mod_mime.c
mod_negotiation.c
mod_status.c
mod_include.c
mod_autoindex.c
mod_dir.c
mod_cgi.c
mod_asis.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_access.c
mod_auth.c
mod_proxy.c
mod_setenvif.c
mod_ssl.c
OpenSSL 0.9.6g 9 August 2002
httpd.conf
AddModule mod_proxy.c
<IfModule mod_proxy.c>
ProxyRequests off
NoCache *
AllowCONNECT 443,80
<Directory />
Order Allow,Deny
Allow from All
</Directory>
ProxyRemote * http://1.2.3.4:85
</IfModule>
NameVirtualHost *
Listen *:443
<VirtualHost _default_:443>
SSLEngine on
ServerName www.mydomain.com
DocumentRoot /usr/local/apache/htdocs
ErrorLog logs/443-error_log
</VirtualHost>
Listen *:80
<VirtualHost *:80>
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /usr/local/apache/www
ServerName www1.mydomain.com
ErrorLog logs/80-error_log
</VirtualHost>
Can anyone see a conflict or omission in this configuration? Does anyone have these two modules working together in a reverse proxy scenario? Any help or suggestions would be appreciated.
Regards,
Hamid.