Apache Web Server
--
Questions
--
Followers
Top Experts
Apache Reverse Proxy -- Selectively passthrough https
Hi,
I'm trying to get Apache Reverse Proxy to do two things. 1. For this particular issue I want to know how I get the Reverse Proxy to send the URL out on 443 instead of 80? I've been able to get this far almost accidently. 2. Eventually I'd like to be able to pass all traffic straight through. If the second part is sufficiently different and complex enough I can open a second question. I lumped them together because they seemed closely related.
1. BrowserClient:443 --ssl--> ApacheReverseProxy:443 --clear --> TomcatServer:80.
2. Browser Client downloads Java applet.
3. JavaApplet:443 --ssl--> ApacheReverseProxy:443 --ssl--> TomcatServer:443 --clear--> Host:23
Items #1 and #2 work correctly.
Item #3, the Java applet going into Apache Reverse Proxy is working correctly.
The problem is that the Java applet coming out of the Apache Reverse Proxy is coming out on port 80. Tomcat Server expects 443.
Here are relevant sections of httpd.conf.
<VirtualHost _default_:443>
ServerName ApacheReverseProxy
ProxyRequests on
ProxyPass / http://TomcatServer/
ProxyPassReverse / http://TomcatServer/
AllowCONNECT 443
ProxyPass /mcs/ https://TomcatServer:443/
ProxyPassReverse /mcs/ https://TomcatServer:443/
</VirtualHost>
<VirtualHost ApacheReverseProxy>
ServerName ApacheReverseProxy
ProxyRequests on
ProxyPass / http://TomcatServer/
ProxyPassReverse / http://TomcatServer/
</VirtualHost>
I get this message in my error log but I can't tell if it is
relevant because my SSL connections do work.
[Fri Jul 18 10:08:42 2003] [crit] (98)Address already in use:
make_sock: could not bind to port 443
I've also tried using rewrite with various incantations.
I am able to set the port the Java client uses but would prefer to use 443
coming back into Apache Reverse Proxy. I tried setting up a virtual host as
well listening on 444 and then redirect back to Tomcat Server on 443 but that
didn't work.
FWIW this is the url sent from the Java client
GET /mcs/components/terminal32
HTTP/1.1\r\n
RedHat Linux 7.2 2.4.7-10
# ./httpd -v
Server version: Apache/1.3.27 (Unix)
Server built: Jul 16 2003 12:36:40
# ./httpd -l
Compiled-in modules:
http_core.c
mod_env.c
mod_log_config.c
mod_mime.c
mod_negotiation.c
mod_status.c
mod_include.c
mod_autoindex.c
mod_dir.c
mod_cgi.c
mod_asis.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_rewrite.c
mod_access.c
mod_auth.c
mod_proxy.c
mod_setenvif.c
mod_ssl.c
Thanks,
Gary
I'm trying to get Apache Reverse Proxy to do two things. 1. For this particular issue I want to know how I get the Reverse Proxy to send the URL out on 443 instead of 80? I've been able to get this far almost accidently. 2. Eventually I'd like to be able to pass all traffic straight through. If the second part is sufficiently different and complex enough I can open a second question. I lumped them together because they seemed closely related.
1. BrowserClient:443 --ssl--> ApacheReverseProxy:443 --clear --> TomcatServer:80.
2. Browser Client downloads Java applet.
3. JavaApplet:443 --ssl--> ApacheReverseProxy:443 --ssl--> TomcatServer:443 --clear--> Host:23
Items #1 and #2 work correctly.
Item #3, the Java applet going into Apache Reverse Proxy is working correctly.
The problem is that the Java applet coming out of the Apache Reverse Proxy is coming out on port 80. Tomcat Server expects 443.
Here are relevant sections of httpd.conf.
<VirtualHost _default_:443>
ServerName ApacheReverseProxy
ProxyRequests on
ProxyPass / http://TomcatServer/
ProxyPassReverse / http://TomcatServer/
AllowCONNECT 443
ProxyPass /mcs/ https://TomcatServer:443/
ProxyPassReverse /mcs/ https://TomcatServer:443/
</VirtualHost>
<VirtualHost ApacheReverseProxy>
ServerName ApacheReverseProxy
ProxyRequests on
ProxyPass / http://TomcatServer/
ProxyPassReverse / http://TomcatServer/
</VirtualHost>
I get this message in my error log but I can't tell if it is
relevant because my SSL connections do work.
[Fri Jul 18 10:08:42 2003] [crit] (98)Address already in use:
make_sock: could not bind to port 443
I've also tried using rewrite with various incantations.
I am able to set the port the Java client uses but would prefer to use 443
coming back into Apache Reverse Proxy. I tried setting up a virtual host as
well listening on 444 and then redirect back to Tomcat Server on 443 but that
didn't work.
