Today I have faced a challenging situation. I needed to strip SSL from HTTP request to on of our servers platform and send it to another server without SSL. We use little tip as using Apache mod_proxy to implement this functionality.
Requirements
We need to have apache with:
1. DSO support compiled (with mod_proxy support)
2. SSL certificate
3. configuration for Virtual Hosting
4. configuration for mod_proxy
By default our apache installations are with version 2.2.3 and we have support for DSO, this means if we have mod_proxy compiled for Apache 2.2.3 we can use without recompiling Apache from source and just put it in /usr/local/apache2/modules . If you need to compile new Apache instance we need to use configure options as follow:
Strip SSL with Apache mod_proxy part one
|
./configure --enable-mods-shared=all --enable-so --enable-ssl --enable-proxy-connect --enable-proxy-http \
--enable-proxy --prefix=/usr/local/apache2
Next step is to generate a new SSL certificate. If you are not sure what you are doing I would recommend that you read these two articles first.
What is SSL
Create Self signed SSL
Anyway briefly this is what you need to do:
What is SSL
Create Self signed SSL
Anyway briefly this is what you need to do:
openssl req -new > new.cert.csr
openssl rsa -in privkey.pem -out new.cert.key
openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365
mkdir /usr/local/apache2/conf/ssl/
cp new.cert.cert /usr/local/apache2/conf/ssl/server.crt
cp new.cert.key /usr/local/apache2/conf/ssl/server.key
We need to make some minor changes in httpd configuration before apache we go with with SSL support.
Open up Apache config file with your favorite editor.
vi /usr/local/apache2/conf/httpd.conf
You need to uncomment the line
# Include conf/extra/httpd-ssl.conf
Then we can start with httpd.conf and httpd-ssl.conf configurations.
By default we need to have at least 2 virtual hosts one for HTTP and second for HTTPS.
So, in httpd.conf after line
Listen 80
add :
NameVirtualHost *:80
At the end of httpd.conf we need to add a a Virtual Host configuration which will process HTTP requests. You can use something like this:
Open up Apache config file with your favorite editor.
vi /usr/local/apache2/conf/httpd.conf
You need to uncomment the line
# Include conf/extra/httpd-ssl.conf
Then we can start with httpd.conf and httpd-ssl.conf configurations.
By default we need to have at least 2 virtual hosts one for HTTP and second for HTTPS.
So, in httpd.conf after line
Listen 80
add :
NameVirtualHost *:80
At the end of httpd.conf we need to add a a Virtual Host configuration which will process HTTP requests. You can use something like this:
<VirtualHost *:80>
ServerName # after ServerName we need to add some server name here usualy IP address or hostname
DocumentRoot /var/www/html
</VirtualHost>
This is the end of part one of Strip SSL with Apache mod_proxy tutorial. Part two is available here: Strip SSL with Apache mod_proxy part two
Next Tutorials
Post Comment
Need a specific tutorial? Do not hesitate and submit a request!
