osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] Apache2.4 forward proxy ssl between client and proxy server


Have you tried

curl --insecure -I -x ... ?

since curl probably doesn't trust your ssl-cert

On Tue, 2018-04-10 at 11:29 +0200, Stefan Eissing wrote:
> Does your curl report any answer from the Apache or does it just lose
> the connection? Try 'curl -v -D - ...' maybe for more details.
> 
> > Am 10.04.2018 um 11:12 schrieb Rajesh Cherukuri <rajecher@xxxxxxxxx
> > >:
> > 
> > HI 
> > 
> >  i am not looking for end to end encryption , all i want to do is
> > make apache a forwordproxy configured on SSL and accpect  HTTPS and
> > proxy the urls based on the ACL's' below is my Vhost configuration
> > where i have a forward proxy which is configured to allow only to
> > example.com 
> > 
> >   when i disabled SSL everything works fine and i can proxy to http
> > s://example.com below is the curl output , but when i have proxy
> > configured as SSL  the request seems to be failing 
> > 
> > SSL enabled -dosen't work 
> > 
> > curl -I -x https://172.16.130.2:443 https://example.com
> > curl: (56) Proxy CONNECT aborted
> > 
> > <VirtualHost  172.16.130.2:443>
> > ProxyRequests On
> > ProxyVia On
> > SSLProxyEngine On
> > SSLEngine On
> > SSLProxyVerify none
> > SSLCertificateFile /etc/pki/tls/certs/1.cert
> > SSLCertificateKeyFile /etc/pki/tls/private1.key
> > <Proxy "*">
> > <RequireAny>
> >      Require expr %{HTTP_HOST} =~ /^example.com:443$/
> > </RequireAny>
> > </Proxy>
> > </VirtualHost>
> > 
> > 
> > SSL disabled -works fine 
> > 
> > 
> > curl -I -x http://172.16.135.4:8082  https://example.com
> > HTTP/1.0 200 Connection Established
> > Proxy-agent: Apache/2.4.6 (Red Hat Enterprise Linux)
> > OpenSSL/1.0.2k-fips
> > 
> > HTTP/1.1 200 OK
> > Accept-Ranges: bytes
> > Cache-Control: max-age=604800
> > Content-Type: text/html
> > Date: Tue, 10 Apr 2018 09:08:37 GMT
> > Etag: "1541025663+gzip"
> > Expires: Tue, 17 Apr 2018 09:08:37 GMT
> > Last-Modified: Fri, 09 Aug 2013 23:54:35 GMT
> > Server: ECS (lga/1318)
> > X-Cache: HIT
> > Content-Length: 1270
> > 
> > 
> > 
> > NON-SSL configuration 
> > Listen 172.16.130.2:80
> > 
> > <VirtualHost  172.16.130.2:80>
> > 
> > ProxyRequests On
> > ProxyVia On
> > 
> > <Proxy "*">
> > <RequireAny>
> >      Require expr %{HTTP_HOST} =~ /^example.com:443$/
> > </Proxy>
> > </VirtualHost>
> > 
> >  
> > 
> > On Tue, Apr 10, 2018 at 9:34 AM, Stefan Eissing <stefan.eissing@gre
> > enbytes.de> wrote:
> > 
> > 
> > > Am 10.04.2018 um 10:24 schrieb Rajesh Cherukuri <rajecher@gmail.c
> > > om>:
> > > 
> > > hi
> > > 
> > > thanks for the info , wanted to know if there is a way we can
> > > configure SSL on  a apache forword proxy   so that the
> > > communication between the client (browser) to the Proxy server is
> > > encrypted
> > 
> > Not sure what exactly you looking for. If you have:
> > 
> > Browser <-c1-> Apache <-c2-> Backend
> > 
> > where Apache acts as forward proxy, the both c1 and c2 can be TLS
> > connections, e.g. encrypted. But that means that the data is
> > unencrypted "inside" the Apache server. There is no end-to-end
> > encryption between Browser and Backend.
> > 
> > As for the TLS c2 connection setup, you have to specify "https:"
> > for your proxied backend and can influence the setup with the
> > various "SSLProxy*" directives.
> > 
> > Cheers,
> > 
> > Stefan
> > -----------------------------------------------------------------
> > ----
> > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> > 
> > 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx