[brlug-general] SSL VPN

Tue Nov 11 12:15:50 2003 

-ray <[EMAIL PROTECTED]> writes:

I do this with apache now.  mod_proxy is your friend.  Looks something
like this in httpd.conf:

NameVirtualHost 1.2.3.4

<VirtualHost 1.2.3.4:443>
   ServerAdmin [EMAIL PROTECTED]
   ServerName scottharney.com
   ProxyPass / http://scottharney.com/
   ProxyPassReverse / http://scottharney.com/
   ErrorLog /var/log/apache/scottharney.com/error_log
   TransferLog /var/log/apache/scottharney.com/access_log
   SSLEngine On
   SSLCertificateFile /etc/apache/scottharney.com.crt
   SSLCertificateKeyFile /etc/apache/scottharney.com.key
</VirtualHost>

DNS needs to be setup behind the proxy/firewall as well so
"scottharney.com" resolves to an internal IP or you can just use
internal IP address in your "ProxyPass*" directives.  I can (and do)
have multiple devices and domains behind the single apache mod_proxy
instance.  The machines behind the proxy do not have to be running
apache -- they only need speak http.

> All,
>
> I'm looking to do sort of a reverse SSL proxy/VPN.  We have some HVAC 
> devices on campus that speak HTTP to monitor/control A/C systems.  The SSL 
> add-on for these devices is extremely expensive... almost $10k.  I'd like 
> to setup a proxy/redirector on a private VLAN with the device, so it's 
> setup like this:
>
> client --HTTPS--> proxy --HTTP/VLAN--> device
>
> Suggestions?  Don't wany any setup on the client, which rules out ssh
> tunneling or a "real" VPN.  I'm thinking LVS, or Squid.  Or maybe there's
> an Apache module to do this.  Anyone do this before?
>
> ray
> -- 
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Ray DeJean                                     http://www.r-a-y.org
> Systems Engineer                    Southeastern Louisiana University
> IBM Certified Specialist            AIX Administration, AIX Support
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
>
>
> _______________________________________________
> General mailing list
> [email protected]
> http://brlug.net/mailman/listinfo/general_brlug.net
>

-- 
Scott Harney<[EMAIL PROTECTED]>
"...and one script to rule them all."
gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5

Reply via email to