Configuring a https reverse proxy with apache

Hi guys,

I have installed a web Server with SSL certificate for test purpose.
The Certificate was generated from startssl
The  site works if I put it on the DMZ and try to access to it from internet. Https access too.

Now I want to put a reverse proxy in the DMZ and put the webserver in the lan

I made some test without ssl and the reverse proxy works.

But when I try to access to https://example.com I get this error :

Internet Explorer ne peut pas afficher cette page Web


on my public dns zone

example.com       A       XX.XX.X.XXX
www.example.com CNAME example.com






DNS ZONE 172.16.3.0

Reverse proxy server RVPROXY 172.16.3.10

virtual host on the proxy server

/etc/apache2/sites-available/default-ssl

     
NameVirtualHost *:443
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLProxyEngine on
ProxyRequests off
ProxyVia off
ProxyPreserveHost on

<proxy *>
        Order deny,allow
        Deny from all
        Allow from all
</proxy>

SSLCertificateFile /etc/apache2/ssl/servexample.crt
SSLCertificateKeyFile /etc/apache2/ssl/servexample.key
SSLCACertificateFile /etc/apache2/ssl/ca.cer
ProxyPass / http://10.200.12.10/
ProxyPassReverse / https://10.200.12.10/

</Virtualhost>

Open in new window




SRVWEB


virtual host on the website

/etc/apache2/sites-available/example.https

NameVirtualHost *:443
<VirtualHost *:443>

Servername example.com
DocumentRoot /var/www/example

SSLEngine On
SSLOPtions +FakeBasicAuth


SSLCertificateFile /etc/apache2/ssl/servexample.crt
SSLCertificateKeyFile /etc/apache2/ssl/servexample.key

</VirtualHost>

Open in new window


The ssl certifcate must be present on the reverse proxy and also on the web server ?

Thanks for your help
wahrani16Asked:
Who is Participating?
 
oheilCommented:
If you run a transparent proxy than only on the web server, if it is not-transparent, than you need two different certificates, the startssl on on the proxy, and an internal selfmade one on the web server.

But, in the case on non-transparancy you dont need any SSL between proxy and web server at all if the only access is through the proxy. This might also help in solving the problem. There is no need for encryption between proxy and web server as it is your internal LAN.

I would be glad, if some other experts would comment here to, I feel not comfortable, giving advice from the far on this very important security questions.

Oli
0
 
oheilCommented:
I believe that SSL is causing the problems.
http://wiki.apache.org/httpd/NameBasedSSLVHosts

I switched to GnuTLS to allow VirtualHosts for SSL.
http://www.gnutls.org/

I am unsure in your case, as my guess does not really adresses the reverse proxy setup, but that is what I would look for at first, because your setup works with http but not with https.

Oli
0
 
wahrani16Author Commented:
Thanks oheil,
But the link http://wiki.apache.org/httpd/NameBasedSSLVHosts is for multiple SSL Vhosts on a same ip.
Mine is one ssl vhost only :)
Thank you
0
 
oheilCommented:
You can check:
Configure your apache without VirtualHost.

If the problem disappears I was right ;-)

Oli
0
 
wahrani16Author Commented:
Ok I will test without virtual hosts.
The certificate for my site www.example.com must be present on the proxy server and on the web server ?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.