?
Solved

Configuring a https reverse proxy with apache

Posted on 2013-02-07
5
Medium Priority
?
698 Views
Last Modified: 2013-03-19
Hi guys,

I have installed a web Server with SSL certificate for test purpose.
The Certificate was generated from startssl
The  site works if I put it on the DMZ and try to access to it from internet. Https access too.

Now I want to put a reverse proxy in the DMZ and put the webserver in the lan

I made some test without ssl and the reverse proxy works.

But when I try to access to https://example.com I get this error :

Internet Explorer ne peut pas afficher cette page Web


on my public dns zone

example.com       A       XX.XX.X.XXX
www.example.com CNAME example.com






DNS ZONE 172.16.3.0

Reverse proxy server RVPROXY 172.16.3.10

virtual host on the proxy server

/etc/apache2/sites-available/default-ssl

     
NameVirtualHost *:443
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLProxyEngine on
ProxyRequests off
ProxyVia off
ProxyPreserveHost on

<proxy *>
        Order deny,allow
        Deny from all
        Allow from all
</proxy>

SSLCertificateFile /etc/apache2/ssl/servexample.crt
SSLCertificateKeyFile /etc/apache2/ssl/servexample.key
SSLCACertificateFile /etc/apache2/ssl/ca.cer
ProxyPass / http://10.200.12.10/
ProxyPassReverse / https://10.200.12.10/

</Virtualhost>

Open in new window




SRVWEB


virtual host on the website

/etc/apache2/sites-available/example.https

NameVirtualHost *:443
<VirtualHost *:443>

Servername example.com
DocumentRoot /var/www/example

SSLEngine On
SSLOPtions +FakeBasicAuth


SSLCertificateFile /etc/apache2/ssl/servexample.crt
SSLCertificateKeyFile /etc/apache2/ssl/servexample.key

</VirtualHost>

Open in new window


The ssl certifcate must be present on the reverse proxy and also on the web server ?

Thanks for your help
0
Comment
Question by:wahrani16
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 9

Expert Comment

by:oheil
ID: 38863017
I believe that SSL is causing the problems.
http://wiki.apache.org/httpd/NameBasedSSLVHosts

I switched to GnuTLS to allow VirtualHosts for SSL.
http://www.gnutls.org/

I am unsure in your case, as my guess does not really adresses the reverse proxy setup, but that is what I would look for at first, because your setup works with http but not with https.

Oli
0
 

Author Comment

by:wahrani16
ID: 38863133
Thanks oheil,
But the link http://wiki.apache.org/httpd/NameBasedSSLVHosts is for multiple SSL Vhosts on a same ip.
Mine is one ssl vhost only :)
Thank you
0
 
LVL 9

Expert Comment

by:oheil
ID: 38863163
You can check:
Configure your apache without VirtualHost.

If the problem disappears I was right ;-)

Oli
0
 

Author Comment

by:wahrani16
ID: 38863258
Ok I will test without virtual hosts.
The certificate for my site www.example.com must be present on the proxy server and on the web server ?
0
 
LVL 9

Accepted Solution

by:
oheil earned 1500 total points
ID: 38863320
If you run a transparent proxy than only on the web server, if it is not-transparent, than you need two different certificates, the startssl on on the proxy, and an internal selfmade one on the web server.

But, in the case on non-transparancy you dont need any SSL between proxy and web server at all if the only access is through the proxy. This might also help in solving the problem. There is no need for encryption between proxy and web server as it is your internal LAN.

I would be glad, if some other experts would comment here to, I feel not comfortable, giving advice from the far on this very important security questions.

Oli
0

Featured Post

How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question