How to reverse proxy https with lighttpd

forwardinghttpslighttpdreverse-proxy

I want to forward (reverse proxy) requests to https://secure.mydomain.com(:443) to my internal (HTTPS-)WebServer on port 8443 using Lighttp.

Environment-Infos:
My WebServer is a Tomcat running on Port 8080 (HTTP) and Port 8443 (HTTPS).
HTTP and HTTPs works well when accessing it locally (http://127.0.0.1:8080 and/or https://127.0.0.1:8443)

(Port 8080 + Port 8443 are not direct reachable over the Internet.)

For HTTP, this config works:

$HTTP["host"] == "unsecure.mydomain.com" {
    proxy.server  = ( "" => ( (
            "host" => "127.0.0.1",
            "port" => 8080
    ) ) )
}

Question:
What is needed to reverse-proxy HTTPS?

Best Answer

lighttpd doesn't support TLS on backend connections.

If the backend needs to know whether the frontend connection was made with TLS check the X-Forwarded-Proto header.

If you need an encrypted connection to the backend (due to an untrusted network), use a VPN.

If you wanted end-to-end encryption to the backend you need a TCP proxy (haproxy can route connections based on SNI), or just forward it with iptables and DNAT.

Related Solutions

Nginx – Configure Nginx as reverse proxy with upstream SSL

I found what was the error, I needed to add proxy_ssl_session_reuse off;

Ssl – HTTPS reverse proxy using apache

To get the HTTP requests to redirect instead of proxying, you should do two things:

Move your proxying config (SSLProxyEngine through ProxyPassReverse into the SSL virtual host in /etc/httpd/conf.d/ssl.conf, so that it'll only apply there

Create an HTTP virtual host which will redirect - probably in a new .conf file in /etc/httpd/conf.d:

<VirtualHost *:80>
  ServerName redirect
  RewriteEngine On
  RewriteRule ^(.*) https://%{HTTP_HOST}/$1
</VirtualHost>

Best Answer

Related Solutions

Nginx – Configure Nginx as reverse proxy with upstream SSL

Ssl – HTTPS reverse proxy using apache

Related Topic