Apache reverse proxy set up SSL certificate
-
08-07-2019 - |
Question
We need to set up a secure certificate on an Apache reverse proxy. We've been advised that we need to use a virtual host directive.
I've looked these up in the O'Reilly book bit can't find any examples that pick up https specifically.
Does anyone have any examples of config snippets to do this?
Solution
I'm not exactly sure what you are asking for, but there are multiple things you need. For example, you need to get a SSL certificate, then you need to install mod_ssl into your Apache. I suggest you install it using your system's package manager, etc..
This is an example virtualhost:
<VirtualHost IP.ADDRESS.HERE:443>
DocumentRoot /web/domain.com/www/htdocs
ServerName www.domain.com
ServerAdmin server@domain.com
SSLEngine on
SSLCertificateFile /usr/local/etc/apache/ssl.crt/www.domain.com.crt
SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/www.domain.com.key
ErrorLog "/var/logs/domain.com/error_log"
CustomLog "|/usr/local/sbin/cronolog /var/logs/domain.com/%Y/%m/access_log" combined
</VirtualHost>
A proxy configuration inside the <VirtualHost />
can look different. This assumes that the domain points to a directory on your server, but what you do inside <VirtualHost />
is up to you.
As I said, I also had to install ssl into Apache, to load the module I needed the following:
LoadModule ssl_module libexec/apache/libssl.so
...
AddModule mod_ssl.c
And that's basically it. Let me know if you need more pointers. In case, it also helps if you tell us if you run Apache 1.3 or 2.x.
OTHER TIPS
Not sure if this is what you're after, but I used something like the following in the past:
<IfModule mod_ssl.c>
SSLProxyEngine On
ProxyPreserveHost On
RewriteRule ^/whatever(.*)$ https://otherhost/whatever$1 [P]
</IfModule>
I needed to proxy secure content from another host, and that's what we ended up using. Works fine, and has for some time now. Does that sort of cover what you're looking for?