Your external facing apache instance would do the SSL part and use mod_proxy to redirect the request to another instance of apache which implements the actual functionality. Just remember the second instance needs to run on a different port and that it doesnt have to talk to the outside world.
Did you check out the practical mod_perl article ? https://docstore.mik.ua/orelly/weblinux2/modperl/ch12_07.htm As for your Lets Encrypt certificate - autorenewal isnt a mod_perl thing rather you do have to place a script in some sort of scheduler. https://onepagezen.com/letsencrypt-auto-renew-certbot-apache On Sun, Dec 20, 2020 at 1:45 PM Tom Browder <tom.brow...@gmail.com> wrote: > On Sun, Dec 20, 2020 at 11:29 Mithun Bhattacharya <mit...@gmail.com> > wrote: > >> Just curious where exactly is the challenge in this setup ? It can't be >> in apache supporting real certificates - neither can it be in setting up >> reverse proxy internally... >> > > The challenge to me is how exactly to code the reverse proxy on a single > instance of Apache. I have found no one who can tell me exactly how to > manage https in the http conf file between the outward facing side and > inside the reverse proxy so that the auto-tls renewal works with Let's > Encrypt, all on a single server. > > I think I could cobble together a cron job to do it, but not without a lot > of trial and error, especially when I'm not sure how the proxy and proxy > pass are supposed to look. > > I sure wish someone would update the old Apache Cookbook. > > -Tom > >
