using mod_proxy to proxy ssl connection to backend...

using mod_proxy to proxy ssl connection to backend...

am 04.09.2009 18:35:18 von Carlos Lugo

--0016364c6ccdec1b2b0472c31567
Content-Type: text/plain; charset=ISO-8859-1

Hello
I'm looking to proxy a site which has an SSL "admin" from a backend server
using mod_proxy and mod_proxy_ssl.
So far, any non-ssl traffic is being proxied perferctly, with urls fixed
with mod_proxy_html.
However, i'm yet to correctly proxy ssl traffic, and am not sure i
understand the best way to go about doing this.
Here's a bit of background:

1) apache 2.2

2) sub.domain.com is 301 redirected to domain.com/sub

3) domain.com/sub (nonexistent directory) is then proxied to
old.domain.com("backend" server) using ProxyPass and ProxyPassReverse.
This works with no
problem at all.

4) i'm ATTEMPTING to proxy https://domain.com/sub/admin.php to
https://old.domain.com/admin.php using proxy pass reverse, but cannot for
the life of me get it to work. https://old.domain.com/admin.php works
perfectly when connecting directly from the client (browser), but once the
browser is pointed to the proxy, only non https traffic works.

I've attempted configuring a separate virtual host (this server has a small
handfull) as but that doesn't work (set
SSLProxyEngine On, AllowCONNECT 443, etc).
I've also tried doing it from the same virtual host that the other (working)
proxy config resides in, but with no success. I can see a 443 request (in
both netstat and logs) of the backend server, but it's a single line and
never goes any further.

Can someone explain how this should be configured properly? For some
reason, the info i'm seeing in various messageboard/mailing list threads
always seems incomplete or simply doesn't work for me.

Thanks in advance,
Carlos

--0016364c6ccdec1b2b0472c31567
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hello
I'm looking to proxy a site which has an SSL "admin"=
from a backend server using mod_proxy and mod_proxy_ssl.
So far, any no=
n-ssl traffic is being proxied perferctly, with urls fixed with mod_proxy_h=
tml.

However, i'm yet to correctly proxy ssl traffic, and am not sure i unde=
rstand the best way to go about doing this.
Here's a bit of backgrou=
nd:

1) apache 2.2

2) sub.do=
main.com
is 301 redirected to domain.=
com/sub



3) (nonexistent di=
rectory) is then proxied to old.domain.co=
m
("backend" server) using ProxyPass and ProxyPassReverse.=A0=
This works with no problem at all.


4) i'm ATTEMPTING to proxy php">https://domain.com/sub/admin.php to com/admin.php">https://old.domain.com/admin.php using proxy pass revers=
e, but cannot for the life of me get it to work.=A0 domain.com/admin.php">https://old.domain.com/admin.php works perfectly =
when connecting directly from the client (browser), but once the browser is=
pointed to the proxy, only non https traffic works.


I've attempted configuring a separate virtual host (this server has=
a small handfull) as <VirtualHost [ipaddress]:443> but that doesn=
9;t work (set SSLProxyEngine On, AllowCONNECT 443, etc).
I've also t=
ried doing it from the same virtual host that the other (working) proxy con=
fig resides in, but with no success.=A0 I can see a 443 request (in both ne=
tstat and logs) of the backend server, but it's a single line and never=
goes any further.


Can someone explain how this should be configured properly?=A0 For some=
reason, the info i'm seeing in various messageboard/mailing list threa=
ds always seems incomplete or simply doesn't work for me.

Thanks=
in advance,

Carlos


--0016364c6ccdec1b2b0472c31567--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org