: Apache HTTPS ProxyPass certificate location I'm trying to set up an Apache server that uses ProxyPass to pass HTTPS requests on to another server. Let's call the proxy server ALPHA and the target

Posted in: #Apache #Apache2 #Https #Proxy

I'm trying to set up an Apache server that uses ProxyPass to pass HTTPS requests on to another server.

Let's call the proxy server ALPHA and the target server BETA.

ALPHA does not run HTTPS, but BETA does.

I first tried using this virtual host specification on ALPHA:

<VirtualHost *:443>
ServerName mysite.com
ProxyPass / 192.168.1.105/ # BETA's IP address
ProxyPassReverse / 192.168.1.105/ # BETA's IP address
ProxyPreserveHost On
ProxyTimeout 600

SSLProxyEngine On
RequestHeader set Front-End-Https "On"
CacheDisable *
</VirtualHost>

But when I tried this, Apache complained saying, "[error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]".

I had to copy the SSL certificate from BETA to ALPHA and add these lines to the virtual host specification on ALPHA:

SSLEngine on
SSLCertificateKeyFile /usr/local/ssl/private/BETA_private.key
SSLCertificateFile /usr/local/ssl/crt/BETA_public.crt
SSLCertificateChainFile /usr/local/ssl/crt/BETA_intermediate.crt

Now the system works. But I have a feeling that I have done something wrong or unnecessary. I have the web site's private key and certificate lying on both ALPHA and BETA. Is that necessary? Should I have done it differently?

10.01% popularity Vote Up Vote Down

: Set permissions for files uploaded to Apache's web directory via FTP on the Rapsberry Pi I just set up an Apache web server on my Raspberry Pi, along with MySQL and PHP5. To upload files

@Smith883

Posted in: #Apache #Ftp #Linux

0 Comments

: How to embed woff fonts for iframe source pages? I am trying to make and embed a slideshow (of text, photo, audio, video, etc) in my site (HTML5) by loading webpages consecutively inside an

@Smith883

Posted in: #Iframe

1 Comments

: Server flooded with Wordpress login requests. Need advice Recently I was looking at the nginx access logs and found on 2 ocassions a large ammount of requests pointed towards my WP login page.

@Smith883

Posted in: #Nginx #Security #Wordpress

1 Comments

: How to make Google consider subdomain as part of the main website in SEO? I have a well ranked website on Google and Bing. In the last few months I've been feeding a blog for my webpage

@Smith883

Posted in: #Blog #Domains #Google #Seo #Subdomain

1 Comments

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

@Murray155

Looks like you are encrypting the traffic twice - once over WAN and another time over LAN. Normally, the reverse proxy would be set up as the SSL termination point as it is usually unnecessary to encrypt the traffic over a secure LAN connection.

From your Apache configuration, the reverse proxy (Server ALPHA) is connecting to the web server (Server BETA) via a private IP address (192.168.1.105). I would assume that the reverse proxy is accessed by a hostname found in the SSL certificate.

For SSL to work properly for users connecting over WAN, the cert, key and keychain would need to be installed on the reverse proxy (Server ALPHA). As for the web server (Server BETA), if your users are not connecting directly to it, there is no need to install a valid SSL cert.

10% popularity Vote Up Vote Down

Feed

: Apache HTTPS ProxyPass certificate location I'm trying to set up an Apache server that uses ProxyPass to pass HTTPS requests on to another server. Let's call the proxy server ALPHA and the target

More posts by @Smith883

: Set permissions for files uploaded to Apache's web directory via FTP on the Rapsberry Pi I just set up an Apache web server on my Raspberry Pi, along with MySQL and PHP5. To upload files

: How to embed woff fonts for iframe source pages? I am trying to make and embed a slideshow (of text, photo, audio, video, etc) in my site (HTML5) by loading webpages consecutively inside an

: Server flooded with Wordpress login requests. Need advice Recently I was looking at the nginx access logs and found on 2 ocassions a large ammount of requests pointed towards my WP login page.

: How to make Google consider subdomain as part of the main website in SEO? I have a well ranked website on Google and Bing. In the last few months I've been feeding a blog for my webpage

Login to post a comment!

1 Comments

Back to top | Use Dark Theme