Have you tried curl --insecure -I -x ... ?
since curl probably doesn't trust your ssl-cert On Tue, 2018-04-10 at 11:29 +0200, Stefan Eissing wrote: > Does your curl report any answer from the Apache or does it just lose > the connection? Try 'curl -v -D - ...' maybe for more details. > > > Am 10.04.2018 um 11:12 schrieb Rajesh Cherukuri <rajec...@gmail.com > > >: > > > > HI > > > > i am not looking for end to end encryption , all i want to do is > > make apache a forwordproxy configured on SSL and accpect HTTPS and > > proxy the urls based on the ACL's' below is my Vhost configuration > > where i have a forward proxy which is configured to allow only to > > example.com > > > > when i disabled SSL everything works fine and i can proxy to http > > s://example.com below is the curl output , but when i have proxy > > configured as SSL the request seems to be failing > > > > SSL enabled -dosen't work > > > > curl -I -x https://172.16.130.2:443 https://example.com > > curl: (56) Proxy CONNECT aborted > > > > <VirtualHost 172.16.130.2:443> > > ProxyRequests On > > ProxyVia On > > SSLProxyEngine On > > SSLEngine On > > SSLProxyVerify none > > SSLCertificateFile /etc/pki/tls/certs/1.cert > > SSLCertificateKeyFile /etc/pki/tls/private1.key > > <Proxy "*"> > > <RequireAny> > > Require expr %{HTTP_HOST} =~ /^example.com:443$/ > > </RequireAny> > > </Proxy> > > </VirtualHost> > > > > > > SSL disabled -works fine > > > > > > curl -I -x http://172.16.135.4:8082 https://example.com > > HTTP/1.0 200 Connection Established > > Proxy-agent: Apache/2.4.6 (Red Hat Enterprise Linux) > > OpenSSL/1.0.2k-fips > > > > HTTP/1.1 200 OK > > Accept-Ranges: bytes > > Cache-Control: max-age=604800 > > Content-Type: text/html > > Date: Tue, 10 Apr 2018 09:08:37 GMT > > Etag: "1541025663+gzip" > > Expires: Tue, 17 Apr 2018 09:08:37 GMT > > Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT > > Server: ECS (lga/1318) > > X-Cache: HIT > > Content-Length: 1270 > > > > > > > > NON-SSL configuration > > Listen 172.16.130.2:80 > > > > <VirtualHost 172.16.130.2:80> > > > > ProxyRequests On > > ProxyVia On > > > > <Proxy "*"> > > <RequireAny> > > Require expr %{HTTP_HOST} =~ /^example.com:443$/ > > </Proxy> > > </VirtualHost> > > > > > > > > On Tue, Apr 10, 2018 at 9:34 AM, Stefan Eissing <stefan.eissing@gre > > enbytes.de> wrote: > > > > > > > Am 10.04.2018 um 10:24 schrieb Rajesh Cherukuri <rajecher@gmail.c > > > om>: > > > > > > hi > > > > > > thanks for the info , wanted to know if there is a way we can > > > configure SSL on a apache forword proxy so that the > > > communication between the client (browser) to the Proxy server is > > > encrypted > > > > Not sure what exactly you looking for. If you have: > > > > Browser <-c1-> Apache <-c2-> Backend > > > > where Apache acts as forward proxy, the both c1 and c2 can be TLS > > connections, e.g. encrypted. But that means that the data is > > unencrypted "inside" the Apache server. There is no end-to-end > > encryption between Browser and Backend. > > > > As for the TLS c2 connection setup, you have to specify "https:" > > for your proxied backend and can influence the setup with the > > various "SSLProxy*" directives. > > > > Cheers, > > > > Stefan > > ----------------------------------------------------------------- > > ---- > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
