Entry

how to: get apache proxypass working with ssl

their seems to be alot of documentation on apaches proxy module. Yet i was unable to find anything that worked to get a ssl to ssl proxy running.
you can also use this information for a basic proxypass, just ignore anything ssl related
most of the documentation left out one item : SSLProxyEngine on
You [...]

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • StumbleUpon
  • Google
  • Technorati
  • Slashdot
  • LinkedIn
  • E-mail this story to a friend!

their seems to be alot of documentation on apaches proxy module. Yet i was unable to find anything that worked to get a ssl to ssl proxy running.

you can also use this information for a basic proxypass, just ignore anything ssl related

most of the documentation left out one item : SSLProxyEngine on

You need to enable this option on the ssl virtual host in order to proxy content from your https url to another https url

you’ll also need at least the following, feel free to correct me if a module is a requirement.

mod_proxy.so
mod_proxy_http.so
mod_ssl.so

also you might want to check out : mod_proxy_html

here’s an example apache 2.2.4 vhost config that works for me.


DocumentRoot path/to/files
ServerAdmin admin@inhouse.sid
ErrorLog path/to/log
TransferLog path/to/log

ProxyPass otherserver.sid/path
ProxyPassReverse otherserver.sid/path

SSLProxyEngine on
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile path/to/server.crt
SSLCertificateKeyFile path/to/server.key


SSLOptions +StdEnvVars

BrowserMatch “.*MSIE.*” \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog path/to/log \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

I should also mention two other options :
ProxyPassReverseCookieDomain
ProxyPassReverseCookiePath

You can find out more about them here :
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html

If your using windows you can download apache modules here

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • StumbleUpon
  • Google
  • Technorati
  • Slashdot
  • LinkedIn
  • E-mail this story to a friend!

Meta

4 Comments

  1. Arun
    March 18, 2008 at 3:22 am | Permalink

    Thanks, I helped me !

  2. Scouse_down_under
    May 26, 2008 at 9:07 pm | Permalink

    Thanks for this, I had everything but the five lines starting SSL… but kept getting a
    proxy: No protocol handler was valid for the URL /mirror/blah. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. error.

    This is now fixed!

  3. theist
    August 21, 2008 at 1:52 am | Permalink

    Tanks!, just the directive I missed :P

    But I’m triying someting more complex now. I want to reverse proxy a SSL conection using the client certificate on a server configured with SSL Login + FakeBasicAuth. This is because we are moving mixed login services between servers and we want to keep a stable url space while doing so. Proxying makes basic http login working, but breaks certificate login.

  4. Nag
    November 13, 2008 at 11:51 pm | Permalink

    Thanks a ton!
    SSLProxyEngine on was all I required.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*