May 5
to enable all Apache SSL modules.
After this I appended the following code in the file
/etc/apache2/sites-available/default-ssl
Since I was re-directing to a secure server, I faced two errors:
The main reasons being, first I had forgotten to add the
SSLProxyEngine parameter to the configuration.
Secondly, when apache acts as a proxy, it acts like a client
requesting over SSL. Hence it needs the server certificate (PEM
encoded) to do a successful handshake.
Using openSSL,
Copied the encoded content from -----BEGIN CERTIFICATE----- & -----END
CERTIFICATE----- , saved it to cacerts.crt.
After this apache started serving SSL access to remote server via proxy.
Apache2 reverse proxy with SSL
Following up on the last post, here I am outlining how to make reverse
proxy work with SSL,
$ sudo a2enmod ssl*
to enable all Apache SSL modules.
After this I appended the following code in the file
/etc/apache2/sites-available/default-ssl
AddDefaultCharset off Order deny,allow Allow from all SSLProxyEngine on SSLProxyCACertificateFile /etc/apache2/cacerts.crt ProxyPass /abc https://xxx.xxx.xx.xx:4400/abc ProxyPassReverse /abc https://xxx.xxx.xx.xx:4400/abc ProxyVia off
Since I was re-directing to a secure server, I faced two errors:
[error] [client xxx.xxx.xx.xx] SSL Proxy requested for 127.0.1.1:443 but not enabled [Hint: SSLProxyEngine] [error] proxy: HTTPS: failed to enable ssl support for xxx.xxx.xx.xx:4400 (xxx.xxx.xx.xx)
The main reasons being, first I had forgotten to add the
SSLProxyEngine parameter to the configuration.
Secondly, when apache acts as a proxy, it acts like a client
requesting over SSL. Hence it needs the server certificate (PEM
encoded) to do a successful handshake.
Using openSSL,
openssl s_client -connect xxx.xxx.xx.xx:4400 -showcerts
Copied the encoded content from -----BEGIN CERTIFICATE----- & -----END
CERTIFICATE----- , saved it to cacerts.crt.
After this apache started serving SSL access to remote server via proxy.
