Very Computer

I wonder if you can help.

What I need to do is configure the following:

External browser connects to Apache on using SSL. [https]

Apache decodes SSL to plain text [https]

Apache acts as a proxy to pass it to the internal gateway.

-

The problem is that it is easy to have Apache decode the SSL. It is
easy to set up Apache to proxy http. It is easy to set up Apache to
proxy https.

However I don't see how to set it up so that it translates https to
http then proxies the result.

The problem seems to be in the config of the modules in httpd.conf.
You set up the proxy rule in one section, for one module and the SSL
decoding rule in another section for another rule. What I would like
to do is ask Apache to only look at the proxy rule after doing the SSL
decoding.

Has anybody done this? If not, have you any suggestions?

Any help gratefully received!

Regards,
Peter

Quote:> What I need to do is configure the following:

> External browser connects to Apache on using SSL. [https]

> Apache decodes SSL to plain text [https]

> Apache acts as a proxy to pass it to the internal gateway.

> The problem is that it is easy to have Apache decode the SSL. It is
> easy to set up Apache to proxy http. It is easy to set up Apache to
> proxy https.

> However I don't see how to set it up so that it translates https to
> http then proxies the result.

> The problem seems to be in the config of the modules in httpd.conf.
> You set up the proxy rule in one section, for one module and the SSL
> decoding rule in another section for another rule. What I would like
> to do is ask Apache to only look at the proxy rule after doing the SSL
> decoding.

> Has anybody done this? If not, have you any suggestions?

Huh?  That's trivial.  Look in the mod_ssl docs for examples.  

I have. This isn't there. If it is trivial, and you have done it, or
you know where to find the example I have missed, maybe you could post
how to do it here.

It would be useful!

I set up a configuration like this using apache+mod_ssl-1.3.23+2.8.7,
enabling mod_proxy.  I commented out the DocumentRoot and all <Directory>
definitions, and under the <VirtualHost _default_:443> section, set my
Proxy* directives.  It worked fabulously, and I went home happy.

The next day, however, was working *extremely* slowly.  I rebooted both the
proxy/ssl machine, and the http server behind it, but was unable to get the
same responsiveness out of it as when I first had it going.  I think this
may have something to do with a conditional GET being made by the proxy
(304 response) even though I have NoCache * set in the configuration.

If you like, I can send you my httpd.conf and you may have better luck with
it.

/doug

Yes please!!

I have found the same problem - SSL working fine, and quite fast, but
the proxy being really slow.