Apache proxypass https to https
27,518
You should set "SSLProxyEngine On". The following is my example that may give you any idea.
<VirtualHost *:443>
SSLEngine On
SSLProxyEngine On
ServerName my.example.com:443
SSLCertificateFile "${SRVROOT}/conf/ssl/example.pem"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/example.key"
ErrorLog "|bin/rotatelogs.exe -l /var/logs/apache/example/error.%Y-%m-%d.log 86400"
CustomLog "|bin/rotatelogs.exe -l /var/logs/apache/example/ssl_request.%Y-%m-%d.log 86400" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ProxyRequests Off
ProxyPass / https://www.google.com/
<Location />
ProxyPassReverse /
Options FollowSymLinks
Require all granted
</Location>
</VirtualHost>
Author by
Admin
Updated on June 11, 2020Comments
-
Admin almost 4 years
here is what I tired to do:
- browser -internet-> https(Apache proxypass)-intranet->(Apache https)
- both Apaches are installed the ssl certs.(startssl wide card,not self-signed)
Apache error log:
[client 192.168.2.157] SSL Proxy requested for test.xxx.com:443 but not enabled [Hint: SSLProxyEngine]
[error] proxy: HTTPS: failed to enable ssl support for 192.168.2.157:443 (test.xxx.com)
Then I tried use apache(on the internet) proxy to https://google.com and the error log is the same.
However,https to http works. browser -internet-> https(Apache proxypass)-intranet->(Apache http)
My config:
<VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/apache2/ssl/xxx_com.crt SSLCertificateKeyFile /etc/apache2/ssl/xxx_com.key SSLCertificateChainFile /etc/apache2/ssl/sub.class2.server.ca.pem ProxyPreserveHost On ProxyRequests Off ProxyVia Off AllowEncodedSlashes NoDecode <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / https://2w.xxx.com/ ProxyPassReverse / https://2w.xxx.com/ ServerName test.xxx.com RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" ErrorLog "/var/log/apache2/error-ssl.log" </VirtualHost>
OR:
<VirtualHost *:443> ProxyPass / https://google.com/ ProxyPassReverse / https://google.com/ SSLEngine on SSLCertificateFile /etc/apache2/ssl/xxx_com.crt SSLCertificateKeyFile /etc/apache2/ssl/xxx_com.key SSLCertificateChainFile /etc/apache2/ssl/sub.class2.server.ca.pem ServerName test.xxx.com </VirtualHost>
Seems like it's not possible for apache to handle https to https? if apache does not support this how about nginx?