Re: reverse proxying of ssl-UPDATE
Went to #apache and was received very nicely by the natives.....
They say the magic is in apache2 or latest mod_ssl of 1.3.26 .... i dl'd
made and made installed it and voila..... it does the trick...very very
very nice... (have NOT tested IIS yet....)
Alex
El mié, 19-06-2002 a las 16:43, Lance Levsen escribió:
>
> > I want this:
> >
> > ssl-certificate <--fw--> apache (whatever) reverse proxy <------>client
> > holding IIS
> >
> >
> > Is this possible?????? For me to reverse proxy a ssl server??? I dont
> > care if the proxy is accessed as http or https, i just want it to work
> > this way...
> >
> > Alex
>
> Heh, funny this should come up. I'm in the process of figuring
> it out myself.
>
> My setup is a bit different though:
>
> Multiple Apache Boxes <--> reverse proxy w/ redirector <-->
> fw <-> client.
>
> Right now the fw port forwards 80 to the r.proxy, the redirector
> rewrites the body of the request for the correct internal
> machine. Obviously an ssl encrypted body can't be rewritten (or
> parsed for that matter) so I have to decrypt it at the proxy.
>
> Squid 2.5 allows you to set https_port with a certificate. This
> will encrypt the session between the client and the proxy. I'm
> less worried about the internal network. The problem of course
> lies in the redirector and the signed cert for the web sites. Do
> I just get one signed for the proxy machine, or do I need
> multiple certs for all the websites (and if so, can more then
> one cert be assigned to the same port and will squid know which
> to use?)
>
> Best case scenario is a single certificate authenticated to the
> proxy box, for external connections. Chances are I'll end up
> hoping that Squid 2.5 allows for multiple SSL certs on the same
> port so then I can ssl all the websites off the proxy.
>
> Cheers,
>
> --
> Lance Levsen,
> Systems Administrator,
> PWGroup - Saskatoon
>
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: