1

I currently have a DYNDNS standard account and an apache webserver (call it srv1) that has all port 80 and port 443 traffic forwarded to it.

I have another webserver internally (call it srv2) that is configured with a reverse proxy from srv1 on port 80 from a subdomain.

It works but I can't get a reverse proxy from sv1 on port 443 to work.

Kenny Rasschaert
  • 9,045
  • 3
  • 42
  • 58
Diego Gutierrez
  • 13
  • 3
  • No special tricks needed, really. Can you provide your config (with sensitive details changed, if needed) so that we can look it over? – Shane Madden Jan 08 '12 at 23:15
  • You'll most likely have to post the configs from srv1 to get this answered. – Ladadadada Jan 08 '12 at 23:16
  • Please also specify where you would like the SSL termination to occur (srv1 or srv2) – Mathias R. Jessen Jan 08 '12 at 23:17
  • Im trying to make it so http://domain.com goes to srv1 on port 80 and https://domain.com goes to srv1 on port 443 and then http://xxx.domain.com goes to srv2 on port 80 and https://xxx.domain.com goes to port 443 on srv2 – Diego Gutierrez Jan 08 '12 at 23:26

1 Answers1

0

I would be willing to bet that you are trying to proxy HTTPS traffic. If you think about how HTTPS traffic works, it's entirely encrypted from client to server. In order to pass SSL HTTP traffic on to another server, you will need to receive the HTTPS on SRV1 and then pass it on the SRV2 as plain old HTTP. If your destination for the procy rule is an SSL VirtualHost, then it will be receiving HTTP traffic when it expects HTTPS.

This previous ServerFault question talks about how to configure this in detail but the general gist is:

#SRV1 Config
<VirtualHost *:443>
SSLEngine On
...other SSL params...
ProxyPass / http://ip.address.for.srv2/
</VirtualHost>

This can be worked around, have a look at this thread for an example. It's not very pleasant though, and by the sound of your use case probabaly easier to just offload the SSL at SRV1.

Community
  • 1
SimonJGreen
  • 3,205
  • 5
  • 33
  • 55
  • Well if it swaps to HTTP after its in passed the firewall then it would still be secure which is what im really trying to accomplish – Diego Gutierrez Jan 08 '12 at 23:32
  • In that case your problem is easily solved. You have an SSL VirtualHost on your SRV1, and you use the proxy params to pass that traffic to an NON-SSL VirtualHost on SRV2 on it's internal address. – SimonJGreen Jan 08 '12 at 23:35
  • so I'm still a bit confused can that be set up using virtualHosts and how would I would I accomplish this forwarding it to port 80 on srv2 – Diego Gutierrez Jan 08 '12 at 23:45
  • ServerName srv2.domain.com ProxyRequests Off Order deny,allow Allow from all ProxyErrorOverride On ProxyPass / http://xx.xx.xx.xx/ ProxyPassReverse / http://xx.xx.xx.xx/ Order allow,deny Allow from all – Diego Gutierrez Jan 08 '12 at 23:48
  • that was my config to try to do that same thing and it didnt work – Diego Gutierrez Jan 08 '12 at 23:48
  • I've updated my answer to include an example config – SimonJGreen Jan 08 '12 at 23:51
  • im getting closer but its still just sending the subdomain to srv1 – Diego Gutierrez Jan 09 '12 at 00:01
  • Remove everything you have relating to it been a ReverseProxy, as that's not what you're trying to achieve. All you need is the ProxyPass line (and of course mod_proxy enabled!) and it should work. Have a scan over the [ProxyPass Directive documentation examples](http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass). – SimonJGreen Jan 09 '12 at 00:04
  • that worked wonderfully, thank you very much for your help – Diego Gutierrez Jan 09 '12 at 00:23