I'm trying to cobble together the following https data flow:
<== public internet ==>
A. a single IPv4 Apache server with multiple virtual hosts
identified by SNI
1. for each virtual host with its unique domain:
a. use Apache's managed domain capability to get
and keep current a Letsencrypt TLS cert
b. have a reverse proxy to a backend TLS server (with
passthrough TLS) identified by a unique port number
on the local host
<== reverse proxy ==>
2. for each unique backend server
a. respond to public domain https requests
b. serve both static and dynamic content back
to the public client
Notes:
1. Each virtual host is defined in a single Apache macro.
2. I have Apache running apparently successfully up to the
ProxyPass and ProxyReverse point but cannot get a
valid connection.
3. I can get the scenario to work in a non-TLS environment.
4. The solutions I've seen with Nginx and Caddy require
wildcard certs or unique IPs, neither of which will
work for me in my current understanding of Apache.
Questions:
1. Is this TLS scenario theoretically possible?
2. If so, can HAProxy help make it happen?
3. What are my options for the backend server?
I have seen very little discussion of that
except in vague terms of a "dynamic
server" (for which I plan to use a Raku
language server called Cro).
Thanks for any help.
Best regards,
-Tom
