OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] Apache2.4 forward proxy ssl between client and proxy server


Does your curl report any answer from the Apache or does it just lose the connection? Try 'curl -v -D - ...' maybe for more details.

> Am 10.04.2018 um 11:12 schrieb Rajesh Cherukuri <rajecher@xxxxxxxxx>:
> 
> HI 
> 
>  i am not looking for end to end encryption , all i want to do is make apache a forwordproxy configured on SSL and accpect  HTTPS and proxy the urls based on the ACL's' below is my Vhost configuration where i have a forward proxy which is configured to allow only to example.com 
> 
>   when i disabled SSL everything works fine and i can proxy to https://example.com below is the curl output , but when i have proxy configured as SSL  the request seems to be failing 
> 
> SSL enabled -dosen't work 
> 
> curl -I -x https://172.16.130.2:443 https://example.com
> curl: (56) Proxy CONNECT aborted
> 
> <VirtualHost  172.16.130.2:443>
> ProxyRequests On
> ProxyVia On
> SSLProxyEngine On
> SSLEngine On
> SSLProxyVerify none
> SSLCertificateFile /etc/pki/tls/certs/1.cert
> SSLCertificateKeyFile /etc/pki/tls/private1.key
> <Proxy "*">
> <RequireAny>
>      Require expr %{HTTP_HOST} =~ /^example.com:443$/
> </RequireAny>
> </Proxy>
> </VirtualHost>
> 
> 
> SSL disabled -works fine 
> 
> 
> curl -I -x http://172.16.135.4:8082  https://example.com
> HTTP/1.0 200 Connection Established
> Proxy-agent: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips
> 
> HTTP/1.1 200 OK
> Accept-Ranges: bytes
> Cache-Control: max-age=604800
> Content-Type: text/html
> Date: Tue, 10 Apr 2018 09:08:37 GMT
> Etag: "1541025663+gzip"
> Expires: Tue, 17 Apr 2018 09:08:37 GMT
> Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
> Server: ECS (lga/1318)
> X-Cache: HIT
> Content-Length: 1270
> 
> 
> 
> NON-SSL configuration 
> Listen 172.16.130.2:80
> 
> <VirtualHost  172.16.130.2:80>
> 
> ProxyRequests On
> ProxyVia On
> 
> <Proxy "*">
> <RequireAny>
>      Require expr %{HTTP_HOST} =~ /^example.com:443$/
> </Proxy>
> </VirtualHost>
> 
>  
> 
> On Tue, Apr 10, 2018 at 9:34 AM, Stefan Eissing <stefan.eissing@xxxxxxxxxxxxx> wrote:
> 
> 
> > Am 10.04.2018 um 10:24 schrieb Rajesh Cherukuri <rajecher@xxxxxxxxx>:
> >
> > hi
> >
> > thanks for the info , wanted to know if there is a way we can configure SSL on  a apache forword proxy   so that the communication between the client (browser) to the Proxy server is encrypted
> 
> Not sure what exactly you looking for. If you have:
> 
> Browser <-c1-> Apache <-c2-> Backend
> 
> where Apache acts as forward proxy, the both c1 and c2 can be TLS connections, e.g. encrypted. But that means that the data is unencrypted "inside" the Apache server. There is no end-to-end encryption between Browser and Backend.
> 
> As for the TLS c2 connection setup, you have to specify "https:" for your proxied backend and can influence the setup with the various "SSLProxy*" directives.
> 
> Cheers,
> 
> Stefan
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx