httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rajesh Cherukuri <rajec...@gmail.com>
Subject Re: [users@httpd] Apache2.4 forward proxy ssl between client and proxy server
Date Tue, 10 Apr 2018 09:12:53 GMT
HI

 i am not looking for end to end encryption , all i want to do is make
apache a forwordproxy configured on SSL and accpect  HTTPS and proxy the
urls based on the ACL's' below is my Vhost configuration where i have a
forward proxy which is configured to allow only to example.com

  when i disabled SSL everything works fine and i can proxy to
https://example.com below is the curl output , but when i have proxy
configured as SSL  the request seems to be failing

*SSL enabled -dosen't work *

curl -I -x https://172.16.130.2:443 <https://172.16.130.2/> ht
tps://example.com
*curl: (56) Proxy CONNECT aborted*

<VirtualHost  172.16.130.2:443>
ProxyRequests On
ProxyVia On
SSLProxyEngine On
SSLEngine On
SSLProxyVerify none
SSLCertificateFile /etc/pki/tls/certs/1.cert
SSLCertificateKeyFile /etc/pki/tls/private1.key
<Proxy "*">
<RequireAny>
     Require expr %{HTTP_HOST} =~ /^example.com:443$/
</RequireAny>
</Proxy>
</VirtualHost>


*SSL disabled -works fine *


curl -I -x http://172.16.135.4:8082  *https://example.com
<https://example.com>*
HTTP/1.0 200 Connection Established
Proxy-agent: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips

*HTTP/1.1 200 OK*
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: text/html
Date: Tue, 10 Apr 2018 09:08:37 GMT
Etag: "1541025663+gzip"
Expires: Tue, 17 Apr 2018 09:08:37 GMT
Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
Server: ECS (lga/1318)
X-Cache: HIT
Content-Length: 1270



*NON-SSL configuration *
Listen 172.16.130.2:80 <http://172.16.130.2:443/>

<VirtualHost  172.16.130.2:80 <http://172.16.130.2:443/>>

ProxyRequests On
ProxyVia On

<Proxy "*">
<RequireAny>
     Require expr %{HTTP_HOST} =~ /^example.com:443$/
</Proxy>
</VirtualHost>



On Tue, Apr 10, 2018 at 9:34 AM, Stefan Eissing <
stefan.eissing@greenbytes.de> wrote:

>
>
> > Am 10.04.2018 um 10:24 schrieb Rajesh Cherukuri <rajecher@gmail.com>:
> >
> > hi
> >
> > thanks for the info , wanted to know if there is a way we can configure
> SSL on  a apache forword proxy   so that the communication between the
> client (browser) to the Proxy server is encrypted
>
> Not sure what exactly you looking for. If you have:
>
> Browser <-c1-> Apache <-c2-> Backend
>
> where Apache acts as forward proxy, the both c1 and c2 can be TLS
> connections, e.g. encrypted. But that means that the data is unencrypted
> "inside" the Apache server. There is no end-to-end encryption between
> Browser and Backend.
>
> As for the TLS c2 connection setup, you have to specify "https:" for your
> proxied backend and can influence the setup with the various "SSLProxy*"
> directives.
>
> Cheers,
>
> Stefan
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message