I'm trying to cobble together the following https data flow: <== public internet ==>
A. a single IPv4 Apache server with multiple virtual hosts identified by SNI 1. for each virtual host with its unique domain: a. use Apache's managed domain capability to get and keep current a Letsencrypt TLS cert b. have a reverse proxy to a backend TLS server (with passthrough TLS) identified by a unique port number on the local host <== reverse proxy ==> 2. for each unique backend server a. respond to public domain https requests b. serve both static and dynamic content back to the public client Notes: 1. Each virtual host is defined in a single Apache macro. 2. I have Apache running apparently successfully up to the ProxyPass and ProxyReverse point but cannot get a valid connection. 3. I can get the scenario to work in a non-TLS environment. 4. The solutions I've seen with Nginx and Caddy require wildcard certs or unique IPs, neither of which will work for me in my current understanding of Apache. Questions: 1. Is this TLS scenario theoretically possible? 2. If so, can HAProxy help make it happen? 3. What are my options for the backend server? I have seen very little discussion of that except in vague terms of a "dynamic server" (for which I plan to use a Raku language server called Cro). Thanks for any help. Best regards, -Tom