Proxying with SSL [closed]_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-03-21 13:36 出处：网络

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.

Closed 9 years ago.

Improve this question

I have a Linux host running Apache and a Windows host running IIS. I have a domain that points to the Linux host and need to relay (proxy) requests for it to IIS; I thus have the following virtual host definition in Apache (which works just fine):

&l开发者_开发问答t;VirtualHost 192.168.0.2:80>
    ServerName www.acme.com
    DocumentRoot /var/www/acme.com

    RewriteEngine On
    RewriteOptions Inherit
    RewriteRule ^/(.*) http://win.acme.com/$1 [P]
</VirtualHost>

now I want to add SSL support; the definition becomes:

<VirtualHost 192.168.0.2:443>
    ServerName www.acme.com
    DocumentRoot /var/www/acme.com
    GnuTLSEnable On
    GnuTLSPriorities NORMAL:%COMPAT
    GnuTLSCertificateFile /var/www/ssl/www.acme.com.crt
    GnuTLSKeyFile /var/www/ssl/www.acme.com.key

    RewriteEngine On
    RewriteOptions Inherit
    RewriteRule ^/(.*) https://win.acme.com/$1 [P]
</VirtualHost>

I have valid and trusted certificates on both web servers and if I visit https://win.acme.com all is well, however, when I visit https://www.acme.com I get a 500 Internal Server Error message. A peek at the error logs shows:

[Wed Jul 20 08:35:34 2011] [error] [client 76.168.166.70] SSL Proxy requested for www.wileybits.com:80 but not enabled [Hint: SSLProxyEngine] [Wed Jul 20 08:35:34 2011] [error] proxy: HTTPS: failed to enable ssl support for 74.166.186.70:443 (win.acme.com)

do notice that the proxy request seems to be for the wrong domain (wileybits)... the domain it shows is also hosted by my Apache server but I don't get why it shows up in the logs of acme.com (a reverse DNS lookup perhaps?)

in any case, what am I missing?

thanks in advance - ekkis

p.s. host names and addresses have been altered to protect the innocent :)

* update *

with:

RewriteRule ^/(.*) https://win.acme.com/$1 [R,L]

it seems to work fine, but of course, the Windows' hostname becomes visible, which is not acceptable in my scenario

I also tried (instead of mod_rewrite):

ProxyRequests Off
ProxyPass / https://win.acme.com/

but same error

figured it out... apparently I can do this:

SSLProxyEngine On
RequestHeader set Front-End-Https "On"
ProxyPass / https://win.acme.com/
ProxyPassReverse / https://win.acme.com/
CacheDisable *

and it works just fine!

[the solution came from mikeg's posting on 3cx.org]

Not sure the cause of this error, but you might want you try using Squid or Varnish to accomplish this. Previously, I've used Squid to proxy a secure Windows IIS instance without issue.