Re: [users@httpd] Apache2.4 forward proxy ssl between client and proxy server

Tue, 10 Apr 2018 07:59:26 -0700 

Just tested this setup , out of pure boredom and it works as expected
(ubuntu 16.04)

Proxy server modules needed to enable: ssl,proxy,proxy_connect
Proxy Config (n1: virtualhost)
        <VirtualHost _default_:443>
                ErrorLog error.log
                SSLEngine on
                SSLCertificateFile      ssl/proxy.crt
                SSLCertificateKeyFile ssl/proxy.key
                
                ProxyRequests On
                ProxyVia On
                <Proxy "*">
                <RequireAny>
                   Require expr %{HTTP_HOST} =~
/^192.168.99.11:443$/
                </RequireAny>
                </Proxy>
        </VirtualHost>


Backend server modules needed to enable: ssl
Backend server (n2: virtualhost)
        <VirtualHost _default_:443>
                DocumentRoot /var/www/html
                ErrorLog error.log

                SSLEngine on
                SSLCertificateFile  ssl/server.crt
                SSLCertificateKeyFile ssl/server.key
                <Directory /var/www/html>
                        # Only from proxy IP
                        Require ip 192.168.99.10
                </Directory>
        </VirtualHost>



>From a third VM
$ curl -k --proxy-insecure -x  https://192.168.99.10 -k https://192.168
.99.11
> Hello from n2

$ curl -k --proxy-insecure -x  https://192.168.99.10 -k https://www.goo
gle.com
curl: (56) Received HTTP code 403 from proxy after CONNECT

On Tue, 2018-04-10 at 14:40 +0100, Rajesh Cherukuri wrote:
> Eric 
> 
>  In that case if it uses  connect  over http , do you think this
> would be the reason why i get below in the error logs  then i am not
> sure why would the HTTP urls fail with 400 band request 
> 
> 
> 
> SSL Library Error: error:1407609B:SSL
> routines:SSL23_GET_CLIENT_HELLO:https proxy request -- speaking HTTP
> to HTTPS port!?
> 
> 
> On Tue, Apr 10, 2018 at 1:34 PM, Eric Covener <cove...@gmail.com>
> wrote:
> > On Tue, Apr 10, 2018 at 8:10 AM, Rajesh Cherukuri <rajecher@gmail.c
> > om> wrote:
> > > Eric
> > >
> > >  So you mean to say that i can't use a browser that has proxy
> > configuration
> > > as  apache  HTTPS forwarding  proxy and then use it to connect to
> > http and
> > > https urls ?
> > 
> > I'm saying if you configure a browser to use a proxy for HTTPS
> > connections, it uses CONNECT over HTTP to the proxy server.
> > 
> > -----------------------------------------------------------------
> > ----
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> > 
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to