RE: SSLClient Browser -- Apache Proxypassreverse -- https://192.168.xxx.xxx
I'm not aware of any hints and tips for proxying SSL connections. I use this myself extensively, but we have a wildcard certificate from Thawte which helps. I believe that the connection between your real world server and your internal server will be persisent, ie it doesn't have to be renegotiated with every request. However, I've never ran ssldump or anything like that to check. I'm probably not curious enough. One hint I would give you is to make sure that cgi is disabled on the real world server. Otherwise you'll find that the outside scripts are executed if any, rather than the one inside. To do this, remove any ScriptAlias directives from the outside machine. However, if you need scripting on the outside machine, make sure the ScriptAlias differs on each machine (but you can still use the same directories on each machine if you wish). Also, I have yet to find a working method that allows name based hosting on the inside host to work when name based hosting isn't used on the outside host. That means that currently every external site with a different IP address must have a direct connection to a single IP address inside. Of course, as you are using SSL you'll need to do that anyway. But this also applies to non-SSL sites. If you need any further help mail me off the list. I'll be happy to help. - John Airey Internet Systems Support Officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: SSLClient Browser -- Apache Proxypassreverse -- https://192.168.xxx.xxx
Hi, I have done something silimar: client - https - apache proxy - http - internal server - Original Message - From: Roy Preece [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 10, 2001 3:08 PM Subject: SSLClient Browser -- Apache Proxypassreverse -- https://192.168.xxx.xxx Hello All, After 2 weeks, I'm finally going to ask the question, sorry. I have seen this topic in many, many posts to this list and others and all of them seem to be without definitive answers. It must be me shrug!. I would like to set up SSL reverse proxying to my back end server on a private network I don't want the proxy server to decrypt and re-establish SSL to backend server. Just pass it straight through please, same as outgoing SSL connections. It should appear to the end user as if they have connected directly to the backend server via SSL including cert authentication. The big questions I have are Is anyone actually doing this? Where are the hints and tips? All pointers are gratefully accepted! On the proxy server I have. As fare I can see you are not using SSL in the virtual host. Change like: VirtualHost xxx.xxx.xxx.xxx:443 SSLEngine on SSLCertificateFile /... SSLCertificateKeyFile /... SSLSessionCache shm:/... SSLMutex sem ServerName www.mydomain.com.au ProxyPass / https://wwwsec.mydomain.com.au/ ProxyPassReverse / https://wwwsec.mydomain.com.au/ /VirtualHost Very Tired, Roy Preece. I think this have to help. Regards, Rossen Raykov _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]