I'm trying to cobble together the following https data flow:

<== public internet ==>

A. a single IPv4  Apache server with multiple virtual hosts
     identified by SNI

1. for each virtual host with its unique domain:

a.  use Apache's managed domain capability to get
     and keep current a Letsencrypt TLS cert
b.  have a reverse proxy to a backend TLS server (with
     passthrough TLS) identified by a unique port number
     on the local host

<== reverse proxy ==>

2. for each unique backend server

a.  respond to public domain https requests
b.  serve both static and dynamic content  back
    to the public client


1. Each virtual host is defined in a single Apache macro.
2. I have Apache running apparently successfully up to the
    ProxyPass and ProxyReverse point but cannot get a
    valid connection.
3. I can get the scenario to work in a non-TLS environment.
4. The solutions I've seen with Nginx and Caddy require
     wildcard certs or unique IPs, neither of which will
     work for me in my current understanding of Apache.


1. Is this TLS scenario theoretically possible?
2. If so, can HAProxy help make it happen?
3. What are my options for the backend server?
     I have seen very little discussion of that
     except in vague terms of a "dynamic
     server" (for which I plan to use a Raku
     language server called Cro).

Thanks for any help.

Best regards,


Reply via email to