httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject Re: [users@httpd] Apache2.4 forward proxy ssl between client and proxy server
Date Tue, 10 Apr 2018 09:29:51 GMT
Does your curl report any answer from the Apache or does it just lose the connection? Try 'curl
-v -D - ...' maybe for more details.

> Am 10.04.2018 um 11:12 schrieb Rajesh Cherukuri <rajecher@gmail.com>:
> 
> HI 
> 
>  i am not looking for end to end encryption , all i want to do is make apache a forwordproxy
configured on SSL and accpect  HTTPS and proxy the urls based on the ACL's' below is my Vhost
configuration where i have a forward proxy which is configured to allow only to example.com

> 
>   when i disabled SSL everything works fine and i can proxy to https://example.com below
is the curl output , but when i have proxy configured as SSL  the request seems to be failing

> 
> SSL enabled -dosen't work 
> 
> curl -I -x https://172.16.130.2:443 https://example.com
> curl: (56) Proxy CONNECT aborted
> 
> <VirtualHost  172.16.130.2:443>
> ProxyRequests On
> ProxyVia On
> SSLProxyEngine On
> SSLEngine On
> SSLProxyVerify none
> SSLCertificateFile /etc/pki/tls/certs/1.cert
> SSLCertificateKeyFile /etc/pki/tls/private1.key
> <Proxy "*">
> <RequireAny>
>      Require expr %{HTTP_HOST} =~ /^example.com:443$/
> </RequireAny>
> </Proxy>
> </VirtualHost>
> 
> 
> SSL disabled -works fine 
> 
> 
> curl -I -x http://172.16.135.4:8082  https://example.com
> HTTP/1.0 200 Connection Established
> Proxy-agent: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips
> 
> HTTP/1.1 200 OK
> Accept-Ranges: bytes
> Cache-Control: max-age=604800
> Content-Type: text/html
> Date: Tue, 10 Apr 2018 09:08:37 GMT
> Etag: "1541025663+gzip"
> Expires: Tue, 17 Apr 2018 09:08:37 GMT
> Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
> Server: ECS (lga/1318)
> X-Cache: HIT
> Content-Length: 1270
> 
> 
> 
> NON-SSL configuration 
> Listen 172.16.130.2:80
> 
> <VirtualHost  172.16.130.2:80>
> 
> ProxyRequests On
> ProxyVia On
> 
> <Proxy "*">
> <RequireAny>
>      Require expr %{HTTP_HOST} =~ /^example.com:443$/
> </Proxy>
> </VirtualHost>
> 
>  
> 
> On Tue, Apr 10, 2018 at 9:34 AM, Stefan Eissing <stefan.eissing@greenbytes.de>
wrote:
> 
> 
> > Am 10.04.2018 um 10:24 schrieb Rajesh Cherukuri <rajecher@gmail.com>:
> >
> > hi
> >
> > thanks for the info , wanted to know if there is a way we can configure SSL on 
a apache forword proxy   so that the communication between the client (browser) to the Proxy
server is encrypted
> 
> Not sure what exactly you looking for. If you have:
> 
> Browser <-c1-> Apache <-c2-> Backend
> 
> where Apache acts as forward proxy, the both c1 and c2 can be TLS connections, e.g. encrypted.
But that means that the data is unencrypted "inside" the Apache server. There is no end-to-end
encryption between Browser and Backend.
> 
> As for the TLS c2 connection setup, you have to specify "https:" for your proxied backend
and can influence the setup with the various "SSLProxy*" directives.
> 
> Cheers,
> 
> Stefan
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message