[TriLUG] ssl through reverse proxy (Solved)
Paul G. Szabady
paul at thyservice.com
Sat Aug 25 17:44:30 EDT 2012
Well, I'm not sure why I was having such a cerebral flagellant, but I
finally figured it out.
I can do the SSL offload at the reverse proxy and point to multiple
back-end servers/domains.
client (http) > firewall > Apache RP (80) > (srv1-domain1:80 |
srv2-domain2:80)
client (httpS) > firewall > Apache RP (443) > Apache RP (80) >
(srv1-domain1:80 | srv2-domain2:80)
Of course, this means that all my internal domains use the same
certificate - which is ok since it's only for personal use.
Thanks for responses, both on/off list.
--
Paul
@ Thy Service
On 8/25/2012 12:32 PM, Paul G. Szabady wrote:
> Ok, partially answering myself, but still not quite where I want to be.
>
> After a bit more head banging, I decided to split things up to make
> sure I wasn't getting the wrong certificate, etc. I set up a second
> IP on my reverse proxy server, changed the vhost IP, firewall, etc and
> have been able to get the SSL to work for domain1, but... this
> solution requires a 1:1 mapping from my firewall (port 443) to this
> 2nd IP (port 443). So while it works for domain1, I still can't
> figure out how to make httpS work for domain2.
>
> Thoughts?
>
> --
> Paul
> @ Thy Service
>
> On 8/25/2012 11:09 AM, Paul G. Szabady wrote:
>> Greetings,
>>
>> I am trying to enable ssl through the following scenario, running
>> apache 2.2 on separate servers. Basically, I want the reverse proxy
>> (RP) server to do just that, proxying. I have done this hundreds of
>> times behind load balancers (e.g. Big IP F5), but here at $HOME, I
>> don't have that luxury.
>>
>> client (httpS) > firewall > Apache RP > (domain1 | domain2)
>>
> <...snip...>
More information about the TriLUG
mailing list