Apache, SSL, proxy, etc.

To: debian-user@lists.debian.org
Subject: Apache, SSL, proxy, etc.
From: Ola Muan <ola@system.paintbox.no>
Date: Wed, 17 Jan 2001 13:50:30 +0100
Message-id: <[🔎] 20010117135030.A9285@system.paintbox.no>

Hello Debianers,

I'm in the situation of being the only lucky person in our company with
any knowledge of Linux. My skills aren't too high, though.  That's why I
would like to do some loud thinking about this case I'm working on, and
hopefully I'll get som answers to my questions from anyone with higher
skills and more experience than myself. I hope some of you have the
patience to read the entire thing - it grew pretty large while i wrote
it.

He's my case:

We run IIS on Win2KServer as application server against Oracle inside
our firewall.  Now we want to provide to our customers the ability to
access reports and such things on that IIS via the Internet. 

Then there are some problems:

Our firewall managers won't let any external http-requests through the
firewall.  

To solve this problem, we're planning to run Apache on an existing
Debian-box in our DMZ (We already run Apache, but only as a regular
web-server). 

Will Apache serve as if it was the real server, or will it only do http
redirection to the IIS? I guess that the latter is true. (Please correct
me if I'm wrong.)

Then I guess I'll have to make the Apache act as a proxy server of some
kind. Unfortunately my knowledge on that subject is poor. I've heard
about both mod_proxy and Squid. But then the next problem arises: we
need secure connections. We're hoping that we can leave the whole
SSL-job to the IIS. But then I read that proxy-servers, or at least
Squid, doesn't support decryption/encryption, but will only perform
tunnelling of SSL-packets, all of which will have the external client's
signature. And then I'm back where I started, right? -They will be
stopped by the firewall.

(Another assumption: Opening the firewall for https-traffic on port 443
is just as dangerous as opening for http-traffic on port 80. Again:
correct me if this isn't true.)

This probably means that I should turn Apache into a
"SSL-and-proxy-animal". 

I've had a look at Apache-SSL. But some recommend to use Apache and
mod_ssl instead. 

Which one is the best, and which proxy server works best in cooperation
with SSL?

I appreciate any comments and suggestions on this, since I don't have
any skilled discussion partner inhouse. Thanks in advance!

<PS> 
Please reply to ola.muan@talk2me.no , since I can't cope with the
traffic on this list.
</PS>

-- 
Best regards, 


Ola Muan
talk2me AS
Systems departement
Oslo, Norway
E-mail:  ola.muan@talk2me.no
http://www.talk2me.no

Reply to:

Follow-Ups:
- Re: Apache, SSL, proxy, etc.
  - From: Erdmut Pfeifer <e.pfeifer@science-computing.de>

Prev by Date: Re: Is there any way to prevent a package from upgrading?
Next by Date: Looking for a driver for a sound card
Previous by thread: Re: On bug reporting
Next by thread: Re: Apache, SSL, proxy, etc.
Index(es):
- Date
- Thread