On Fri, Apr 11, 2008 at 9:48 AM, Melanie Pfefer <[EMAIL PROTECTED]> wrote: > Hi everybody, > > I want to enable proxying from apache to a tomcat application running on ssl. > > Redirection is working: > RewriteRule /abc/ https://remoteserver:8443/abc/ [R=301,L] > > > But proxying is not: > RewriteRule /abc/ https://remoteserver:8443/abc/ [P,L] > > In redirection: > http://myapache/abc/ goes to https://remoteserver:8443/abc/ but this is > shown in the url which is not my intention. > > Any idea how to fix the proxying? > thanks
Apache can't proxy to https urls out of the box. You need to do some work. you need to add the following to your config. # turn on SSL proxying. SSLProxyEngine On # to tell Apache where to find CA certificates to check remote server certificates with: # (You can choose yourself where you put these certificates) SSLProxyCACertificatePath /path/to/ca/certificates. Then in this path you need to put the CA certificate(s) used to sign the certificate(s) used by the server(s) you communicate with. If you want to talk to a server that uses a "self signed" certificate you will need to put it in this dir too. Once you've done that you need to run c_rehash in that directory. c_rehash is part of a standard openssl distribution. c_rehash creates hashed aliases in this dir. Apache needs these. In order to test if everything is there you can do the following: openssl s_client -CApath /path/to/ca/certificates -connect remoteserver:8443 if the conenction succeeds just try to do a GET /abc/ and see if you get something. If all goes well it should work for apache also. Krist -- [EMAIL PROTECTED] [EMAIL PROTECTED] Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
