logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: SSL and Reverse Proxies
Author
via



Joined: 10 May 2019
Posts: 2
Location: UK

PostPosted: Fri 10 May '19 16:01    Post subject: SSL and Reverse Proxies Reply with quote

Hi all,

I am using a reverse proxy to forward to a few development servers on local addresses. The majority of these sites use SSL with Lets Encrypt certificates.

Currently I have the certification setup on the reverse proxy server and following virtualhost config...

Code:
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName test.domain.net
    ProxyPreserveHost On
    ProxyPass / http://10.0.6.80/
    ProxyPassReverse / http://10.0.6.80/

SSLCertificateFile /etc/letsencrypt/live/test.domain.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/test.domain.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>


Which works fine and appears to the outside world as https, however I take it communication between reverse proxy and web server will be running as http so unencrypted within the local network?

What would be best method in regards to certification at the web server? Would I need to use the original Lets Encrypt certificate or would it be fine to use a self signed certificate for this and outside world would still see the Lets Encrypt cert?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Fri 10 May '19 23:18    Post subject: Re: SSL and Reverse Proxies Reply with quote

via wrote:
web server will be running as http so unencrypted within the local network?

since you use http://, yes the traffic is not encrypted.

Do you need to?

via wrote:

What would be best method in regards to certification at the web server? Would I need to use the original Lets Encrypt certificate or would it be fine to use a self signed certificate for this and outside world would still see the Lets Encrypt cert?


Both solution work fine. The advantage of the second solution is that you don't need to copy the certs from time to time to the backend server.
Back to top
via



Joined: 10 May 2019
Posts: 2
Location: UK

PostPosted: Sun 12 May '19 14:59    Post subject: Reply with quote

Cheers, site holds sensitive information which I do not want passed unencrypted even over LAN.

Went for the self signed route which works perfect, was unsure how it would react and if reverse proxy wouldn't fetch it as untrusted.

Suprised very little tutorials around HTTPS and reverse proxies, plenty on how to setup for for HTTP but no mention on certificating HTTPS.
Back to top


Reply to topic   Topic: SSL and Reverse Proxies View previous topic :: View next topic
Post new topic   Forum Index -> Apache