Re: reverse proxying of ssl-UPDATE

To: Lance Levsen <l.levsen@pwgroup.ca>, z-deb-isp <debian-isp@lists.debian.org>
Subject: Re: reverse proxying of ssl-UPDATE
From: Alejandro Borges <alex@sogrp.com>
Date: 20 Jun 2002 11:24:09 -0600
Message-id: <[🔎] 1024593850.1625.23.camel@alex>
In-reply-to: <[🔎] 20020619224331.086B27AEF@cossette.cmcentre.com>
References: <[🔎] 1024513397.3495.2.camel@alex> <[🔎] 20020619224331.086B27AEF@cossette.cmcentre.com>

Went to #apache and was received very nicely by the natives.....


They say the magic is in apache2 or latest mod_ssl of 1.3.26 .... i dl'd
made and made installed it and voila..... it does the trick...very very
very nice... (have NOT tested IIS yet....)




Alex

El mié, 19-06-2002 a las 16:43, Lance Levsen escribió:
> 
> > I want this:
> > 
> > ssl-certificate	<--fw--> apache (whatever) reverse proxy <------>client
> > holding IIS
> > 
> >  
> > Is this possible?????? For me to reverse proxy a ssl server??? I dont
> > care if the proxy is accessed as http or https, i just want it to work
> > this way...
> > 
> > Alex
> 
> Heh, funny this should come up. I'm in the process of figuring 
> it out myself.
> 
> My setup is a bit different though:
> 
> Multiple Apache Boxes <--> reverse proxy w/ redirector <--> 
> fw <-> client.
> 
> Right now the fw port forwards 80 to the r.proxy, the redirector
> rewrites the body of the request for the correct internal
> machine. Obviously an ssl encrypted body can't be rewritten (or
> parsed for that matter) so I have to decrypt it at the proxy.
> 
> Squid 2.5 allows you to set https_port with a certificate. This 
> will encrypt the session between the client and the proxy. I'm 
> less worried about the internal network. The problem of course 
> lies in the redirector and the signed cert for the web sites. Do 
> I just get one signed for the proxy machine, or do I need 
> multiple certs for all the websites (and if so, can more then 
> one cert be assigned to the same port and will squid know which 
> to use?)
> 
> Best case scenario is a single certificate authenticated to the
> proxy box, for external connections. Chances are I'll end up
> hoping that Squid 2.5 allows for multiple SSL certs on the same 
> port so then I can ssl all the websites off the proxy.
> 
> Cheers,
> 
> -- 
> Lance Levsen,
> Systems Administrator,
> PWGroup - Saskatoon
> 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 



--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- reverse proxying of ssl
  - From: Alejandro Borges <alex@sogrp.com>
- Re: reverse proxying of ssl
  - From: Lance Levsen <l.levsen@pwgroup.ca>

Prev by Date: Re: pppd+radius ?
Next by Date: Re: pppd+radius ?
Previous by thread: Re: reverse proxying of ssl
Next by thread: Apache 2
Index(es):
- Date
- Thread