For testing purposes, I'm using a self-signed sert on the proxy server
for the initial redirection, then the proxy server acts as a SSL
client for all proxied requests that are handed off to the app server
which is listening on port 8050 (SSL) using a real certificate.

I copied the real cert file to the proxy server and put it in a file
called cacerts.crt and added the directive shown below to the
httpd.conf file:

SSLProxyCACertificateFile conf/cacerts.crt

In this configuration, the proxy server can be configured to be a SSL
client for many sites each having their own cert.

My problem is getting the proxy server configured so that mod_proxy
and mod_rewrite do their job for the URLs on the app server that are
below the root level and incorporate multiple levels of directories in
the URL. It all works great for foor-level URL's.

I hope I answered your question. Now if someone could help me answer mine...

-=jeff


On 9/28/06, John king <[EMAIL PROTECTED]> wrote:
Where is your server cert installed? If it is installed on the reverse proxy
server, do you decrypte the incoming HTTPS
traffic and re-encrypte it again in the proxy server before sending it to
the next host?


On 9/28/06, Jeff DeFord <[EMAIL PROTECTED]> wrote:
> Not sure if that would work since all requests are HTTPS...
> Can you elaborate?
>
> Here are the modules I compiled in when I built Apache:
> # ./httpd -l
> Compiled in modules:
>   core.c
>   mod_access.c
>   mod_auth.c
>   mod_log_config.c
>   mod_headers.c
>   mod_setenvif.c
>   mod_proxy.c
>   proxy_connect.c
>   proxy_ftp.c
>   proxy_http.c
>   mod_ssl.c
>   prefork.c
>   http_core.c
>   mod_mime.c
>   mod_status.c
>   mod_dir.c
>   mod_rewrite.c
>   mod_so.c
>
>
> On 9/27/06, Jim BAO <[EMAIL PROTECTED]> wrote:
> > Did you try HTTP Connect?
> >
> > >>> [EMAIL PROTECTED] 9/27/2006 10:35 AM >>>
> > All:
> >
> > I have some questions regarding the way to implement
> > Apache as a reverse proxy server using mod_rewrite in order to mask the
> > real
> > URLs. Users will connect to the proxy, then the proxy will connect to
> > the real server that is listening on port 8050 (SSL)
> >
> >
> > So far this is what I have working:
> >
> > Proxy server listining on port 80 and on 443 and I am
> > using a rewrite rule to force a rediect to 443 only as shown below:
> >
> >  ## Redirect all incoming HTTP requests to HTTPS locally before
> > proxying.
> >  RewriteRule ^/(.*) https://proxy.server.com/$1 [R,L]
> >
> > This works just as expected as my initial http connection gets forced
> > to https.
> >
> > Then I have the following proxy statements set up as shown below for
> > the default SSL virtual host on the proxy server:
> >
> >  ProxyRequests     Off
> >  SSLProxyEngine    On
> >  SSLProxyCACertificateFile conf/cacerts.crt
> >  ProxyPreserveHost On
> >  ProxyPass         / https://real.server.com:8050/
> >  ProxyPassReverse  / https://real.server.com:8050/
> >
> > This all works great for all of the base URLs on the root level. The
> > home
> > page URLs on the real server get rewritten and appear to have
> > originated from the proxy server when I mouse over or
> > click on a root-level URL.
> >
> > However, any URL with a subdirectory below the root level on the real
> > server does not get rewritten and the real URL (the complete URL on
> > the real server including the port number 8050) is visible on the
> > proxied web page.
> >
> > Now, how do go I about getting this to work for all of the URLs with
> > subdirectories? I have read through the documentation and I am stuck.
> >
> > Do I need rewrite rules for each URL that has a subdirectly below the
> > root with a subsequent ProxyPass and ProxyPassReverse statement?
> >
> > Do my rewrite rules need to use the proxy flag [P]? Or will they work
> > once written to mimic the root-level rules?
> >
> > Many thanks in advance for any help that you may provide....
> >
> >
> > -=jeff
> >
> >
---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
> > Project.
> > See <URL: http://httpd.apache.org/userslist.html> for
more info.
> > To unsubscribe, e-mail:
[EMAIL PROTECTED]
> >   "   from the digest:
[EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server
Project.
> > See <URL: http://httpd.apache.org/userslist.html> for
more info.
> > To unsubscribe, e-mail:
[EMAIL PROTECTED]
> >   "   from the digest:
[EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL: http://httpd.apache.org/userslist.html> for
more info.
> To unsubscribe, e-mail:
[EMAIL PROTECTED]
>    "   from the digest:
[EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to