trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <>
Subject Re: Setup SSL certificate with ATS & Apache httpd
Date Wed, 13 Sep 2017 11:53:31 GMT

Am 13.09.2017 um 12:04 schrieb Alexander Yurchik:
> Hello
> I have ATS & Apache httpd installed and configured to run my site.
> Both runs on the same machine. ATS is 5.x version.
> ATS listens on 80 port and my config for ports is:
> CONFIG proxy.config.http.server_ports STRING 80
> Now I obtained an SSL certificate from Let's encrypt project and want my 
> site to be available via https as well.
> How I can do that?
> Now my idea is to create SSL enabled virtual host in Apache httpd and 
> just condigure ATS to listen on 443 port and map https url to apache's 
> virtual host with SSL enabled. So basically I just need to setup ATS to 
> listen on 443 and do proper mapping.
> OR
> Maybe I don't need to setup SSL in Apache and all SSL stuff should be 
> configured on ATS level? If so - how I can do that?

first throw way version 5.x - it's a joke when it comes to TLS - bad 
enough that 7.1.1 still don't support RSA/ECDSA dualstack but 5.x as far 
as i remember did even not support DHE and other ciphers proper

when you have a proxy in front there is no need to configure https on 
the backend - google for "tls offloading" - the lcient never talks to 
the httpd machine and it makes no sense to encrypt the traffic between 
frontend and backend especially when both are on the same machine

CONFIG proxy.config.http.server_ports STRING 80 443:ssl

map http://whatever http://backend
map https://whatever http://backend

remap.config hwne you want to enforce https:
map http://whatever https://whatever
map https://whatever http://backend


if you don't know how to make a sane pem-file containing the whole 
chain, certficate and key just read

View raw message