Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Apache proxypass https to https

Tags:

proxy

https

ssl

apache

here is what I tired to do:

  1. browser -internet-> https(Apache proxypass)-intranet->(Apache https)
  2. both Apaches are installed the ssl certs.(startssl wide card,not self-signed)

Apache error log:

[client 192.168.2.157] SSL Proxy requested for test.xxx.com:443 but not enabled [Hint: SSLProxyEngine]

[error] proxy: HTTPS: failed to enable ssl support for 192.168.2.157:443 (test.xxx.com)

Then I tried use apache(on the internet) proxy to https://google.com and the error log is the same.

However,https to http works. browser -internet-> https(Apache proxypass)-intranet->(Apache http)

My config:

<VirtualHost  *:443>
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/xxx_com.crt
    SSLCertificateKeyFile /etc/apache2/ssl/xxx_com.key
    SSLCertificateChainFile /etc/apache2/ssl/sub.class2.server.ca.pem
    ProxyPreserveHost On
    ProxyRequests Off
    ProxyVia Off
    AllowEncodedSlashes NoDecode
    <Proxy *>
    Order deny,allow
    Allow from all
    </Proxy>
    ProxyPass  /       https://2w.xxx.com/
    ProxyPassReverse   /       https://2w.xxx.com/
    ServerName test.xxx.com
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"
    ErrorLog "/var/log/apache2/error-ssl.log"
</VirtualHost>

OR:

<VirtualHost  *:443>
    ProxyPass  /       https://google.com/
    ProxyPassReverse   /       https://google.com/
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/xxx_com.crt
    SSLCertificateKeyFile /etc/apache2/ssl/xxx_com.key
    SSLCertificateChainFile /etc/apache2/ssl/sub.class2.server.ca.pem
    ServerName test.xxx.com
</VirtualHost>

Seems like it's not possible for apache to handle https to https? if apache does not support this how about nginx?

like image 656
Uni Zhu Avatar asked Aug 28 '15 04:08

Uni Zhu

People also ask

What is ProxyPass and ProxyPassReverse in Apache?

ProxyPassReverse will intercept those headers, and rewrite them to match the Apache proxy server. ProxyPass will create a reverse proxy. A reverse proxy (or gateway), appears to the client just like an ordinary web server. The client makes ordinary requests for content in the namespace of the reverse proxy.

What is forward proxy in Apache?

An ordinary forward proxy is an intermediate server that sits between the client and the origin server. In order to get content from the origin server, the client sends a request to the proxy naming the origin server as the target. The proxy then requests the content from the origin server and returns it to the client.

What is the use of ProxyPass?

ProxyPass is the main proxy configuration directive. In this case, it specifies that everything under the root URL ( / ) should be mapped to the backend server at the given address.

1 Answers

You should set "SSLProxyEngine On". The following is my example that may give you any idea.

<VirtualHost *:443>
    SSLEngine On
    SSLProxyEngine On
    ServerName my.example.com:443
    SSLCertificateFile "${SRVROOT}/conf/ssl/example.pem"
    SSLCertificateKeyFile "${SRVROOT}/conf/ssl/example.key"
    ErrorLog "|bin/rotatelogs.exe -l /var/logs/apache/example/error.%Y-%m-%d.log 86400"
    CustomLog "|bin/rotatelogs.exe -l /var/logs/apache/example/ssl_request.%Y-%m-%d.log 86400" \
        "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

    ProxyRequests Off
    ProxyPass / https://www.google.com/
    <Location />
        ProxyPassReverse /

        Options FollowSymLinks
        Require all granted
    </Location>   
</VirtualHost>
like image 165
Neo Chen Avatar answered Sep 21 '22 02:09

Neo Chen
Sign in to Comment

Related questions

Permissions set to 777 and file still not writeable
How to manage Tomcat 6 libraries into subfolders under %TOMCAT_HOME%/lib?
Performance-oriented way to protect files on PHP level?
Cannot connect to MySQL through PHP
static file with mod_wsgi in django
Apache ErrorDocument with absolute path
Prevent direct access to mp3/wav files while allowing a flash player to access them with .htaccess (or PHP)
Should I get Apache with no ssl or with open ssl? Can someone tell me what ssl is exactly?
How to secure an Amazon S3 URL
Apache historical connections log
svn: Repository moved temporarily to 'main'; please relocate
apache global basic auth
express.js sessions with reverse proxy
Apache2 Won't Start
RewriteCond check if directory exists with an index file
Can somebody please help me to avoid internal server error | htaccess | apache2ctl | backtrack
vagrant host name with port number does not execute php file
Where to put website files in Bitnami LAMP Ubuntu server
How to get a unique PC ID from a web browser
edit conf file in docker file

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!