Apache ProxyPassReverse and https

Question

I would like to map all traffic on 80 and 443 from foo.com to an internal server: 192.168.1.101. I have a VirtualHost (Apache 2.2 on Ubuntu) setup as follows (note, I had to break up the hyperlinks below because I am a 'new user'):

<VirtualHost *:80>
  ServerName foo.com
  ServerAlias *.foo.com
  ProxyRequests Off
  ProxyPreserveHost On

  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  ProxyPass / http://192.168.1.101/
  ProxyPassReverse / http://192.168.1.101/
</VirtualHost>

And that works great for http traffic. However, I can't seem to do the same thing for https. I have tried:

• Changing VirtualHost *:80 to * - but that doesn't work (I need it http->http and https->https)

• Creating a new VirtualHost entry for *:443 that redirects to http://192.168.1.101/, but that fails as well (browser timeouts)

I did some searching, here and elsewhere, and the closest question I could find was this, but that didn't quite answer it.

Also, just out of curiosity, I tried mapping all ports to https (by changing the two ProxyPass lines from http to https (and removing the :80 from VH), and that didn't work either. How would you do that as well?

Any thoughts? Thanks in advance.

Answer 1

This used to work for me

<VirtualHost *:443>                                                                                                                                                                        
 ServerName domaine.com
 SSLProxyEngine on                                                                                                                                                                          
 <Location />                                                                                                                                                                               
 ProxyPass https://www.something.com/                                                                                                                                                           
 ProxyPassReverse https://www.something.com/                                                                                                                                                    
 </Location>                                                                                                                                                                                
</VirtualHost>

Answer 2

The following works for me:

<VirtualHost A.B.C.D:443>
    ...

    ProxyPass / https://192.168.1.101/
    ProxyPass / https://192.168.1.101/
</VirtualHost>

(Where A.B.C.D is your public IP address, obviously)

Answer 3

If you want all the request to be redirected to the secure network i.e. throught https the add the following:

<VirtualHost *:443>
  ServerName ngmlx441
  SSLEngine on
  KeepAliveEnabled ON
  SSLCipherSuite HIGH:MEDIUM
  SSLProtocol all
  SSLProxyEngine on
  SecureProxy ON
  SSLProxyEngine on
  SSLCertificateFile /etc/httpd/conf.d/servername.crt
  SSLCertificateKeyFile /etc/httpd/conf.d/servername.key
  SSLCACertificateFile /etc/httpd/conf.d/orgination.crt
</VirtualHost>

Answer 4

I would personally skip Apache entirely and use IPTABLES to forward all traffic on 80 and 443 to the required IP, would imagine this would give greater performance.

(Assumes you have access on the machine to edit the firewall rules).

$iptables -A PREROUTING -t nat -i $EXTIF -p tcp --dport 80 -j DNAT --to 192.168.1.101:80
$iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.1.101 --dport 80 -j ACCEPT

brief exert from my firewall where I do just what you are trying to do.