Ssl – Apache proxy over port 443

apache-2.2ssl

I want to be able to redirect http and https traffic coming in to my central server to different virtual servers.

I have a host (the central server) and four different guests. Each guest hosts a website for a different domain. Each domain name resolves to my host server from outside. And on my host I configured Apache to use VirtualHosts and ProxyPass (& ProxyPassReverse) to redirect requests for port 80 to the correct corresponding guest. This works correctly. Joy

But two of the domains also have ssl configured and are also listening on port 443. And here is where it goes wrong. I get ssl certificate errors, and I'm at a loss how to fix these.

NameVirtualHost 192.168.1.1:80

ServerName www.domain1.nl
ProxyPreserveHost On
ProxyPass / http://www.domain1.nl/
ProxyPassReverse / http://www.domain1.nl/
ErrorLog logs/domain1-error_log
CustomLog logs/domain1-access_log combined 

<VirtualHost 192.168.1.1:80>
        ServerName www.domain2.net
    ProxyPreserveHost On
    ProxyPass / http://www.domain2.net/
    ProxyPassReverse / http://www.domain2.net/
    ErrorLog logs/domain2-error_log
    CustomLog logs/domain2-access_log combined
</VirtualHost>
<VirtualHost 192.168.1.1:80>
        ServerName www.domain3.org
    ProxyPreserveHost On
    ProxyPass / http://www.domain3.org/
    ProxyPassReverse / http://www.domain3.org/
    ErrorLog logs/domain3-error_log
    CustomLog logs/doman3-access_log combined
</VirtualHost>


NameVirtualHost 192.168.1.1:443
<VirtualHost 192.168.1.1:443>
        ServerName www.domain2.net
    ProxyPreserveHost On
    ProxyPass / https://www.domain2.net
    ProxyPassReverse / https://www.domain2.net
    ErrorLog logs/domain2-error_log
    CustomLog logs/domain2-access_log combined
</VirtualHost>
<VirtualHost 192.168.1.1:443>
        ServerName www.domain3.org
    ProxyPreserveHost On
    ProxyPass / https://www.domain3.org/
    ProxyPassReverse / https://www.domain3.org/
    ErrorLog logs/domain3-error_log
    CustomLog logs/domain3-access_log combined
</VirtualHost>

As I said, the normal port 80 requests get routed to the correct server just the way I want them. But requests on port 443 lead to a:

ssl_error_rx_record_too_long

Now I tried some things I found on the internet such as adding:
SSLProxyEngine On
SSLProxyCheckPeerCN on
But this either had no effect or made matters worst.

Any thoughts?

Best Answer

cmiiw 443 is https protocol, and browser will assume it's https. if you're really using ssl, on another https server, you must install the certificate on http proxy.

https:443 (cert ssl) ==> http:80

Related Topic