Hi Jason
The reverse proxy entries should look something like
<VirtualHost *:80>
ServerAdmin michael.wech...@wyona.com
ServerName www.wechner.ch
ServerAlias wechner.ch
ErrorLog ${APACHE_LOG_DIR}/wechner.ch-error_log
CustomLog ${APACHE_LOG_DIR}/wechner.ch-access_log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =wechner.ch [OR]
RewriteCond %{SERVER_NAME} =www.wechner.ch
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
which means when you enter http://wechner.ch you will get redirected to
https://wechner.ch
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin michael.wech...@wyona.com
ServerName www.wechner.ch
ServerAlias wechner.ch
ErrorLog ${APACHE_LOG_DIR}/wechner.ch-error_log
CustomLog ${APACHE_LOG_DIR}/wechner.ch-access_log combined
ProxyPassReverseCookiePath /yanel /
ProxyPass / http://127.0.0.1:7070/yanel/wechner/
ProxyPassReverse / http://127.0.0.1:7070/yanel/wechner/
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/katerinaoliveros.com-0001/cert.pem
SSLCertificateKeyFile
/etc/letsencrypt/live/katerinaoliveros.com-0001/privkey.pem
SSLCertificateChainFile
/etc/letsencrypt/live/katerinaoliveros.com-0001/chain.pem
</VirtualHost>
and the virtual host config for 443 should contain the ProxyPass entries.
Actually certbot should do all of this for you automatically. Maybe you
can try the following
- Delete the virtual host config for 443/HTTPS
- Make sure the virtual host config for 80/HTTP without SSL works
- Run certbot
- When certbot asks you whether you want to redirct from HTTP to HTTPS,
then select yes
HTH
Michael
Am 19.04.21 um 14:26 schrieb Jason Long:
I created a Self-Signed SSL Certificate for Apache and changed my Apache
configuration file on Apache Reverse Proxy Server as below:
<VirtualHost *:80>
ServerName 192.168.56.9
ProxyPreserveHost On
ProxyPass / http://192.168.56.9/
ProxyPassReverse / http://192.168.56.9/
Redirect / https://192.168.56.9/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/selfsigned.crt
SSLCertificateKeyFile /etc/pki/tls/private/selfsigned.key
</VirtualHost>
But when I browse my Reverse Proxy Server IP, then it is HTTP and not HTTPS.
why?
It doesn't show
"https://www.tecmint.com/wp-content/uploads/2020/05/SSL-Certificate-Warning.png"
error too.
On Monday, April 19, 2021, 03:18:25 PM GMT+4:30, Nick Folino <n...@folino.us>
wrote:
http://httpd.apache.org/docs/2.4/ssl/
Nick
On Mon, Apr 19, 2021 at 6:37 AM Jason Long <hack3r...@yahoo.com.invalid> wrote:
Thank you.
On my Apache Reverse Proxy, I have a .conf as below:
# cat /etc/httpd/conf.d/reverse_proxy.conf
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://192.168.56.9/
ProxyPassReverse / http://192.168.56.9/
</VirtualHost>
And my website configuration file is on "192.168.56.9" server. Thus, if I setup
Let's Encrypt on my Apache Reverse Proxy Server, then I just need below lines in a
separate .conf file?
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin root@localhost
ServerName Example.example
ServerAlias www.Example.example
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log common
SSLEngine On
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/Example.example/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/Example.example/privkey.pem
</VirtualHost>
</IfModule>
About about self-signed certificate, could above file contain two separate
certification?
On Monday, April 19, 2021, 02:48:24 PM GMT+4:30, Michael Wechner
<michael.wech...@wyona.com> wrote:
Hi Jason
Definitely "Apache Reverse Proxy (Public IP)", whereas you could use for
example
https://letsencrypt.org/
https://certbot.eff.org/
Depending on how your connection between "Apache Reverse Proxy (Public
IP) ---> Web Site (Internal IP)" is protected, you might also want to
consider a self-signed certificate for "Web Site (Internal IP)"
HTH
Michael
Am 19.04.21 um 12:07 schrieb Jason Long:
Hello,
In below diagram, which server must use HTTPS certification?
The Internet ---> Apache Reverse Proxy (Public IP) ---> Web Site (Internal IP)
Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org