I have a Linux host running Apache and a Windows host running IIS. I have a domain that points to the Linux host and need to relay (proxy) requests for it to IIS; I thus have the following virtual host definition in Apache (which works just fine):
<VirtualHost 192.168.0.2:80> ServerName www.acme.com DocumentRoot /var/www/acme.com RewriteEngine On RewriteOptions Inherit RewriteRule ^/(.*) http://win.acme.com/$1 [P] </VirtualHost>
now I want to add SSL support; the definition becomes:
<VirtualHost 192.168.0.2:443> ServerName www.acme.com DocumentRoot /var/www/acme.com GnuTLSEnable On GnuTLSPriorities NORMAL:%COMPAT GnuTLSCertificateFile /var/www/ssl/www.acme.com.crt GnuTLSKeyFile /var/www/ssl/www.acme.com.key RewriteEngine On RewriteOptions Inherit RewriteRule ^/(.*) https://win.acme.com/$1 [P] </VirtualHost>
I have valid and trusted certificates on both web servers and if I visit https://win.acme.com
all is well, however, when I visit https://www.acme.com
I get a 500 Internal Server Error message. A peek at the error logs shows:
[Wed Jul 20 08:35:34 2011] [error] [client 76.168.166.70] SSL Proxy requested for www.wileybits.com:80 but not enabled [Hint: SSLProxyEngine] [Wed Jul 20 08:35:34 2011] [error] proxy: HTTPS: failed to enable ssl support for 74.166.186.70:443 (win.acme.com)
do notice that the proxy request seems to be for the wrong domain (wileybits)... the domain it shows is also hosted by my Apache server but I don't get why it shows up in the logs of acme.com (a reverse DNS lookup perhaps?)
in any case, what am I missing?
thanks in advance - ekkis
p.s. host names and addresses have been altered to protect the innocent :)
* update *
with:
RewriteRule ^/(.*) https://win.acme.com/$1 [R,L]
it seems to work fine, but of course, the Windows' hostname becomes visible, which is not acceptable in my scenario
I also tried (instead of mod_rewrite):
ProxyRequests Off ProxyPass / https://win.acme.com/
but same error
SSL proxy is any proxy server that uses the Secure Socket Layer (SSL) protocol, also known as SSL proxy server. SSL proxy performs encryption and decryption between the client and the server, without either of them being able to detect the proxy's presence.
Is there a way a proxy server can read HTTPS? If the administrator of your computer cooperates, it is possible for a proxy server to sniff https connections. This is used in some companies in order to scan for viruses and to enforce guidelines of acceptable use.
HTTPS proxies were invented to ensure communication with end-to-end security. In this flow, the client sends a special request to the proxy with the CONNECT verb. The proxy builds an opaque tunnel by connecting to the requested server using TCP and nothing else.
Go to Proxy > Proxy Settings. In the Proxies tab enter 8888 in the HTTP Proxy Port field. Go to Proxy > SSL Proxying Settings. Click the SSL Proxying tab and check the Enable SSL Proxying checkbox to configure a location.
figured it out... apparently I can do this:
SSLProxyEngine On RequestHeader set Front-End-Https "On" ProxyPass / https://win.acme.com/ ProxyPassReverse / https://win.acme.com/ CacheDisable *
and it works just fine!
[the solution came from mikeg's posting on 3cx.org]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With