FWIW this is the url sent from the Java client
GET /mcs/components/terminal32
HTTP/1.1\r\n
RedHat Linux 7.2 2.4.7-10
# ./httpd -v
Server version: Apache/1.3.27 (Unix)
Server built: Jul 16 2003 12:36:40
# ./httpd -l
Compiled-in modules:
http_core.c
mod_env.c
mod_log_config.c
mod_mime.c
mod_negotiation.c
mod_status.c
mod_include.c
mod_autoindex.c
mod_dir.c
mod_cgi.c
mod_asis.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_rewrite.c
mod_access.c
mod_auth.c
mod_proxy.c
mod_setenvif.c
mod_ssl.c
Thanks,
Gary
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Hey,
For your scheme to work, your Proxy server must create a SSL encrypted session with Tomcat.
The way to achieve this is probably with SSLproxy directives, as described here, alas for Apache 2.1 upwards.
http://httpd.apache.org/docs-2.1/en/mod/mod_ssl.html
I have not tried it myself yet, but it seems that you will have to define the following:
SSLProxyCACertificateFile to hold the certificates apache presents to tomcat.
SSLProxyCipherSuite ALL
SSLProxyEngine on
Since you have Apache 1.3.27, you will have to use SSLProxy in a stand alone mode.
Place SSLProxy between Apache and tomcat - http://www.kuix.de/sslproxy/
ShalomC
For your scheme to work, your Proxy server must create a SSL encrypted session with Tomcat.
The way to achieve this is probably with SSLproxy directives, as described here, alas for Apache 2.1 upwards.
http://httpd.apache.org/docs-2.1/en/mod/mod_ssl.html
I have not tried it myself yet, but it seems that you will have to define the following:
SSLProxyCACertificateFile to hold the certificates apache presents to tomcat.
SSLProxyCipherSuite ALL
SSLProxyEngine on
Since you have Apache 1.3.27, you will have to use SSLProxy in a stand alone mode.
Place SSLProxy between Apache and tomcat - http://www.kuix.de/sslproxy/
ShalomC
ShalomC,
Thanks for taking the time to respond.
The top link is for 2.1 but as you noticed I'm on 1.3. I might be able to upgrade but for now I need 1.3 to work.
The link on the bottom is to software that is no longer supported and it seemed like it involved adding another layer of complexity to an issue I -think- should be able to be handled by Apache.
I was wondering if you have any specific things I could try? I think that my virtual directory entries need tweaking, possibly even adding proxy_rewrite to the mix.
Were my expectations to high in asking for specific entries? I thought maybe I should just close the question because I want more detail on how to get this working and it could get very involved and long. Maybe it is not worth your time and I need to just get a good book.
Finally, I'm going to be out of the office for a week or more starting Friday 07/25.
Thanks,
Gary
Thanks for taking the time to respond.
The top link is for 2.1 but as you noticed I'm on 1.3. I might be able to upgrade but for now I need 1.3 to work.
The link on the bottom is to software that is no longer supported and it seemed like it involved adding another layer of complexity to an issue I -think- should be able to be handled by Apache.
I was wondering if you have any specific things I could try? I think that my virtual directory entries need tweaking, possibly even adding proxy_rewrite to the mix.
Were my expectations to high in asking for specific entries? I thought maybe I should just close the question because I want more detail on how to get this working and it could get very involved and long. Maybe it is not worth your time and I need to just get a good book.
Finally, I'm going to be out of the office for a week or more starting Friday 07/25.
Thanks,
Gary
Gary,
There is nothing you can achieve using mod_rewrite.
The Apache proxy must be able to transform a normal HTTP channel to a secure channel, and the only way is by an SSL proxy.
Since your Apache server is 1.3, the only way for you is to get one, either commercial or free.
The free products are either SSLPRroxy, STunnel, or a homebrewed solution based on OpenSSL. More current links :
http://www.obdev.at/products/ssl-proxy/
http://www.openssl.org
http://www.stunnel.org
There is nothing you can achieve using mod_rewrite.
The Apache proxy must be able to transform a normal HTTP channel to a secure channel, and the only way is by an SSL proxy.
Since your Apache server is 1.3, the only way for you is to get one, either commercial or free.
The free products are either SSLPRroxy, STunnel, or a homebrewed solution based on OpenSSL. More current links :
http://www.obdev.at/products/ssl-proxy/
http://www.openssl.org
http://www.stunnel.org
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
ShalomC,
Where would I put the ProxyPass entry? I have two VirtualHost entries or someplace else.
This is proving to be quite challenging and I can't seem to get it working.
Thanks,
Gary
Where would I put the ProxyPass entry? I have two VirtualHost entries or someplace else.
This is proving to be quite challenging and I can't seem to get it working.
Thanks,
Gary
ProxyPass can be used either in the server configuration in in a virtual server section.
http://httpd.apache.org/docs/mod/mod_proxy.html#proxypass
Start with a simple setup, without SSL, and add Stunnel when the basic proxy works.
ShalomC
http://httpd.apache.org/docs/mod/mod_proxy.html#proxypass
Start with a simple setup, without SSL, and add Stunnel when the basic proxy works.
ShalomC
Apache Web Server
--
Questions
--
Followers
Top Experts
The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.