Saturday, March 14, 2015

ssl - Apache proxy over port 443

I want to be able to redirect http and https traffic coming in to my central server to different virtual servers.




I have a host (the central server) and four different guests. Each guest hosts a website for a different domain. Each domain name resolves to my host server from outside. And on my host I configured Apache to use VirtualHosts and ProxyPass (& ProxyPassReverse) to redirect requests for port 80 to the correct corresponding guest. This works correctly. Joy



But two of the domains also have ssl configured and are also listening on port 443. And here is where it goes wrong. I get ssl certificate errors, and I'm at a loss how to fix these.




NameVirtualHost 192.168.1.1:80

ServerName www.domain1.nl
ProxyPreserveHost On
ProxyPass / http://www.domain1.nl/

ProxyPassReverse / http://www.domain1.nl/
ErrorLog logs/domain1-error_log
CustomLog logs/domain1-access_log combined





        ServerName www.domain2.net
    ProxyPreserveHost On
    ProxyPass / http://www.domain2.net/

    ProxyPassReverse / http://www.domain2.net/
    ErrorLog logs/domain2-error_log
    CustomLog logs/domain2-access_log combined


        ServerName www.domain3.org
    ProxyPreserveHost On
    ProxyPass / http://www.domain3.org/
    ProxyPassReverse / http://www.domain3.org/
    ErrorLog logs/domain3-error_log

    CustomLog logs/doman3-access_log combined



NameVirtualHost 192.168.1.1:443

        ServerName www.domain2.net
    ProxyPreserveHost On
    ProxyPass / https://www.domain2.net
    ProxyPassReverse / https://www.domain2.net

    ErrorLog logs/domain2-error_log
    CustomLog logs/domain2-access_log combined


        ServerName www.domain3.org
    ProxyPreserveHost On
    ProxyPass / https://www.domain3.org/
    ProxyPassReverse / https://www.domain3.org/
    ErrorLog logs/domain3-error_log
    CustomLog logs/domain3-access_log combined




As I said, the normal port 80 requests get routed to the correct server just the way I want them. But requests on port 443 lead to a:




ssl_error_rx_record_too_long




Now I tried some things I found on the internet such as adding:

SSLProxyEngine On
SSLProxyCheckPeerCN on
But this either had no effect or made matters worst.



Any thoughts?

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...