Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
chs_voks2016-02-13 20:24:41
linux
chs_voks, 2016-02-13 20:24:41

How to properly proxy an SSL site in Apache 2.4?

Hello.
There is the following config:

<VirtualHost *:80>
  ServerName   site.ru
  ServerAlias     my.site.ru
    
  ProxyRequests Off
  ProxyPreserveHost On
  ProxyVia full
    
  <Proxy *>
      Order deny,allow
      Allow from all
  </Proxy>

  SSLProxyEngine on
  SSLProxyVerify none 
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName off
  SSLProxyCheckPeerExpire off

  ProxyPass / https://192.168.1.250/
  ProxyPassReverse / https://192.168.1.250/
</VirtualHost>

It is necessary that there is an absolutely transparent entrance either locally (192.168.1.250) or through a proxy (my.site.ru). If I understand correctly, then with the current configuration, Apache does not cling to my certificate, but simply ignores them and everything goes on the 80th port.
How to correctly proxy an SSL site in Apache 2.4? How to correctly pick up the certificate of the proxied site? Let'sCrypt keys are available (cert.pem, chain.pem fullchain.pem, privkey.pem)
There are many articles on the net, some of which do not work, some contradict.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
C
chs_voks, 2016-02-18
@chs_voks 

<VirtualHost *:443>
  ServerName     site.ru
  ServerAlias       my.site.ru
  
  SSLEngine On

  SSLCertificateFile		"/usr/local/etc/apache24/my.site.ru/cert.pem"
  SSLCertificateKeyFile	"/usr/local/etc/apache24/my.site.ru/privkey.pem"
  SSLCertificateChainFile "/usr/local/etc/apache24/my.site.ru/chain.pem"
  
  ProxyRequests Off
  ProxyPreserveHost On

  SSLProxyEngine On
  SSLProxyVerify none
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName off

  ProxyPass / https://192.168.1.250/
  ProxyPassReverse / https://192.168.1.250/
</VirtualHost>

Report
S
shuraosipov, 2016-02-24
@shuraosipov

how-to with config examples for apache 2.4 - https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html
In SSL certificates, the FQDN name is specified as the common name, but I don't see any technical restrictions from specifying it as common name IP addresses - https://support.globalsign.com/customer/portal/art...

Similar questions
P
PrayHero2021-06-10 22:58:31
Why does sql server 2019 on linux load CPU when idle? 1Reply
D
Denis Savitsky2011-02-22 14:27:56
Teamviewer in Kubuntu via proxy 1Reply
M
mouLL2021-06-11 13:22:18
How to find out the cause of the OS freeze? 1Reply
T
Toejam2020-04-18 11:48:01
Why does the bridge and Wi-Fi rise through time? 1Reply
G
Gina Lee2015-09-30 22:52:34
How to compile a sish file through the terminal if you need to set input arguments? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question