I have been trying to get my SSL configuration straight for a few hours now. I am running CentOS7. I have SSL certs generated and working correctly; I can https://myip.com/test and retrieve html via SSL.
I have a service which runs on a separate port (we'll call it port 12345, but it could be changed if need be) which runs it's own http server. I would like to access this through SSL. my .conf file in /etc/httpd/sites-available reads:
<VirtualHost *:443>
ServerAdmin email@address
ServerName server
ServerAlias *:443
ErrorLog /var/www/html/cam/error.log
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
SSLProxyEngine On
ProxyRequests On
ProxyPreserveHost On
ProxyVia full
<proxy *>
Order deny,allow
Allow from all
</proxy>
ProxyPass / http://192.168.1.90:12345/
ProxyPassReverse / http://192.168.1.90:12345/
</VirtualHost>
It was my understanding that the ProxyPass and ProxyPassReverse should forward the incoming SSL connection to the http server/service running on the local port. Am I understanding this correctly and just missing something in configuring correctly, or is this not the way to achieve that?
With the configuration shown, I receive a FORBIDDEN error, but if I place an index.html inside of /var/www/html/cam, then it shows that via SSL https.
Thanks for any help
Best Answer
After some more playing around I figured out what the problem was. For one, I needed to specify the path in the two proxy lines; They needed to be changed to:
Also, I originally put only "/cam" and had an error still. Looking at /var/log/httpd/access_log, I saw it was attempting to GET /cam/ -- This made me think the Proxy rule was not matching. So I added the trailing slash and voila, it started working. Now HTTPS requests to /cam/ are being redirected to the local service/server running on port 12345.
an FYI for anybody trying to follow along and apply this to their situation, in case you aren't familiar with the SSL setup (I just got into it today myself) -- The specification of the cam directory comes from a setting in /etc/httpd/conf/httpd.conf in the line "IncludeOptional sites-enabled/*.conf" which is where cam.conf was placed.
I got started with this link: https://www.techrepublic.com/article/how-to-enable-https-on-apache-centos/ - a very good how-to on setting up SSL initially. This reason for this post was after following all of that, I wanted to redirect a specific HTTPS address to a non-https server running on the local machine.
I think I've covered everything I did to solve this -- I tried to get on here ASAP before I forgot any of the details!