logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



SSL and Reverse Proxies

 
Post new topic   Reply to topic    Apache Forum Index -> Apache



View previous topic :: View next topic  
Author Message
via



Joined: 10 May 2019
Posts: 2
Location: UK

PostPosted: Fri 10 May '19 16:01    Post subject: SSL and Reverse Proxies Reply with quote

Hi all,

I am using a reverse proxy to forward to a few development servers on local addresses. The majority of these sites use SSL with Lets Encrypt certificates.

Currently I have the certification setup on the reverse proxy server and following virtualhost config...

Code:
<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName test.domain.net
    ProxyPreserveHost On
    ProxyPass / http://10.0.6.80/
    ProxyPassReverse / http://10.0.6.80/

SSLCertificateFile /etc/letsencrypt/live/test.domain.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/test.domain.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>


Which works fine and appears to the outside world as https, however I take it communication between reverse proxy and web server will be running as http so unencrypted within the local network?

What would be best method in regards to certification at the web server? Would I need to use the original Lets Encrypt certificate or would it be fine to use a self signed certificate for this and outside world would still see the Lets Encrypt cert?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6572
Location: Germany, Next to Hamburg

PostPosted: Fri 10 May '19 23:18    Post subject: Re: SSL and Reverse Proxies Reply with quote

via wrote:
web server will be running as http so unencrypted within the local network?

since you use http://, yes the traffic is not encrypted.

Do you need to?

via wrote:

What would be best method in regards to certification at the web server? Would I need to use the original Lets Encrypt certificate or would it be fine to use a self signed certificate for this and outside world would still see the Lets Encrypt cert?


Both solution work fine. The advantage of the second solution is that you don't need to copy the certs from time to time to the backend server.
Back to top
via



Joined: 10 May 2019
Posts: 2
Location: UK

PostPosted: Sun 12 May '19 14:59    Post subject: Reply with quote

Cheers, site holds sensitive information which I do not want passed unencrypted even over LAN.

Went for the self signed route which works perfect, was unsure how it would react and if reverse proxy wouldn't fetch it as untrusted.

Suprised very little tutorials around HTTPS and reverse proxies, plenty on how to setup for for HTTP but no mention on certificating HTTPS.
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache
Page 1 of 1