Re: reverse proxying of ssl-UPDATE
Went to #apache and was received very nicely by the natives.....
They say the magic is in apache2 or latest mod_ssl of 1.3.26 .... i dl'd
made and made installed it and voila..... it does the trick...very very
very nice... (have NOT tested IIS yet....)
El mié, 19-06-2002 a las 16:43, Lance Levsen escribió:
> > I want this:
> > ssl-certificate <--fw--> apache (whatever) reverse proxy <------>client
> > holding IIS
> > Is this possible?????? For me to reverse proxy a ssl server??? I dont
> > care if the proxy is accessed as http or https, i just want it to work
> > this way...
> > Alex
> Heh, funny this should come up. I'm in the process of figuring
> it out myself.
> My setup is a bit different though:
> Multiple Apache Boxes <--> reverse proxy w/ redirector <-->
> fw <-> client.
> Right now the fw port forwards 80 to the r.proxy, the redirector
> rewrites the body of the request for the correct internal
> machine. Obviously an ssl encrypted body can't be rewritten (or
> parsed for that matter) so I have to decrypt it at the proxy.
> Squid 2.5 allows you to set https_port with a certificate. This
> will encrypt the session between the client and the proxy. I'm
> less worried about the internal network. The problem of course
> lies in the redirector and the signed cert for the web sites. Do
> I just get one signed for the proxy machine, or do I need
> multiple certs for all the websites (and if so, can more then
> one cert be assigned to the same port and will squid know which
> to use?)
> Best case scenario is a single certificate authenticated to the
> proxy box, for external connections. Chances are I'll end up
> hoping that Squid 2.5 allows for multiple SSL certs on the same
> port so then I can ssl all the websites off the proxy.
> Lance Levsen,
> Systems Administrator,
> PWGroup - Saskatoon
> To UNSUBSCRIBE, email to email@example.com
> with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org