Ssl – revers proxy http -> https

httpsreverse-proxysslweb-server

We have HTTPS test server with a self-signed SSL certificate. Is there any reverse proxy that will enable us to visit the page in HTTP, so our program can send HTTP request and not an HTTPS request??

Best Answer

You can do it with apache.

First, you need to load the ssl, proxy, proxy_http and proxy_html modules.

Then, you need a proxy setting like this:

<VirtualHost 0.0.0.0:80>
    ServerName give_it_a_name

    SSLProxyEngine on

    ProxyPass / https://your-test-server/
    ProxyPassReverse / https://your-test-server/

    ErrorLog /the/error.log
</VirtualHost>

Of course you don't need a VirtualHost for this, you can embed the ProxyPass* and the SSLProxy* directives to any other host definition.

Note that the certificate has to be signed by a trusted authority. If you use self-signed certificates, you have to supply them using the

SSLProxyCACertificateFile /the/pem/file

or the

SSLProxyCACertificatePath /the/dir/where/the/cert/files/are

directives.

Also, Apache checks if the name of the remote host is the same as the one the certificate issued to. You can disable this behavior by adding the

SSLProxyCheckPeerCN off

line to your config. For further settings, you may want to check the Apache docs.

Related Solutions

Ssl – https timeout while http works

I found the cause of this problem.

Port 443 was closed in my firewall configuration. It worked sometimes because my IP was added to firewall as a safe one. That's why it did not work for other IPs.

All I had to do is open port 443 in firewall and it works just fine :)

Nginx Reverse Proxy – How to Set Up Nginx as Reverse Proxy with Upstream SSL

For anybody stumbling across this question that wants to use nginx you can set this up like any normal proxy, and to accept a self-signed certificate from the backend you need to provide the exported pem certificate (and perhaps a key) and set ssl verification off. For example:

...

server {
    listen       10.1.2.3:80;
    server_name  10.1.2.3 myproxy.mycompany.com;

    location / {
         proxy_pass                    https://backend.server.ip/;
         proxy_ssl_trusted_certificate /etc/nginx/sslcerts/backend.server.pem;
         proxy_ssl_verify              off;

         ... other proxy settings
    }

If your secure back end is using Server Name Identification SNI with multiple hosts being served per IP/Port pair you may also need to include proxy_ssl_server_name on; in the configuration. This works on nginx 1.7.0 and later.

Best Answer

Related Solutions

Ssl – https timeout while http works

Nginx Reverse Proxy – How to Set Up Nginx as Reverse Proxy with Upstream SSL

Related Topic