I have a server frontend.example.com with public IP. It's Apache (2.4) should proxy the traffic coming for service1.example.com (DNS alias to frontend.example.com).
service1.example.com is a VM on a private LAN (192.168.56.0) between the two.
Now, this is easy for HTTP:
<VirtualHost *:80>
ServerName service1.example.com
ProxyPass / http://192.168.56.2/
ProxyPassReverse / http://192.168.56.2/
<Location "/">
Require all granted
</Location>
</VirtualHost>
I'm trying to do the same for HTTPS:
<VirtualHost *:443>
ServerName service1.example.com
SSLEngine On
SSLProxyEngine On
ProxyRequests Off
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
SSLInsecureRenegotiation on
SSLProxyVerify none
SSLVerifyClient none
SSLCertificateFile /etc/ssl/certs/example_com.crt
SSLCertificateKeyFile /etc/ssl/certs/example_com.key
ProxyPass / https://192.168.56.2/
ProxyPassReverse / https://192.168.56.2/
<Location "/">
Require all granted
</Location>
</VirtualHost>
Trying to access service1.example.com via HTTPS returns : Error during SSL Handshake with remote server
Security is not my concern here. service1 requires an HTTPS connection to some of its services, that's why I'm not simply proxying HTTPS to HTTP.
I do not want frontend.example.com to be involved with SSL. What I would like is that it says "hey, I've got a connection on 443, I'm not dealing with it, I'm just forwarding it to this internal IP, which will take care of it". I just want it to pass the request on.
Can that be done?
As you can see in the HTTPS configuration above, I've tried to relax security as much as possible (e.g. SSLInsecureRenegotiation on is suppose to lower the walls against a man-in-the-middle attack, isn't it?). But nothing worked so far.
