apache 2 reverse proxy with tls on debian 7
In this setup the reverse proxy server does the ssl encryption. Therefore you must trust your reverse proxy server enough to hold the private SSL certificates for your websites! Do not use this setup if you can't trust your reverse proxy sufficiently!
install apache 2
apt-get install apache2enable
mod_sslandmod_rewritea2enmod ssl a2enmod rewrite service apache2 restartcreate site configureation for the virtual host
Put this file under eg. /etc/apache2/sites-available/example.com also make sure to read trough the entire file and change it according to your setup...
You might want to change:
- all occurances of example.com to your respective domain name
- the
ProxyPassandProxyPassReversetargets to your actual internal server url the
SSLCertificateFileandSSLCertificateKeyFileto the actual certificates for your domain<VirtualHost *:80> ServerName example.com ServerAlias example.com RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*)$ https://example.com/$1 [L,R] </VirtualHost> <VirtualHost *:443> ServerName example.com ServerAlias example.com ProxyRequests Off ProxyPass / http://192.168.0.1:8080/ ProxyPassReverse / http://192.168.0.1:8080/ LogLevel warn CustomLog ${APACHE_LOG_DIR}/example.com_access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost>
enable site
use the name of the file you created in /etc/apache2/sites-available insted of example.com for the a2ensite command
a2ensite example.com service apache2 reload