Apache reverse proxy set up SSL certificate

apachereverse-proxysslssl-certificate

We need to set up a secure certificate on an Apache reverse proxy.
We've been advised that we need to use a virtual host directive.

I've looked these up in the O'Reilly book bit can't find any examples that pick up https specifically.

Does anyone have any examples of config snippets to do this?

Best Answer

I'm not exactly sure what you are asking for, but there are multiple things you need. For example, you need to get a SSL certificate, then you need to install mod_ssl into your Apache. I suggest you install it using your system's package manager, etc..

This is an example virtualhost:

<VirtualHost IP.ADDRESS.HERE:443>
   DocumentRoot /web/domain.com/www/htdocs

   ServerName www.domain.com
   ServerAdmin server@domain.com

   SSLEngine on
   SSLCertificateFile /usr/local/etc/apache/ssl.crt/www.domain.com.crt
   SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/www.domain.com.key

   ErrorLog "/var/logs/domain.com/error_log"
   CustomLog "|/usr/local/sbin/cronolog /var/logs/domain.com/%Y/%m/access_log" combined
</VirtualHost>

A proxy configuration inside the <VirtualHost /> can look different. This assumes that the domain points to a directory on your server, but what you do inside <VirtualHost /> is up to you.

As I said, I also had to install ssl into Apache, to load the module I needed the following:

LoadModule ssl_module libexec/apache/libssl.so
...
AddModule mod_ssl.c

And that's basically it. Let me know if you need more pointers. In case, it also helps if you tell us if you run Apache 1.3 or 2.x.

Related Solutions

Apache Name Virtual Host with SSL

It sounds like Apache is warning you that you have multiple <VirtualHost> sections with the same IP address and port... as far as getting it to work without warnings, I think you would need to use something like Server Name Indication (SNI), a way of identifying the hostname requested as part of the SSL handshake. Basically it lets you do name-based virtual hosting over SSL, but I'm not sure how well it's supported by browsers. Other than something like SNI, you're basically limited to one SSL-enabled domain name for each IP address you expose to the public internet.

Of course, if you are able to access the websites properly, you'll probably be fine ignoring the warnings. These particular ones aren't very serious - they're mainly an indication of what to look at if you are experiencing problems

Google-chrome – Getting Chrome to accept self-signed localhost certificate

For `localhost` only

Simply paste this in your chrome:

chrome://flags/#allow-insecure-localhost

You should see highlighted text saying: Allow invalid certificates for resources loaded from localhost

Click Enable.

-OR-

Try typing: thisisunsafe anywhere on the window and the browser *should* let you visit the page.[link]

Best Answer

Related Solutions

Apache Name Virtual Host with SSL

Google-chrome – Getting Chrome to accept self-signed localhost certificate

For localhost only

Related Topic

For `localhost` only