HI i am not looking for end to end encryption , all i want to do is make apache a forwordproxy configured on SSL and accpect HTTPS and proxy the urls based on the ACL's' below is my Vhost configuration where i have a forward proxy which is configured to allow only to example.com
when i disabled SSL everything works fine and i can proxy to https://example.com below is the curl output , but when i have proxy configured as SSL the request seems to be failing *SSL enabled -dosen't work * curl -I -x https://172.16.130.2:443 <https://172.16.130.2/> ht tps://example.com *curl: (56) Proxy CONNECT aborted* <VirtualHost 172.16.130.2:443> ProxyRequests On ProxyVia On SSLProxyEngine On SSLEngine On SSLProxyVerify none SSLCertificateFile /etc/pki/tls/certs/1.cert SSLCertificateKeyFile /etc/pki/tls/private1.key <Proxy "*"> <RequireAny> Require expr %{HTTP_HOST} =~ /^example.com:443$/ </RequireAny> </Proxy> </VirtualHost> *SSL disabled -works fine * curl -I -x http://172.16.135.4:8082 *https://example.com <https://example.com>* HTTP/1.0 200 Connection Established Proxy-agent: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips *HTTP/1.1 200 OK* Accept-Ranges: bytes Cache-Control: max-age=604800 Content-Type: text/html Date: Tue, 10 Apr 2018 09:08:37 GMT Etag: "1541025663+gzip" Expires: Tue, 17 Apr 2018 09:08:37 GMT Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT Server: ECS (lga/1318) X-Cache: HIT Content-Length: 1270 *NON-SSL configuration * Listen 172.16.130.2:80 <http://172.16.130.2:443/> <VirtualHost 172.16.130.2:80 <http://172.16.130.2:443/>> ProxyRequests On ProxyVia On <Proxy "*"> <RequireAny> Require expr %{HTTP_HOST} =~ /^example.com:443$/ </Proxy> </VirtualHost> On Tue, Apr 10, 2018 at 9:34 AM, Stefan Eissing < stefan.eiss...@greenbytes.de> wrote: > > > > Am 10.04.2018 um 10:24 schrieb Rajesh Cherukuri <rajec...@gmail.com>: > > > > hi > > > > thanks for the info , wanted to know if there is a way we can configure > SSL on a apache forword proxy so that the communication between the > client (browser) to the Proxy server is encrypted > > Not sure what exactly you looking for. If you have: > > Browser <-c1-> Apache <-c2-> Backend > > where Apache acts as forward proxy, the both c1 and c2 can be TLS > connections, e.g. encrypted. But that means that the data is unencrypted > "inside" the Apache server. There is no end-to-end encryption between > Browser and Backend. > > As for the TLS c2 connection setup, you have to specify "https:" for your > proxied backend and can influence the setup with the various "SSLProxy*" > directives. > > Cheers, > > Stefan > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
