How can I run TLS on Apache2 Proxy behind port forwarding

Question

I have a problem with apache2 proxy in TLS using port forwarding. I manage to make it work correctly in HTTP, but as soon as I try to make it work in HTTPS, Apache shows the message

Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Here is my .conf file:

<IfModule mod_ssl.c>
<VirtualHost *:443>

    ServerName service-test.mydomain.com
    ServerAlias service-test.mydomain.com
    ServerAdmin localhost@localhost
    
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    ProxyRequests Off
    <Proxy *>
    Order deny,allow
    Allow from all
    </Proxy>
    ProxyPass / https://192.168.1.34:1010/
    ProxyPassReverse / https://192.168.1.34:1010/

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/service-test.mydomain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/service-test.mydomain.com/privkey.pem   
    <Location />
    Order allow,deny
    Allow from all
    </Location>
</VirtualHost>

My NAT is well configured, and it's only with HTTPS that the issue occur. I use Debian 11 on Proxmox VM.

Did the server behind the proxy have to get an SSL certificate too? I've tried but it's seem doesn't work too...

How can I fixe this?

Answer 1

Did the server behind the proxy have to get an SSL certificate too?

If the server behind the proxy should be accessed by Apache using HTTPS (i.e. with a https:// URL, then it needs a certificate.

But assuming that you made no changes to the server, then it should probably be accessed by HTTP only, i.e. use http://... in ProxyPass and ProxyPassReverse instead of https://. This way the public URL is still https://, but the TLS is terminated by Apache and no additional TLS is done with the server.