Hi all,
I love this site and forum (homepage). I have been able to accomplish things in Linux I never thought I could ever do. I have been playing with Linux for only about 2yrs (heck I've only been in the IT field for 2yrs..lol), but only seriously the last 4 mnths. So yes I have that Newbie thing going on. But I learn pretty quick.
You people are great. I searched for a thread that would answer my l problem. No Luck (hopefully I didn't miss it). So here is my first cry for help
I replaced https with xxxxs in this thread for the "No url in threads until 5 posts rule" being enforced
I have it setup SSL from client to the Reverse Proxy
I want set up SSL communication from the Reverser Proxy to the Backend server
Also I have it set up for LDAP authentication just to get to the Reverse Proxy URL (xxxxs://myproxy.com) which works great!!!
Here is my scenario
I have an https:// site running on an IIS 5.0 server (xxxxs://somesite.com) behind an off-campus firewall. I am setting up a Fedora/Apache 2.0.48 as the SSL Reverse Proxy to access it. The Proxy server IP is allowed in the firewall rule set.
So far this is my Proxy releated setup in httpd.conf.....I also have a seperate ssl.conf
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
<IfModule mod_proxy.c>
#ProxyRequests On
#
<Proxy *>
Order deny,allow
# Deny from all
Allow from all
</Proxy>
ProxyPass /overthere/ xxxxs://somesite.com/
#
<Location /overthere/>
ProxyPassReverse /
SetOutputFilter proxy-html
ProxyHTMLURLMap / /overthere/
ProxyHTMLURLMap /overthere /overthere
RequestHeader unset Accept-Encoding
</Location>
#
# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
# Set to one of: Off | On | Full | Block
#
ProxyVia On
#
# To enable a cache of proxied content, uncomment the following lines.
# See xxxx://httpd.apache.org/docs-2.0/mod/mod_cache.html for more details.
#
<IfModule mod_disk_cache.c>
CacheEnable disk /
CacheRoot "/var/cache/mod_proxy"
</IfModule>
#
#</IfModule>
# End of proxy directives.
So far this setup works when I type in xxxxs://myproxy.com/overthere/ from any machine inside or outsite the network
I get the index page display for xxxxs://somesite.com So up to that point I am happy
However on the index page there are links pointing to other https servers behind the same firewall. I click on the links and get Page not Found display
I know there are supposed to be entries in the ssl.conf for SSLProxying. Im just not sure how this part should be set up
I know these are the related directives for it
SSLProxyMachineCertificatePath
SSLProxyMachineCertificateFile
SSLProxyVerify
SSLProxyDepth
SSLProxyCACertificatePath
SSLProxyEngine
SSLProxyCACertificateFile
My main questions are
1) Do I need to have a public client certificate or server certificate on the reverse proxy to communicate with the backend https server?
2)Do I need a certificate (client or server) for each https server the links are pointing to from the xxxxs://somesite.com index page?
3)Or Do i just need a certificate (client or server) just for the the main xxxxs://somesite.com
Hope I gave enough details to go on....Any help would be appreciated