top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Apache Reverse proxy

+3 votes
325 views

I want to expose backend https servers over internet through reverse proxy. Backend servers are already have SSL certificates. Do I need to install SSL on reverse proxy too.

If I redirect external users requests to https server via reverse proxy then will end user see the SSL certificate in browser.

Can anyone help me in this situation. I already have 3 SSL on internal servers, so do I need more certificates. How the configuration will go in this case.

posted Dec 27, 2013 by Garima Jain

Looking for an answer?  Promote on:
Facebook Share Button Twitter Share Button LinkedIn Share Button

Similar Questions
+1 vote

I have an idea how to setup Apache for doing load balancer based on mod_proxy and mod_balance modules. But in my case the backend server requires ssl client certificate authentication and therefore the Apache Server cannot terminate the ssl connection.

I do no need http session cookie stickyness. The application is stateless. Can I somehow configure Apache as a transparent balancer?

Or I should use even another software - squid, iptables? The backend application is a web service running on Tomcat.

+3 votes

I have Apache 2.4 (win32) and have the following in my CA bundle.

Root 1
Subordinate 1
Subordinate 2

My server was signed off Subordinate 1, When I do openssl s_client -connect server:443, it shows both Subordinate 1 and Subordinate 2 in the acceptable CA names.

If I remove Subordinate 2 from the bundle, It only shows Subordinate 1 as a acceptable CA. However, if I remove Subordinate 1, it still shows as an acceptable CA.

It seems httpd references not only cabundle/cafiles but also certs in the Chain file. as acceptable CAs.

Is it possible to prevent a user signed off Subordinate 1 from using client certificate authentication while the server cert is issued off Subordinate 1?

+2 votes

I am trying to compile httpd-2.4.7 from source, but i get the following error

"#error mod_ssl requires OpenSSL 0.9.8a or later"

But my installed openssl version is openssl-1.0.1e and I have specified it --with-ssl option.
Any suggestions?

+1 vote

How do I checks what ciphers are available to the https compiled binary, and how do I check with of those are active in the configuration?

Is there any technical reason that ECDHE-RSA-AES128-SHA256 cannot be used on a server with a self-signed cert (there's no e-commerce or any financial data of any sort on the server).

If an existing server wants to switch so that all traffic is encrypted using DH if possible (interested in implementing Perfect Forward Secrecy) are there any "Gotcha's" lurking in the bushes?

If you enable ECDHE-RSA-AES128-SHA256, should you disable EDH?

To be accessible for most people (including some Windows XP users), what else do I need to enable in the cipher suite? RC4? RC4-SHA? TLSv1? AES?

Which ones do I need to avoid?

+1 vote

I'm going to use SSLRequire using the worker MPM.

The docs say, "The implementation of SSLRequire is not thread safe. Using SSLRequire inside .htaccess files on a threaded MPM may cause random crashes."

Does this mean that I'm okay with threaded MPM if I'm only using SSLRequire inside httpd.conf and not in .htaccess?

...