Re: reverse proxying of ssl
> I want this:
>
> ssl-certificate <--fw--> apache (whatever) reverse proxy <------>client
> holding IIS
>
>
> Is this possible?????? For me to reverse proxy a ssl server??? I dont
> care if the proxy is accessed as http or https, i just want it to work
> this way...
>
> Alex
Heh, funny this should come up. I'm in the process of figuring
it out myself.
My setup is a bit different though:
Multiple Apache Boxes <--> reverse proxy w/ redirector <-->
fw <-> client.
Right now the fw port forwards 80 to the r.proxy, the redirector
rewrites the body of the request for the correct internal
machine. Obviously an ssl encrypted body can't be rewritten (or
parsed for that matter) so I have to decrypt it at the proxy.
Squid 2.5 allows you to set https_port with a certificate. This
will encrypt the session between the client and the proxy. I'm
less worried about the internal network. The problem of course
lies in the redirector and the signed cert for the web sites. Do
I just get one signed for the proxy machine, or do I need
multiple certs for all the websites (and if so, can more then
one cert be assigned to the same port and will squid know which
to use?)
Best case scenario is a single certificate authenticated to the
proxy box, for external connections. Chances are I'll end up
hoping that Squid 2.5 allows for multiple SSL certs on the same
port so then I can ssl all the websites off the proxy.
Cheers,
--
Lance Levsen,
Systems Administrator,
PWGroup - Saskatoon
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: