Re: [users@httpd] single SSL proxy to multiple non-SSL name-based hosts

Fri, 18 Mar 2011 07:51:37 -0700 

On Fri, Mar 18, 2011 at 2:40 PM, Alex Duckers <alex.duck...@gmail.com> wrote:
> Hi All - I imagine this is fairly common, but I've had trouble making it work.
> I'm on RHEL 5.4, with Apache/2.2.3.
>
> I've got two sites to deal with, sitea.company.com and siteb.company.com.
> I've set up DNS for each of these to resolve the same ip address.
> I have an Apache server listening on that IP address.
>
> I'd like that apache server to do the following:
>        * take requests for HTTPS://sitea.company.com, terminate SSL, and 
> proxy the HTTP to an internal server called sitea.internal.net.
>        * take requests for HTTPS://siteb.company.com, terminate SSL, and 
> proxy the HTTP to an internal server called siteb.internal.net.
>
> Both names can use the same SSL certificate; I'll probably get a wildcard 
> cert for this.
>
> I was able to make it work for a single site with a very basic config, adding 
> ProxyPass and ProxyPass reverse to the httpd.conf file.  But this sends 
> everything to that single host.  When I try to break it out with 
> virtualhosts, it either isn't terminating SSL properly, or doesn't PROXY 
> properly.
>
> I'm sure I'm missing something pretty simple.  Anyone have a recipe for this?
>
> Thanks
>
>

NameVirtualHost *:443
<VirtualHost *:443>
  ServerName a.company.com
  SSLEngine On
  SSLCertificateFile /path/to/star.company.com/apache.crt
  SSLCertificateKeyFile /path/to/star.company.com/apache.key
  SSLCACertificateFile /path/to/star.company.com/ca.crt
  ProxyPass / http://a.company.com/
  ProxyPassReverse / http://a.company.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName b.company.com
  SSLEngine On
  SSLCertificateFile /path/to/star.company.com/apache.crt
  SSLCertificateKeyFile /path/to/star.company.com/apache.key
  SSLCACertificateFile /path/to/star.company.com/ca.crt
  ProxyPass / http://b.company.com/
  ProxyPassReverse / http://b.company.com/
</VirtualHost>

Cheers

Tom

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to