Strip SSL with Apache mod_proxy part two

Date: May 26th, 2009
Author: Stefan Batanov

Greetings, reader.

This tutorial is the second part of the setup instructions how to Strip SSL part of a request with Apache mod_proxy. Lets remind you what the situation was. We have server A which has SSL support and can handle the initial request. Then we have server B which is supposed actually to handle the request but doesn”t support SSL. The goal is to relay the request which landed on Server A and to pass it to Server B

You can read the first part of the tutorial here Strip SSL with Apache mod_proxy part one

So the first part ended up with configuring a virtual host to handle HTTP request on Server A.

Now we need to configure a virtual host to handle HTTPS requests. Open /usr/local/apache2/conf/extra/httpd-ssl.conf with your favorite editor.

  1. vi /usr/local/apache2/conf/extra/httpdssl.conf

After :

Listen 443

add

NameVirtualHost *:443

We need to change line

<VirtualHost _default_:443>

to

<VirtualHost *:443>

change row about document root so https requests to go to /var/www/html

DocumentRoot "/var/www/html"

Next step is to fix our certificate paths as following:

  1. SSLCertificateFile /usr/local/apache2/conf/ssl/server.crt
  2. SSLCertificateKeyFile /usr/local/apache2/conf/ssl/server.key

Final step of this tutorial to the configuration for mod_proxy

For test purposes I used the following mod_proxy configuration. I placed it in /usr/local/apache2/conf/extra/httpd-ssl.conf rows after the configuration parametes of the logs.


LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://192.168.0.101:8080/ # address or hostname for machine where we need to send request without SSL
ProxyPassReverse / http://192.168.0.101:8080/ # address or hostname for machine where we need to send request without SSL

SetEnv force-proxy-request-1.0.1
SetEnv proxy-nokeepalive 1
<Location />
Order allow,deny
Allow from all
</Location>

And finally what you need to do is restart Apache

  1. apachectl restart
VN:F [1.9.18_1163]
Rating: 5.5/10 (2 votes cast)
Strip SSL with Apache mod_proxy part two, 5.5 out of 10 based on 2 ratings

Leave a Reply