Apache Reverse Proxy With SSL
-
23-08-2019 - |
Question
Is it possbile to reverse proxy to internal server via HTTPS and serve the certificate from the backend server instead of the certificate on the proxy?
Solution
I believe that this cannot be done as it would allow for man in the middle attacks
OTHER TIPS
konqi> That's pretty much the reverse proxy configuration I've been using for years, with a rewrite rule instead of proxy directives which did not work well here.
RewriteEngine On
# is the virtualhost in the allowed server list ?
RewriteCond %{SERVERNAME} ^(server1|server2|server3|server4)\.domain\.com$
# then redirect to the real server (which the virtualhost name resolves to on the proxy)
RewriteRule ^/(.*)$ https://%{SERVER_NAME}/$1 [P]
# else block it all
RewriteRule ^.*$ - [F]
Plain and simple.
Found this configuration as followed:
- You have ONE Domain example.com with different subdomains as VHOSTs (one.example.com, two.example.com, ..)
- You have a Wildcard-Certificate for your domain *.example.com
- You need mod_proxy
- with Proxy directives works for different servernames matching *.example.com
- If there are not other webservers behind the proxy, add without SSL for your domains which are the proxied in the VirtualHost:443 configuration above.
Hot chick! Couldn't believe that this works, but it seems to! Not found any specification to that behaviour, but try yourself.
With kind regards, ~Marcel
P.S: NOT regarding any security doubts here! Please keep in mind that these proxy calls to the "backend" are unsecured and therefore (as like mentioned by Rob) potentially dangerous!