Ssl – Apache forward proxy HTTP requests to arbitrary AWS S3 buckets over HTTPS

apache-2.4PROXYssl

This is a rewrite of my original post. I still banging my head trying to figure out how to get a custom client (Windows service that only speaks HTTP, does not support HTTPS) to upload files to Amazon AWS S3 buckets via an Apache 2.4 proxy. Since the client doesn't support HTTPS, I want it to access arbitrary S3 buckets via HTTP and have the Apache proxy transparently use HTTPS between itself and the S3 buckets, e.g. HTTPS://bucket-name.s3-aws-region.amazonaws.com, to handle the file uploads. A simple rewrite has so far not worked. This wouldn't be a redirect (mod_proxy [R,L] flags) since I don't want to redirect the client to the HTTPS URL since it can't do SSL.

I can do this for a single bucket using a reverse proxy, but I don't see how to use a reverse proxy for an arbitrary number of unspecified buckets since it's the domains that matter in the ProxyPass and ProxyPassReverse settings.

Is what I'm trying to do even possible? It feels like it should be…

Best Answer

This is absolutely possible, and does not require Apache on the proxy server to have an SSL key as you say (as the interaction with that server is carried out via HTTP).

You essentially just need to use a fairly basic proxy configuration similar to the following as an example:

<VirtualHost *:80>
    ServerName yourintendedname.com
    SSLProxyEngine On
    ProxyPreserveHost on
    ProxyPass / https://upstreamserver.com:443/
    ProxyPassReverse / https://upstreamserver.com:443/
</VirtualHost>

The above configuration takes all traffic requested traffic to yourintendedname.com and passes the requested URI as-is to upstreamserver.com via https.

Now, the issue you will potentially note (and why I requested more detail in your question) is that the fact that the requested URI will be passed up to the server to be proxied to as-is may well cause problems. You alone will be able to figure out a solution to this for your individual circumstances.

Related Solutions

Ssl – When Using Reverse Proxy, Backend Server Does 301 Back to The Proxy Server or Changes URL

I have done that by the following code. You can try it...

    ProxyPreserveHost On
    <Proxy *>
            AddDefaultCharset off
            Order deny,allow
            Deny from all
          Allow from all
    </Proxy>

            ProxyPass /google http://www.google.com/
            ProxyHTMLURLMap http://www.google.com /google

    <Location /google>
            ProxyPassReverse /
            ProxyHTMLInterp On
            ProxyHTMLURLMap  /      /google
            RequestHeader    unset  Accept-Encoding
    </Location>

Zimbra 7.2 reverse proxy to arbitrary internal website

Follow this link: http://www.maxxer.it/2010/linux/set-apache2-to-proxy-zimbra/

I've successfully proxied Zimbra using Apache2 for long time.

These commands work on Debian/Ubuntu servers.

At first, enable apache2′s modules:

a2enmod proxy
a2enmod proxy_html
a2enmod proxy_http

Make sure the use of mod_proxy is allowed, by changing /etc/apache2/mods_available/proxy.conf

Allow from all

In this case I want to proxy SSL, so before starting you will need to move Zimbra HTTPS away from port 443 (I moved to 444). Copy your Zimbra certificate files to a directory accessible by apache. I choose /etc/apache2/ssl.

To allow automatic redirect from / to /zimbra, as in your normal Zimbra install, add the following line to your main stanza:

RedirectMatch ^/$ /zimbra/
Then, edit you apache2 config file and add:

SSLProxyEngine on
SSLCertificateFile /etc/apache2/ssl/host.crt
SSLCertificateKeyFile /etc/apache2/ssl/host.key
SSLCACertificateFile /etc/apache2/ssl/ca_bundle.crt
ProxyRequests On
ProxyPreserveHost On
ProxyVia full
<Location "/service">
  ProxyPass https://your_zimbra_ip:444/service
  ProxyPassReverse https://your_zimbra_ip:444/service
  ProxyPassReverse /
  ProxyHTMLExtended      On
  ProxyHTMLURLMap /service /service
</Location>

<Location "/zimbra">
  ProxyPass https://your_zimbra_ip:444/zimbra
  ProxyPassReverse https://your_zimbra_ip:444/zimbra
  ProxyPassReverse /
  ProxyHTMLExtended      On
  ProxyHTMLURLMap /zimbra /zimbra
</Location>

<Location "/home">
  ProxyPass https://your_zimbra_ip:444/home
  ProxyPassReverse https://your_zimbra_ip:444/home
  ProxyPassReverse /
  ProxyHTMLExtended      On
  ProxyHTMLURLMap /home /home
</Location>

# CalDAV
<Location "/principals">
  ProxyPass https://your_zimbra_ip:444/principals
  ProxyPassReverse https://your_zimbra_ip:444/principals
  ProxyPassReverse /
  ProxyHTMLExtended      On
  ProxyHTMLURLMap /principals /principals
</Location>
# DAV
<Location "/dav">
  ProxyPass https://your_zimbra_ip:444/dav
  ProxyPassReverse https://your_zimbra_ip:444/dav
  ProxyPassReverse /
  ProxyHTMLExtended      On
  ProxyHTMLURLMap /dav /dav
</Location>
#Printing and HTML interface
<Location "/h">
  ProxyPass https://your_zimbra_ip:444/h
  ProxyPassReverse https://your_zimbra_ip:444/h
  ProxyPassReverse /
  ProxyHTMLExtended      On
  ProxyHTMLURLMap /h /h
</Location>

# img for mobile interface
<Location "/img">
  ProxyPass https://your_zimbra_ip:444/img
  ProxyPassReverse https://your_zimbra_ip:444/img
  ProxyPassReverse /
  ProxyHTMLExtended      On
  ProxyHTMLURLMap /img /img
</Location>

Restart your apache2, and you should be done! P.S. in case you wish to proxy https:

a2enmod ssl

Add the following to your /etc/apache2/sites-available/default-ssl

SSLProxyEngine on
ProxyRequests On
ProxyPreserveHost On
ProxyVia full

Best Answer

Related Solutions

Ssl – When Using Reverse Proxy, Backend Server Does 301 Back to The Proxy Server or Changes URL

Zimbra 7.2 reverse proxy to arbitrary internal website

Related Topic