Does your curl report any answer from the Apache or does it just lose the connection? Try 'curl -v -D - ...' maybe for more details.
> Am 10.04.2018 um 11:12 schrieb Rajesh Cherukuri <rajec...@gmail.com>: > > HI > > i am not looking for end to end encryption , all i want to do is make apache > a forwordproxy configured on SSL and accpect HTTPS and proxy the urls based > on the ACL's' below is my Vhost configuration where i have a forward proxy > which is configured to allow only to example.com > > when i disabled SSL everything works fine and i can proxy to > https://example.com below is the curl output , but when i have proxy > configured as SSL the request seems to be failing > > SSL enabled -dosen't work > > curl -I -x https://172.16.130.2:443 https://example.com > curl: (56) Proxy CONNECT aborted > > <VirtualHost 172.16.130.2:443> > ProxyRequests On > ProxyVia On > SSLProxyEngine On > SSLEngine On > SSLProxyVerify none > SSLCertificateFile /etc/pki/tls/certs/1.cert > SSLCertificateKeyFile /etc/pki/tls/private1.key > <Proxy "*"> > <RequireAny> > Require expr %{HTTP_HOST} =~ /^example.com:443$/ > </RequireAny> > </Proxy> > </VirtualHost> > > > SSL disabled -works fine > > > curl -I -x http://172.16.135.4:8082 https://example.com > HTTP/1.0 200 Connection Established > Proxy-agent: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips > > HTTP/1.1 200 OK > Accept-Ranges: bytes > Cache-Control: max-age=604800 > Content-Type: text/html > Date: Tue, 10 Apr 2018 09:08:37 GMT > Etag: "1541025663+gzip" > Expires: Tue, 17 Apr 2018 09:08:37 GMT > Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT > Server: ECS (lga/1318) > X-Cache: HIT > Content-Length: 1270 > > > > NON-SSL configuration > Listen 172.16.130.2:80 > > <VirtualHost 172.16.130.2:80> > > ProxyRequests On > ProxyVia On > > <Proxy "*"> > <RequireAny> > Require expr %{HTTP_HOST} =~ /^example.com:443$/ > </Proxy> > </VirtualHost> > > > > On Tue, Apr 10, 2018 at 9:34 AM, Stefan Eissing > <stefan.eiss...@greenbytes.de> wrote: > > > > Am 10.04.2018 um 10:24 schrieb Rajesh Cherukuri <rajec...@gmail.com>: > > > > hi > > > > thanks for the info , wanted to know if there is a way we can configure SSL > > on a apache forword proxy so that the communication between the client > > (browser) to the Proxy server is encrypted > > Not sure what exactly you looking for. If you have: > > Browser <-c1-> Apache <-c2-> Backend > > where Apache acts as forward proxy, the both c1 and c2 can be TLS > connections, e.g. encrypted. But that means that the data is unencrypted > "inside" the Apache server. There is no end-to-end encryption between Browser > and Backend. > > As for the TLS c2 connection setup, you have to specify "https:" for your > proxied backend and can influence the setup with the various "SSLProxy*" > directives. > > Cheers, > > Stefan > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
