1

On our Linux Server we got some sort or WebApp running its own little webserver using http ONLY. That means it does not support ssl by itself. So im looking for a way to have "something" packed in front of this little Webserver/WebApp, so it is talking https to the User (required) and have it keep on talking http to the WebApp locally (server internal).

i tried to find something like that. but the fact that i found A LOT stuff covering apache, ssl and reverse proxy didnt clear things up really. im more confused than before.

Need some Hint, Keywords or an example of a configuration that does achieve that.

thanks

Axel Werner
  • 156
  • 1
  • 12

2 Answers2

2

Setup a NGINX or similar server in front of your webapp that proxies the traffic. Then setup the NGINX with a SSL certificate.

Setup your webapp to run on fx. port 8080 and use this snippet of code to proxy it in NGINX:

location / {
  proxy_pass http://127.0.0.1:8080/;
}

The whole server block with SSL enabled should look something like this:

server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;

        listen 443 ssl;

        server_name example.com;
        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

        location / {
                proxy_pass http://127.0.0.1:8080/;
        }
}

Example Apache virtual host config:

<VirtualHost *:443>
    ServerName example.com
    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined

    SSLEngine on
    SSLCertificateFile    /path/to/certificatefile
    SSLCertificateKeyFile /path/to/keyfile

        <Location />
            ProxyPass          http://your-webserver:8080/
            ProxyPassReverse   http://your-webserver:8080/
        </Location>
</VirtualHost>

It has not been tested and may need some adjustments, but should give you an idea of how to set it up.

Frederik
  • 3,359
  • 3
  • 32
  • 46
  • I'd suggest trying `haproxy` before `nginx`, but either works. `pound` was also good for this before `haproxy` added SSL termination. – chicks Jul 09 '15 at 00:55
  • I only suggested nginx because that is what I use. Apache could also be used as well as a bunch of other software. – Frederik Jul 09 '15 at 05:27
  • Thanks a lot so far! - BUT i would prefere to have it done with Apache2.4 instead of additional proxy software , since apache2.4 is already installed and available to that server system. - So does anyone have a proper example how to fix that with apache only ? - i found several examples of apache, ssl enabled vhosts and such myself, but every example somehow looked different and confused me up even more so i am in doubts those people dont really know what they put together. Anyone here REALLY knows how to do it properly without useless balast in the apache examples ? – Axel Werner Jul 09 '15 at 11:39
  • Added a very basic apache example. – Frederik Jul 09 '15 at 12:53
  • AHH! That looks way more clear than anything i found so far. im sure this will help get me going. thanks Mate! – Axel Werner Jul 10 '15 at 09:55
  • This Answer worked a treat! but i had to also do a " a2enmod proxy_http ssl proxy " to make Apache accept it. it would not do it without the "proxy_http" , even though "proxy" is enabled. – Axel Werner Jul 14 '15 at 12:09
  • @AxelWerner - Good to hear! Yes, you do of course need to enable the proxy modules for apache to actually know what to do when you tell it to proxy something :) – Frederik Jul 14 '15 at 13:07
-1

You can try doing a rewrite with apache. Theres a similar question that was asked before that explains how. https://stackoverflow.com/questions/8371/how-do-you-redirect-https-to-http

Community
  • 1
Matthew
  • 183
  • 5
  • Axel can't really use this since his webserver is not running apache. – Frederik Jul 08 '15 at 16:49
  • The post was tagged apache – Matthew Jul 08 '15 at 17:02
  • "how-do-you-redirect-https-to-http" seems to be the exact opposite of what im trying to achieve here. - BUT i would prefere to have it done with Apache2.4 instead of additional proxy software , since apache2.4 is already installed and available to the system. - So does anyone have a proper example of such a vhost configuration ? - i found several examples of apache, ssl enabled vhosts and such myself, but every example somehow looked different and confused me up even more. that i an in doubts those people dont really know what they put together there. – Axel Werner Jul 09 '15 at 11:36
  • Oh. I didn't understand the question then. I read it as you want it so when a user connects to https the connection will still work for the user. So your app will respond on on both ports but not use ssl. So what you are trying to do is just make your web app use ssl to external users? But you don't want it to use ssl for certain internal or local machine? – Matthew Jul 09 '15 at 14:18
  • the webapp cannot talk https at all and comes with its own embedded webserver. imagine something like a webappliance. So all the user authentication and http content is transported "unencrypted" or "plain text" over the line, which is BAD . So i want to secure it with some sort of " frontend proxy service" that offers ssl/tls. with something like that i can "hide" the unsecure webservice from the users and offer them just a secure ssl/tls enabled frontend. - but the problem should be solved now, thanks to +Frederik Nielsen – Axel Werner Jul 10 '15 at 09:52