Strip SSL with Apache mod_proxy part one

Date: May 26th, 2009
Author: Stefan Batanov

Today I have faced a challenging situation. I needed to strip SSL from HTTP request to on of our servers platform and send it to another server without SSL. We use little tip as using Apache mod_proxy to implement this functionality.

Requirements

We need to have apache with:

1. DSO support compiled (with mod_proxy support)
2. SSL certificate
3. configuration for Virtual Hosting
4. configuration for mod_proxy

By default our apache installations are with version 2.2.3 and we have support for DSO, this means if we have mod_proxy compiled for Apache 2.2.3 we can use without recompiling Apache from source and just put it in /usr/local/apache2/modules . If you need to compile new Apache instance we need to use configure options as follow:

  1. ./configure enable-mods-shared=all enable-so enable-ssl enable-proxy-connect enable-proxy-http \
  2. enable-proxy prefix=/usr/local/apache2

Next step is to generate a new SSL certificate. If you are not sure what you are doing I would recommend that you read these two articles first.

What is SSL
Create Self signed SSL

Anyway briefly this is what you need to do:


  1. openssl req -new > new.cert.csr
  2. openssl rsa -in privkey.pem -out new.cert.key
  3. openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365
  4.  
  5. mkdir /usr/local/apache2/conf/ssl/
  6. cp new.cert.cert /usr/local/apache2/conf/ssl/server.crt
  7. cp new.cert.key   /usr/local/apache2/conf/ssl/server.key

We need to make some minor changes in httpd configuration before apache we go with with SSL support.

Open up Apache config file with your favorite editor.

vi /usr/local/apache2/conf/httpd.conf

You need to uncomment the line

# Include conf/extra/httpd-ssl.conf

Then we can start with httpd.conf and httpd-ssl.conf configurations.
By default we need to have at least 2 virtual hosts one for HTTP and second for HTTPS.

So, in httpd.conf after line

Listen 80

add :

NameVirtualHost *:80

At the end of httpd.conf we need to add a a Virtual Host configuration which will process HTTP requests. You can use something like this:


  1. <VirtualHost *:80>
  2. ServerName  # after ServerName we need to add some server name here usualy IP address or hostname
  3. DocumentRoot /var/www/html
  4. </VirtualHost>

This is the end of part one of Strip SSL with Apache mod_proxy tutorial. Part two is available here: Strip SSL with Apache mod_proxy part two

VN:F [1.9.18_1163]
Rating: 0.0/10 (0 votes cast)

Leave a Reply