Re: [users@httpd] Vitualhosts ssl and apache2

Wed, 02 Aug 2006 06:41:16 -0700

Hi Vincent. I had found this example searching more but not sure it is of any value. 

Regards,
David

<VirtualHost 1.2.3.4:80>
        ServerName webmail.example.org
        DocumentRoot /var/www/html/exchange
RedirectMatch ^/(index.html?)$ https://webmail.example.org/exchange/ 
        RedirectMatch ^/exchange$ https://webmail.example.org/exchange/
</VirtualHost>

<VirtualHost 1.2.3.4:443>
        # This secures the server from being used as a third party
        # proxy server
        ProxyRequests Off

        # Allows the proxying of a SSL connection
        SSLProxyEngine On
        ProxyVia On

        DocumentRoot /home/user/mail_proxy/html/
        RequestHeader set Front-End-Https "On"

        ServerName mail

        # Set up SSL to work with this host
        SSLEngine On
        SSLCertificateFile /etc/apache/webmail-proxy/server.crt
        SSLCertificateKeyFile /etc/apache/webmail-proxy/server.key
SSLProxyMachineCertificateFile /etc/apache/webmail-proxy/certnew.cer 

        ProxyPass /exchange/ https://mail-internal/exchange/
        ProxyPassReverse /exchange/ https://mail-internal/exchange/

        ProxyPass /exchweb/ https://mail-internal/exchweb/
        ProxyPassReverse /exchweb/ https://mail-internal/exchweb/

        ProxyPass /public/ https://mail-internal/public/
        ProxyPassReverse /public/ https://mail-internal/public/

        ProxyPreserveHost On
</VirtualHost>

Vincent Bray wrote:

On 8/2/06, Vincent Bray <[EMAIL PROTECTED]> wrote:

On 8/2/06, David Pratt <[EMAIL PROTECTED]> wrote:
> Hi Vincent. I have NameVirtualHost(s) set up as follows.
>
> NameVirtualHost *:80
> NameVirtualHost *.443
>
> Sorry I did not include this in my previous message. The twisted SSL
> server is pretty much stand alone and uses its own certificate source.
> What I want to do is have the server running on localhost:8443 proxied
> on 443 for a particular path.  Will I still need Apache's SSLEngine for
> this?

Hi,
Looking in to this a little further (thanks google) has confirmed what
I thought; that reverse proxying ssl is largely pointless. This rather
old message explains the scenario:

http://www.squid-cache.org/mail-archive/squid-users/200005/0744.html

That leaves you either, a) forgetting about ssl authentication between
the user agent and zope, b) exposing zope to the client directly, or
c) using something at the tcp level to forward the encrypted
connection to zope's port.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to