Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
chs_voks2016-02-13 20:24:41
linux
chs_voks, 2016-02-13 20:24:41

How to properly proxy an SSL site in Apache 2.4?

Hello.
There is the following config:

<VirtualHost *:80>
  ServerName   site.ru
  ServerAlias     my.site.ru
    
  ProxyRequests Off
  ProxyPreserveHost On
  ProxyVia full
    
  <Proxy *>
      Order deny,allow
      Allow from all
  </Proxy>

  SSLProxyEngine on
  SSLProxyVerify none 
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName off
  SSLProxyCheckPeerExpire off

  ProxyPass / https://192.168.1.250/
  ProxyPassReverse / https://192.168.1.250/
</VirtualHost>

It is necessary that there is an absolutely transparent entrance either locally (192.168.1.250) or through a proxy (my.site.ru). If I understand correctly, then with the current configuration, Apache does not cling to my certificate, but simply ignores them and everything goes on the 80th port.
How to correctly proxy an SSL site in Apache 2.4? How to correctly pick up the certificate of the proxied site? Let'sCrypt keys are available (cert.pem, chain.pem fullchain.pem, privkey.pem)
There are many articles on the net, some of which do not work, some contradict.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
C
chs_voks, 2016-02-18
@chs_voks 

<VirtualHost *:443>
  ServerName     site.ru
  ServerAlias       my.site.ru
  
  SSLEngine On

  SSLCertificateFile		"/usr/local/etc/apache24/my.site.ru/cert.pem"
  SSLCertificateKeyFile	"/usr/local/etc/apache24/my.site.ru/privkey.pem"
  SSLCertificateChainFile "/usr/local/etc/apache24/my.site.ru/chain.pem"
  
  ProxyRequests Off
  ProxyPreserveHost On

  SSLProxyEngine On
  SSLProxyVerify none
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName off

  ProxyPass / https://192.168.1.250/
  ProxyPassReverse / https://192.168.1.250/
</VirtualHost>

Report
S
shuraosipov, 2016-02-24
@shuraosipov

how-to with config examples for apache 2.4 - https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html
In SSL certificates, the FQDN name is specified as the common name, but I don't see any technical restrictions from specifying it as common name IP addresses - https://support.globalsign.com/customer/portal/art...

Similar questions
A
Andrey2017-09-01 22:17:58
How to make Wait wait for completion? 2Reply
M
Meehalkoff2017-09-02 21:27:39
How to cure a hard drive? 1Reply
U
Umid2017-09-03 13:57:05
Linux or Windows to work with Node.js? 6Reply
D
devalone2017-09-03 20:02:06
Why is android x86 slow? 1Reply
D
Dmitry Alexandrov2020-02-03 16:16:40
How to raise a mobile proxy on a router via home Internet? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question