Re: reverse proxying of ssl-UPDATE
Went to #apache and was received very nicely by the natives. They say the magic is in apache2 or latest mod_ssl of 1.3.26 i dl'd made and made installed it and voila. it does the trick...very very very nice... (have NOT tested IIS yet) Alex El mié, 19-06-2002 a las 16:43, Lance Levsen escribió: > > > I want this: > > > > ssl-certificate <--fw--> apache (whatever) reverse proxy <-->client > > holding IIS > > > > > > Is this possible?? For me to reverse proxy a ssl server??? I dont > > care if the proxy is accessed as http or https, i just want it to work > > this way... > > > > Alex > > Heh, funny this should come up. I'm in the process of figuring > it out myself. > > My setup is a bit different though: > > Multiple Apache Boxes <--> reverse proxy w/ redirector <--> > fw <-> client. > > Right now the fw port forwards 80 to the r.proxy, the redirector > rewrites the body of the request for the correct internal > machine. Obviously an ssl encrypted body can't be rewritten (or > parsed for that matter) so I have to decrypt it at the proxy. > > Squid 2.5 allows you to set https_port with a certificate. This > will encrypt the session between the client and the proxy. I'm > less worried about the internal network. The problem of course > lies in the redirector and the signed cert for the web sites. Do > I just get one signed for the proxy machine, or do I need > multiple certs for all the websites (and if so, can more then > one cert be assigned to the same port and will squid know which > to use?) > > Best case scenario is a single certificate authenticated to the > proxy box, for external connections. Chances are I'll end up > hoping that Squid 2.5 allows for multiple SSL certs on the same > port so then I can ssl all the websites off the proxy. > > Cheers, > > -- > Lance Levsen, > Systems Administrator, > PWGroup - Saskatoon > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: reverse proxying of ssl-UPDATE
Went to #apache and was received very nicely by the natives. They say the magic is in apache2 or latest mod_ssl of 1.3.26 i dl'd made and made installed it and voila. it does the trick...very very very nice... (have NOT tested IIS yet) Alex El mié, 19-06-2002 a las 16:43, Lance Levsen escribió: > > > I want this: > > > > ssl-certificate <--fw--> apache (whatever) reverse proxy <-->client > > holding IIS > > > > > > Is this possible?? For me to reverse proxy a ssl server??? I dont > > care if the proxy is accessed as http or https, i just want it to work > > this way... > > > > Alex > > Heh, funny this should come up. I'm in the process of figuring > it out myself. > > My setup is a bit different though: > > Multiple Apache Boxes <--> reverse proxy w/ redirector <--> > fw <-> client. > > Right now the fw port forwards 80 to the r.proxy, the redirector > rewrites the body of the request for the correct internal > machine. Obviously an ssl encrypted body can't be rewritten (or > parsed for that matter) so I have to decrypt it at the proxy. > > Squid 2.5 allows you to set https_port with a certificate. This > will encrypt the session between the client and the proxy. I'm > less worried about the internal network. The problem of course > lies in the redirector and the signed cert for the web sites. Do > I just get one signed for the proxy machine, or do I need > multiple certs for all the websites (and if so, can more then > one cert be assigned to the same port and will squid know which > to use?) > > Best case scenario is a single certificate authenticated to the > proxy box, for external connections. Chances are I'll end up > hoping that Squid 2.5 allows for multiple SSL certs on the same > port so then I can ssl all the websites off the proxy. > > Cheers, > > -- > Lance Levsen, > Systems Administrator, > PWGroup - Saskatoon > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]