Configure Apache to use external proxy for HTTPS connection

apache-2.2 ssl proxy

13,422

Solution 1

I finally got it working :) The problem was with (RTFM)

"match is either the name of a URL-scheme that the remote server supports, or a partial URL for which the remote server should be used, or * to indicate the server should be contacted for all requests. remote-server is a partial URL for the remote server. "

So resolution is simple, use ProxyRemoteMatch instead:

ProxyRemoteMatch externaldomain\.com http://external.proxy.com:8585

Solution 2

The error your get is because of your last line into the config

 ProxyPass    /sub      https://sub.externaldomain.com/

That tells apache to proxy pass requests from /sub to sub.externaldomain.com:443 which is what you actually get into your error message.

Now your setup is missing

 ProxyRequests On

because ProxyRemote only functions when this is on and the User Agent(browser) is configured to use the apache server as a proxy . Is my understanding that you want to do something like:

1 - proxy all traffic to /sub trough the remote proxies that you have configured - but not to use the local apache server as a ProxyPass ?! - if that is the case the remove the last line
2 - you want your apache server to act that it has the resource /sub locally and actually the requests are going to a remote server ?! - if that is the case you need to configure just the last line with the appropriated port AND use this directive as well

ProxyPassReverse /sub https://sub.externaldomain.com/ # here configure the right port as you can see 443 is not working

13,422

tomalec

Updated on September 18, 2022

Comments

tomalec over 1 year

I'm trying to make my Apache use external proxy for HTTPS requests:

Listen 80
Listen 443
..
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
..
SSLProxyEngine On
SSLProxyVerify none
SSLCACertificateFile conf/cert/curl-ca-bundle.cert

ProxyRemote http://*.externaldomain.com:80 http://external.proxy.com:8585
ProxyRemote http://*.externaldomain.com:443 https://external.proxy.com:8585
ProxyPass    /sub      https://sub.externaldomain.com/

But request for http://localhost/sub/something returns 503 and gives:

[Fri Apr 15 17:38:15 2011] [error] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.  : proxy: HTTPS: attempt to connect to 11.11.11.111:443 (sub.domain.com) failed

What's weird

curl -x 11.11.11.111:8585 https://sub.externaldomain.com/something

works.

How can I make Apache use external proxy for https request?

djangofan about 13 years

cant help but notice a typo in your question. the Proxyremote rule using 443 needs to specify "https" as the protocol. i cant imagine that your use of "http" was intentional.

tomalec about 13 years

What I want to do is to rewrite localhost/sub/something to sub.externaldomain.com/something, but I am in the corporate network so I have to use external.proxy.com:8585. RewriteRule ^/sub/(.*) sub.externaldomain.com/$1 [P] ProxyPass /sub sub.externaldomain.com works fine, but only for http or outside corpo. network.
silviud about 13 years

the rewrite rule do the same type of proxy as ProxyPass the only difference being that you actually make decisions or have certain criteria. can you post the final config that you have ?