troubleshooting Question

Implementing SSL with redirects

Avatar of James McKeand
James McKeandFlag for United States of America asked on
LinuxSSL / HTTPS* NginxApache Web Server
9 Comments1 Solution183 ViewsLast Modified:
I am hosting a couple of web sites on couple Linux boxes and OWA on a Windows box in my office. Currently http is forwarded to Host_W and https is forwarded to Host_M.  Host_W serves pages for www.site-m.biz, www.site-d.net, and www.site-f.com while it forwards requests for host_l.site-s.org and www.site-s.org to Host_L. The current structure looks like this:
 
Current Config
What I want to do is forward both http and https to Host_W while serving the same three sites and forward https requests for mail.site-m.biz to Host_M and requests for site-s.org to Host_L. The structure would look something like:

Disired Config
 I have attached sanitized copies of what I think are the relevant config files.
 
The port forward is not a problem, simple change on the firewall. Installing Let's Encrypt certificate on both Nginx and Apache2 are heavily documented and a Godaddy certificate for mail.site-m.biz is already installed on Host-M.

What I don't have a handle on is the changes needed on the Apache2 on Host_W. I think it would be just to add something to the site-m.biz.conf like (and something similar to site-l.org.conf):

<VirtualHost *:443>
        ServerName mail.site-m.biz

        SSLEngine On
        SSLProxyEngine On
        ProxyRequests Off
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off
        SSLInsecureRenegotiation on
        SSLProxyVerify none
        SSLVerifyClient none
        
        ProxyPass / https://mail.site-m.biz/
        ProxyPassReverse / https://mail.site-m.biz/

        <Location "/">
                Require all granted
        </Location>
</VirtualHost>

I found the above at Server Fault and removed the SSLCertificateFile and SSLCertificateKeyFile directives as the certificate for mail.site-m.biz is not installed on Host-W.

Do I need to install the certificate from Host-M for mail.site-m.biz on Host-W? If so would I add the SSLCertificateFile and SSLCertificateKeyFile directives?
Host_L---default.txt
site-s.org.conf.txt
site-m.biz.conf.txt
ASKER CERTIFIED SOLUTION
James McKeand
Technical Consultant

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 9 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 9 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros