On 08/03/2015 10:01 AM, "A M" <amm.pr...@gmail.com> wrote: > > > Hello experts, > > I am trying to set up a classical frontend HTTPS Apache Reverse Proxy > for a couple of plain backend HTTP servers sitting on a backend private > network. The plaform is Centos 6, the Apache rpm is httpd-2.2.15-39.el6.centos. > > I first created three DNS entries, all pointing to the same public IP: > > apachefrontend.example.com > appserver1.example.com > appserver2.example.com > > I then generated the SSL cert and key for the frontend host and verified that > SSL config was correct (all settings and key/cert were defined inside the file > /etc/httpd/conf.d/ssl.conf). The URL "https://apachefrontend.example.com"; > replied OK. > > I have then set up a forced redirection to port 443 on the mother > server and defined two virtual hosts, in this manner: > > .. > NameVirtualHost *:80 >
First change this: > <VirtualHost *:80> > ServerName apachefrontend.example.com > RedirectMatch ^/(.*) https://apachefrontend.example.com/$1 > </VirtualHost> > to: <VirtualHost *:80> ServerName apachefrontend.example.com ServerAlias appserver1.example.com appserver2.example.com RedirectMatch ^/(.*) https://%{HTTP_HOST}/$1 </VirtualHost> Then get rid of these two: > <VirtualHost *:80> > ServerName appserver1.example.com > ProxyRequests Off > ProxyPass / http://appserver1.backend/ > ProxyPassReverse / http://appserver1.backend/ > </VirtualHost> > > <VirtualHost *:80> > ServerName appserver2.example.com > ProxyRequests Off > ProxyPass / http://appserver2.backend/ > ProxyPassReverse / http://appserver2.backend/ > </VirtualHost> > .. More specific convert them to ssl vhosts: <VirtualHost *:443> ServerName appserver1.example.com ProxyRequests Off ProxyPass / http://appserver1.backend/ ProxyPassReverse / http://appserver1.backend/ </VirtualHost> <VirtualHost *:443> ServerName appserver2.example.com ProxyRequests Off ProxyPass / http://appserver2.backend/ ProxyPassReverse / http://appserver2.backend/ </VirtualHost> which will effectively do what you want which is terminate ssl on the frontend. > Now, > > - If I go to "http://apachefrontend.example.com";, I am > correctly ending up at "https://apachefrontend.example.com";; > > - If I go to "http://appserver1[2].example.com";, I arrive to > the backend servers allright, but only via the port 80. > > This behaviour is apparently correct, but so far I have not found > the right configuration options needed to enforce the secure > connection to the backend servers via the reverse proxy (I may > not enable SSL on the backend servers as they are running some > privately managed applications and cannot be tweaked). > > Could someone kindly post an example of working configuration > of the same type? > > Thanks ahead for any advice! > > Andy. > > >
