Hello Jim,
Thanks for the warning!
In my case the HTTP traffic is only between the reverse proxy and a virtual
machine running on the same host.
With my knowledge the traffic can only be intercepted when someone breaks into
my system. It's a personal cloud service and I don't think many people
With regard to:
reverse proxy --> HTTP --> back-end server
and in respect to the sensitivity of your requests and responses, you
might want to consider any security implications or if this violates any
compliance requirements depending on the proximity of your proxy to your
back-end server. It'
Hello Jim,
Thanks for your answer / clarification!
It's now clear to me! And it's good to know that I set-up my servers correctly
:-)!
Jeroen
Support the independent web, use
[Firefox](https://www.mozilla.org/en-US/firefox/new/)
‐‐
Hello Dino / HTH,
Thank you for your very elaborate answer!!
Your 'diagram' made it very clear!
Clients --> INTERNET --> Apache httpd reverse proxy (answer to HTTPS requests
made by your clients) --> Your internal backend(s) (answer to HTTPS requests
coming from your proxy).
It's also good to
You absolutely want SSL certificates installed on your public facing
proxy... signed by a well trusted CA if you want the rest of the world
to trust your proxy.
If you want your proxy to communicate encrypted to your back end/private
web server then you need an SSL certificate on the back end.
O
Apache httpd works at layer 7 (HTTP/HTTPS).
You CANNOT have a reverse proxy at layer 4 with apache httpd where the X509
certificates are only needed on your backends (like HAProxy does).
Clients --> INTERNET --> Apache httpd reverse proxy (answer to HTTPS requests
made by your clients) --> Your
Thanks, great to know that it is possible!
You write that you need to install the SSL certificates on both the reverse
proxy and in the virtual machine (or another local server)?
Is that really necessary? I try to avoid duplication whenever that is possible.
Do you have an example set-up somewhe
Ah, thanks, so it is possible!
I thought it wasn't possible (but hoped it would be) because the reverse proxy
could be seen as a 'man in the middle attach'.
But great to know that it is possible!
What is the minimal configuration for such a setup?
You need the directives ProxyPass, ProxyPassRev
My question:Would it have been possible to install the SSL certificates in the
virtual machines?
YES. It's possibile to send Internet HTTPS traffic to an internal HTTPS
service behind apache httpd as a reverse proxy.
You eventally need to install same SSL certificates (but you don't have
You can just do that. I have also certs behind a reverse proxy. My whole
'virtual/internal' applications in containers is running with my own CA
certificates and on the reverse proxy I have some certs from known CA's
Specific for this setup is a proxy protocol, that informs the public ip
address
10 matches
Mail list logo