[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: reverse proxying of ssl

> I want this:
> ssl-certificate	<--fw--> apache (whatever) reverse proxy <------>client
> holding IIS
> Is this possible?????? For me to reverse proxy a ssl server??? I dont
> care if the proxy is accessed as http or https, i just want it to work
> this way...
> Alex

Heh, funny this should come up. I'm in the process of figuring 
it out myself.

My setup is a bit different though:

Multiple Apache Boxes <--> reverse proxy w/ redirector <--> 
fw <-> client.

Right now the fw port forwards 80 to the r.proxy, the redirector
rewrites the body of the request for the correct internal
machine. Obviously an ssl encrypted body can't be rewritten (or
parsed for that matter) so I have to decrypt it at the proxy.

Squid 2.5 allows you to set https_port with a certificate. This 
will encrypt the session between the client and the proxy. I'm 
less worried about the internal network. The problem of course 
lies in the redirector and the signed cert for the web sites. Do 
I just get one signed for the proxy machine, or do I need 
multiple certs for all the websites (and if so, can more then 
one cert be assigned to the same port and will squid know which 
to use?)

Best case scenario is a single certificate authenticated to the
proxy box, for external connections. Chances are I'll end up
hoping that Squid 2.5 allows for multiple SSL certs on the same 
port so then I can ssl all the websites off the proxy.


Lance Levsen,
Systems Administrator,
PWGroup - Saskatoon

To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: