apache 2 reverse proxy with tls on debian 7

In this setup the reverse proxy server does the ssl encryption. Therefore you must trust your reverse proxy server enough to hold the private SSL certificates for your websites! Do not use this setup if you can't trust your reverse proxy sufficiently!

  1. install apache 2

    apt-get install apache2
  2. enable mod_ssl and mod_rewrite

    a2enmod ssl
    a2enmod rewrite
    service apache2 restart
  3. create site configureation for the virtual host

    Put this file under eg. /etc/apache2/sites-available/example.com also make sure to read trough the entire file and change it according to your setup...

    You might want to change:

    • all occurances of example.com to your respective domain name
    • the ProxyPass and ProxyPassReverse targets to your actual internal server url
    • the SSLCertificateFile and SSLCertificateKeyFile to the actual certificates for your domain

      <VirtualHost *:80>
        ServerName example.com
        ServerAlias example.com
        RewriteEngine On
        RewriteCond %{SERVER_PORT} !^443$
        RewriteRule ^/(.*)$ https://example.com/$1 [L,R]
      <VirtualHost *:443>
        ServerName example.com
        ServerAlias example.com
        ProxyRequests Off
        ProxyPass /
        ProxyPassReverse /
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/example.com_access.log combined
        SSLEngine on
        SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
          SSLOptions +StdEnvVars
        <Directory /usr/lib/cgi-bin>
          SSLOptions +StdEnvVars
        BrowserMatch "MSIE [2-6]" \
                      nokeepalive ssl-unclean-shutdown \
                      downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
  4. enable site

    use the name of the file you created in /etc/apache2/sites-available insted of example.com for the a2ensite command

    a2ensite example.com
    service apache2 reload

written by uniq on 2013-11-24