OSDir

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] Apache2.4 forward proxy ssl between client and proxy server


If you want to proxy to google.com or any host , just leave out the
<Proxy></Proxy> stanza from the config

I would recommend to start only with the absolutely necessary config
and expand from there.

That means that for a https forward proxy config you only need this
vhost config + the required modules: mod_proxy_connect, mod_ssl,
mod_proxy (and maybe mod_proxy_http,mod_proxy_ftp if you want to target
other protocols than https)
<VirtualHost _default_:443>
  SSLEngine on
  SSLCertificateFile      ssl/proxy.crt
  SSLCertificateKeyFile ssl/proxy.key
                
  ProxyRequests On
  ProxyVia On
</VirtualHost>

On Wed, 2018-04-11 at 07:44 +0100, Rajesh Cherukuri wrote:
> hi
> 
> Could you try any of the HTTP urls , i am not sure why it is n't
> working for me i can see that you are proxying to 192.IP ,but on mine
> i still get connection abort when it try with below configuration 
> 
> and when tried cul with option --proxy-insecure that option dosen't
> seems to be available 
> 
> 
> 
> # cat  virtualhosts.conf
> 
> Listen 443 https
> 
> <VirtualHost _default_:443>
> 
> 
> LoadModule proxy_connect_module modules/mod_proxy_connect.so
> LogLevel debug
> 
> 
> SSLProtocol all -SSLv2
> SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
> 
> SSLCertificateFile /etc/pki/tls/certs/1.cert
> 
> SSLCertificateKeyFile /etc/pki/tls/private/1.key
> 
> SSLCACertificateFile /etc/pki/tls/certs/intermediate.crt
>   ProxyRequests On
> ProxyVia On
> SSLProxyEngine On
> <Proxy "*">
> <RequireAny>
>      Require expr %{HTTP_HOST} =~ /^example.com:443$/
>      Require expr %{HTTP_HOST} =~ /^172.17.33.13:443$/
>      </RequireAny>
> 
> </Proxy>
> 
> 
> </VirtualHost>
> 
> 
> 
> 
> 
> 
>   curl -k --proxy https://172.16.135.4:443 https://172.17.33.13 -v -v
> * About to connect() to proxy 172.16.135.4 port 443 (#0)
> *   Trying 172.16.135.4...
> * Connected to 172.16.135.4 (172.16.135.4) port 443 (#0)
> * Establish HTTP proxy tunnel to 172.17.33.13:443
> > CONNECT 172.17.33.13:443 HTTP/1.1
> > Host: 172.17.33.13:443
> > User-Agent: curl/7.29.0
> > Proxy-Connection: Keep-Alive
> >
> * Proxy CONNECT aborted
> * Connection #0 to host 172.16.135.4 left intact
> curl: (56) Proxy CONNECT aborted
> 
> 
> 
> curl --proxy-insecure --proxy https://127.0.0.1:8080 https://www.goog
> le.com -v -v
> curl: option --proxy-insecure: is unknown
> curl: try 'curl --help' or 'curl --manual' for more information
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx