Proxying with SSL [closed]
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this questionI have a Linux host running Apache and a Windows host running IIS. I have a domain that points to the Linux host and need to relay (proxy) requests for it to IIS; I thus have the following virtual host definition in Apache (which works just fine):
&l开发者_开发问答t;VirtualHost 192.168.0.2:80>
ServerName www.acme.com
DocumentRoot /var/www/acme.com
RewriteEngine On
RewriteOptions Inherit
RewriteRule ^/(.*) http://win.acme.com/$1 [P]
</VirtualHost>
now I want to add SSL support; the definition becomes:
<VirtualHost 192.168.0.2:443>
ServerName www.acme.com
DocumentRoot /var/www/acme.com
GnuTLSEnable On
GnuTLSPriorities NORMAL:%COMPAT
GnuTLSCertificateFile /var/www/ssl/www.acme.com.crt
GnuTLSKeyFile /var/www/ssl/www.acme.com.key
RewriteEngine On
RewriteOptions Inherit
RewriteRule ^/(.*) https://win.acme.com/$1 [P]
</VirtualHost>
I have valid and trusted certificates on both web servers and if I visit https://win.acme.com
all is well, however, when I visit https://www.acme.com
I get a 500 Internal Server Error message. A peek at the error logs shows:
[Wed Jul 20 08:35:34 2011] [error] [client 76.168.166.70] SSL Proxy requested for www.wileybits.com:80 but not enabled [Hint: SSLProxyEngine] [Wed Jul 20 08:35:34 2011] [error] proxy: HTTPS: failed to enable ssl support for 74.166.186.70:443 (win.acme.com)
do notice that the proxy request seems to be for the wrong domain (wileybits)... the domain it shows is also hosted by my Apache server but I don't get why it shows up in the logs of acme.com (a reverse DNS lookup perhaps?)
in any case, what am I missing?
thanks in advance - ekkis
p.s. host names and addresses have been altered to protect the innocent :)
* update *
with:
RewriteRule ^/(.*) https://win.acme.com/$1 [R,L]
it seems to work fine, but of course, the Windows' hostname becomes visible, which is not acceptable in my scenario
I also tried (instead of mod_rewrite):
ProxyRequests Off
ProxyPass / https://win.acme.com/
but same error
figured it out... apparently I can do this:
SSLProxyEngine On
RequestHeader set Front-End-Https "On"
ProxyPass / https://win.acme.com/
ProxyPassReverse / https://win.acme.com/
CacheDisable *
and it works just fine!
[the solution came from mikeg's posting on 3cx.org]
Not sure the cause of this error, but you might want you try using Squid or Varnish to accomplish this. Previously, I've used Squid to proxy a secure Windows IIS instance without issue.
精彩评论