apache2 reverse proxy 2 virtual hosts & ssl

apache-2.2 ssl virtualhost reverse-proxy
6,497

Presumably, you're missing :443 in your second virtual host configuration (I'm not sure whether this is just a copy/paste error here).

The next problem you're going to face is that you will need to be able to handle multiple hosts on SSL/TLS. For this, you will need the server to present a valid certificate for that host name during the SSL/TLS handshake, before any HTTP request/response is sent. The can be done using one of the following techniques:

  • Use a single IP address and a single certificate valid for all the hosts you want to serve at the same time. This could be achieved with a certificate with multiple Subject Alternative Name entries (app1.example.biz and app2.example.biz), sometimes called UCC, or a wildcard certificate (e.g. *.example.biz, but their use is discouraged).
  • Use distinct IP addresses for each host, if you can. In this case, don't rely on NameVirtualHost for HTTPS, but set the IP addresses in each virtual host entry, and configure each virtual host section with its certificate.
  • Use a single IP address and multiple certificates, but your client will need to support the Server Name Indication extension. (This is not supported by any version of IE on Windows XP, some mobile clients, and Java 6, for example.) How to configure it on Apache Httpd is documented on this page.
Share:
6,497
user124650
Author by

user124650

Updated on September 18, 2022

Comments

  • user124650
    user124650 over 1 year

    I have 2 servers: app1.example.biz & app2.example.biz I need to do the following using apache2 as a reverse proxy redirect all traffic coming from internet to the appropriate server & use ssl. The configuration i did allows me to redirect app1.example.biz to https app1.example.biz & i can access the server. The problem is that i can't do the same for app2.example.biz, when i type app2.example.biz it redirects me to https app1.example.biz!! PS: I can't post more than two hyperlinks because i'm a new user but my config is correct.

    <VirtualHost *:80>
   ServerName app1.example.biz/
    Redirect / https app1.example.biz/

</VirtualHost>

<VirtualHost *:443>

ServerName app1.example.biz
ServerAlias app1.example.biz

ProxyPass / http app1.example.biz/
ProxyPassReverse / http app1.example.biz/
SSLEngine on
SSLCertificateFile    /etc/ssl/servwiki.crt
SSLCertificateKeyFile /etc/ssl/servwiki.key
SSLVerifyClient none

</VirtualHost>

#<VirtualHost *>
#    ServerName app2.example.biz/
#    Redirect / https  app2.example.biz/
#</VirtualHost>

<VirtualHost *>
ProxyPreserveHost On
ServerName  app2.example.biz
ServerAlias  app2.example.biz

ProxyPass / http app2.example.biz/
ProxyPassReverse / http app2.example.biz/
SSLEngine on
SSLCertificateFile    /etc/ssl/servwiki.crt
SSLCertificateKeyFile /etc/ssl/servwiki.key
SSLVerifyClient none

</VirtualHost>

    I tried: 1/ using NameVirtualHost:80 & NameVirtualHost:443 2/Naming each virtual host like this 3/adding

     <VirtualHost *>
ServerName www.example.biz
DocumentRoot /usr/local/apache/htdocs
#SSLEngine on
#SSLCertificateFile    /etc/ssl/servwiki.crt
#SLCertificateKeyFile /etc/ssl/servwiki.key
#SSLVerifyClient none
</VirtualHost>

    this solves the problem of redirecting http app1.example.biz & http app2.example.biz to the corresponding server but it doesn't wok with ssl!

    plzzzzz help

  • user124650
    user124650 almost 12 years
    Thanks Bruno, i guess the second suggestion suits me, i have disticnt ip addresses and certificates for each virtual host. But as i said earlier when i try to access app2.example.biz it redirects me to app1.example.biz! this is my main problem right now ://
  • Bruno
    Bruno almost 12 years
    Put each IP address in the right virtualhost section (<VirtualHost 10.0.0.1:443> for example) instead of *, and make sure the DNS resolution points the host name to the correct IP address in each case. (You also seem to be using the same certificate configuration in your 2 virtual hosts in your example here.)
  • user124650
    user124650 almost 12 years
    when i put <VirtualHost 10.0.0.1:443> & try to access app1.example.biz i get: Erreur 107 (net::ERR_SSL_PROTOCOL_ERROR) : Erreur de protocole SSL
  • user124650
    user124650 almost 12 years
    ps: i know that i'm using the same certificate here it's just an example but i do have distinct ones
  • user124650
    user124650 almost 12 years
    i tried to forget about ssl for the moment and concentrate on reverse proxying with http only, when i put <VirtualHost ip:80> and access app1.example.biz i get the index page of apache ://
  • Bruno
    Bruno almost 12 years
    I'm not sure what is dummy data and what's the actual config in your example, but it doesn't make sense to reverse proxy to itself. You should also typically use ProxyPass / http://someotherhost:or-someotherport/ but not itself.
  • user124650
    user124650 almost 12 years
    is this what you mean?? <VirtualHost 192.168.12.25:443> ServerName app1.example.biz ServerAlias app1.example.biz ProxyPass / http:/app1.example.biz/ ProxyPassReverse / app1.example.biz SSLEngine on SSLCertificateFile /etc/ssl/servwiki.crt SSLCertificateKeyFile /etc/ssl/servwiki.key SSLVerifyClient none </VirtualHost> #192.168.12.25 is the ip for app1.example.biz
  • Bruno
    Bruno almost 12 years
    I mean don't use ProxyPass / http://app1.example.biz/ within the virtual host for ServerName app1.example.biz, since it will redirect it back to itself. Typically, you'd want to reverse proxy ServerName app1.example.biz to ProxyPass / http://internal.address:internal-port/ (for example ProxyPass / http://localhost:8080/ if you're trying to proxy a Tomcat container).
  • Bruno
    Bruno almost 12 years
    What are you trying to use a reverse proxy for? Typically, app1.example.biz and app2.example.biz would have external IP addresses, served by the reverse proxy, and 192.168.12.x would be the addresses of the internal servers behind that proxy (not visible as app1.example.biz and app2.example.biz).
  • user124650
    user124650 almost 12 years
    we have one public ip address for: www.example.biz. app1 & app2 are on 2 differents internal servers and have private addresses.
  • Bruno
    Bruno almost 12 years
    Ah, in that case I'm not sure you fully understand what the reverse proxy is meant to do. You would normally only have one virtual host on your reverse proxy (for server name www.example.biz) and then have two Proxy directives, with different paths, for app1 and app2.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

setup multiple https on same server using different ports
Openssl, my private key is either missing or lost
Two https virtualhosts on same server: same port, different subdomains
Apache multiple virtual hosts with ssl certificates
Apache VirtualHost, multiple sites. 1 ssl with redirect and 1 regular http
Apache vhost configuration for port forwarding
nginx proxy_set_header x-forwarded-proto seemingly not working
Apache VirtualHost with SSL Not Found
Is it possible to run an Apache VirtualHost on port 443 with SSL off?
502 proxy error apache reverse proxy