httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <icici...@gmail.com>
Subject Re: [users@httpd] Example Apache reverse proxy configuration for HTTPS frontend and several HTTP backends
Date Sun, 08 Mar 2015 01:05:07 GMT
On 08/03/2015 10:01 AM, "A M" <amm.priv2@gmail.com> wrote:
>
>
> Hello experts,
>
> I am trying to set up a classical frontend HTTPS Apache Reverse Proxy
> for a couple of plain backend HTTP servers sitting on a backend private
> network. The plaform is Centos 6, the Apache rpm is
httpd-2.2.15-39.el6.centos.
>
> I first created three DNS entries, all pointing to the same public IP:
>
>          apachefrontend.example.com
>          appserver1.example.com
>          appserver2.example.com
>
> I then generated the SSL cert and key for the frontend host and verified
that
> SSL config was correct (all settings and key/cert were defined inside the
file
> /etc/httpd/conf.d/ssl.conf). The URL "https://apachefrontend.example.com"
> replied OK.
>
> I have then set up a forced redirection to port 443 on the mother
> server and defined two virtual hosts, in this manner:
>
> ..
> NameVirtualHost *:80
>

First change this:

> <VirtualHost *:80>
>      ServerName apachefrontend.example.com
>      RedirectMatch ^/(.*)    https://apachefrontend.example.com/$1
> </VirtualHost>
>

to:

<VirtualHost *:80>
     ServerName apachefrontend.example.com
       ServerAlias appserver1.example.com appserver2.example.com

     RedirectMatch ^/(.*)    https://%{HTTP_HOST}/$1
</VirtualHost>

Then get rid of these two:

> <VirtualHost *:80>
>      ServerName appserver1.example.com
>      ProxyRequests Off
>      ProxyPass / http://appserver1.backend/
>      ProxyPassReverse / http://appserver1.backend/
> </VirtualHost>
>
> <VirtualHost *:80>
>      ServerName appserver2.example.com
>      ProxyRequests Off
>      ProxyPass / http://appserver2.backend/
>      ProxyPassReverse / http://appserver2.backend/
> </VirtualHost>
> ..

More specific convert them to ssl vhosts:

<VirtualHost *:443>
     ServerName appserver1.example.com
     ProxyRequests Off
     ProxyPass / http://appserver1.backend/
     ProxyPassReverse / http://appserver1.backend/
</VirtualHost>

<VirtualHost *:443>
     ServerName appserver2.example.com
     ProxyRequests Off
     ProxyPass / http://appserver2.backend/
     ProxyPassReverse / http://appserver2.backend/
</VirtualHost>

which will effectively do what you want which is terminate ssl on the
frontend.

> Now,
>
> - If I go to "http://apachefrontend.example.com", I am
> correctly ending up at "https://apachefrontend.example.com";
>
> - If I go to "http://appserver1[2].example.com", I arrive to
> the backend servers allright, but only via the port 80.
>
> This behaviour is apparently correct, but so far I have not found
> the right configuration options needed  to enforce the secure
> connection to the backend servers via the reverse proxy (I may
> not enable SSL on the backend servers as they are running some
> privately managed applications and cannot be tweaked).
>
> Could someone kindly post an example of working configuration
> of the same type?
>
> Thanks ahead for any advice!
>
> Andy.
>
>
>

Mime
View raw message