Hello experts,
I am trying to set up a classical frontend HTTPS Apache Reverse Proxy
for a couple of plain backend HTTP servers sitting on a backend private
network. The plaform is Centos 6, the Apache rpm is
httpd-2.2.15-39.el6.centos.
I first created three DNS entries, all pointing to the same public IP:
apachefrontend.example.com
appserver1.example.com
appserver2.example.com
I then generated the SSL cert and key for the frontend host and verified
that
SSL config was correct (all settings and key/cert were defined inside the
file
/etc/httpd/conf.d/ssl.conf). The URL "https://apachefrontend.example.com";
replied OK.
I have then set up a forced redirection to port 443 on the mother
server and defined two virtual hosts, in this manner:
..
NameVirtualHost *:80
<VirtualHost *:80>
ServerName apachefrontend.example.com
RedirectMatch ^/(.*) https://apachefrontend.example.com/$1
</VirtualHost>
<VirtualHost *:80>
ServerName appserver1.example.com
ProxyRequests Off
ProxyPass / http://appserver1.backend/
ProxyPassReverse / http://appserver1.backend/
</VirtualHost>
<VirtualHost *:80>
ServerName appserver2.example.com
ProxyRequests Off
ProxyPass / http://appserver2.backend/
ProxyPassReverse / http://appserver2.backend/
</VirtualHost>
..
Now,
- If I go to "http://apachefrontend.example.com";, I am
correctly ending up at "https://apachefrontend.example.com";;
- If I go to "http://appserver1[2].example.com";, I arrive to
the backend servers allright, but only via the port 80.
This behaviour is apparently correct, but so far I have not found
the right configuration options needed to enforce the secure
connection to the backend servers via the reverse proxy (I may
not enable SSL on the backend servers as they are running some
privately managed applications and cannot be tweaked).
Could someone kindly post an example of working configuration
of the same type?
Thanks ahead for any advice!
Andy.
