Hello Debianers, I'm in the situation of being the only lucky person in our company with any knowledge of Linux. My skills aren't too high, though. That's why I would like to do some loud thinking about this case I'm working on, and hopefully I'll get som answers to my questions from anyone with higher skills and more experience than myself. I hope some of you have the patience to read the entire thing - it grew pretty large while i wrote it.
He's my case: We run IIS on Win2KServer as application server against Oracle inside our firewall. Now we want to provide to our customers the ability to access reports and such things on that IIS via the Internet. Then there are some problems: Our firewall managers won't let any external http-requests through the firewall. To solve this problem, we're planning to run Apache on an existing Debian-box in our DMZ (We already run Apache, but only as a regular web-server). Will Apache serve as if it was the real server, or will it only do http redirection to the IIS? I guess that the latter is true. (Please correct me if I'm wrong.) Then I guess I'll have to make the Apache act as a proxy server of some kind. Unfortunately my knowledge on that subject is poor. I've heard about both mod_proxy and Squid. But then the next problem arises: we need secure connections. We're hoping that we can leave the whole SSL-job to the IIS. But then I read that proxy-servers, or at least Squid, doesn't support decryption/encryption, but will only perform tunnelling of SSL-packets, all of which will have the external client's signature. And then I'm back where I started, right? -They will be stopped by the firewall. (Another assumption: Opening the firewall for https-traffic on port 443 is just as dangerous as opening for http-traffic on port 80. Again: correct me if this isn't true.) This probably means that I should turn Apache into a "SSL-and-proxy-animal". I've had a look at Apache-SSL. But some recommend to use Apache and mod_ssl instead. Which one is the best, and which proxy server works best in cooperation with SSL? I appreciate any comments and suggestions on this, since I don't have any skilled discussion partner inhouse. Thanks in advance! <PS> Please reply to [EMAIL PROTECTED] , since I can't cope with the traffic on this list. </PS> -- Best regards, Ola Muan talk2me AS Systems departement Oslo, Norway E-mail: [EMAIL PROTECTED] http://www.talk2me.no
