Ssl – Apache ReverseProxy, SSL on Proxy, noSSL on backend-server, page manipulation

apache-2.4httpreverse-proxyssl

I use an Apache2 as proxy for several backend-server.
The proxy holds the Let´s-Encrypt-SSL-Certificates for all servers, http-traffic is redirected to https and then proxyed to the http-backend-servers.

Everything is running smoothly, but:

One of the backend-servers hold a Moodle-Installation. Every link points to the http-url, so browsers say, there is insecure content…

How can I manipulate the page-content, that is delivered from the backend via the proxy to the client?
I will have to replace every link "http://my.doimain.com/" with "https://my.domain.com/" within the delivered pages…

The traffic between proxy and backend-serer is http, not https.
As theses servers have no internet-access they cannot update certificates issued by let´s encrypt…

Thanks in advance
wepp

Best Answer

Two possible approaches:

  • Install certificates on the back-end servers so they can support https and then reconfigure the web application to run on the HTTPS back-end so that it will generate https links when referencing to itself.
    You don't need a valid certificate and can make do with a self-signed certificate on the back-end server(s) because by default mod_proxy_http does not check the certificate (see SSLProxyVerify)

  • You can rewrite the HTML pages your web application generates and rewrite any occurrence of http://www.example.com with mod_proxy_html and the ProxyHTMLURLMap Directive. A basic example would be:

    ProxyHTMLURLMap http://internal2.example.com https://www.example.com
Related Topic