Apache ProxyPass with SSL
Solution 1
You'll need mod_ssl
, mod_proxy
and optionally mod_rewrite
. Depending on your distribution and Apache version you may have to check if mod_proxy_connect
and mod_proxy_http
are loaded as well.
The directives for enabling SSL proxy support are in mod_ssl:
<VirtualHost 1.2.3.4:80>
ServerName foo.com
SSLProxyEngine On
SSLProxyCheckPeerCN on
SSLProxyCheckPeerExpire on
ProxyPass / https://secure.bar.com
ProxyPassReverse / https://secure.bar.com
</VirtualHost>
IIRC you can also use:
RewriteRule / https://secure.bar.com [P] # don't forget to setup SSLProxy* as well
Solution 2
In Apache 1.x, mod_ssl
would fix up ProxyPass. Do you have mod_ssl
installed?
Ruben
TINKER HACKER MAKER DAD Long-time owner and operator of a small, successful security consulting business. As of recently, though, I do Cloud Security at Google. Nothing I write here represents the views of my employer, nor does it reflect any proprietary or "insider" knowledge. In fact, nearly all of my content here was written before I even started working at Google, so don't get too excited. Side note: Google is awesome. If you get a chance to work here, I highly recommend it.
Updated on September 17, 2022Comments
-
Ruben over 1 year
I want to proxy requests from an SSL site via a non-SSL site. My Apache httpd.conf looks like this:
<VirtualHost 1.2.3.4:80> ServerName foo.com ProxyPass / https://bar.com/ </VirtualHost>
So, when I visit http://foo.com, I expect apache to make a request to https://bar.com and send me the the page it fetched.
Instead, I get a 500 error, and in the error log, I see:
[error] proxy: HTTPS: failed to enable ssl support for 4.3.2.1:443 (bar.com)
Presumably I'm missing a directive here. Which might it be?
Never mind the security implications. I fully understand the risks.
-
Sam Halicke over 14 yearsWhich version of Apache are you using?
-
Eric Kigathi over 5 years"Never mind the security implications. I fully understand the risks." - This is the devops equivalent of "Hold My Beer" ; )
-