Search This Blog

Sunday, June 9, 2013

Windows - set up SSL/HTTPS reverse proxy using Apache HTTPD; Wrap HTTP traffic in SSL tunnel layer on Windows

Our main goal is to secure traffic that would normally go in an unsecured HTTP channel with SSL tunnel. To do that you need to buy an SSL certificate - you need to have private as well as public key for that certificate.

To have a working reverse proxy you need to enable the following modules in Apache's http.config file.

mod_ssl - this module enables HTTPS connections, encrypting traffic between the Internet and the proxy server using SSL
mod_proxy - this module enables Apache to act as a forward or reverse proxy server
mod_proxy_http - this module enables HTTP connections between the proxy server and the RequisiteWeb server
mod_vhost - controls virtual hosts in Apache



Download Apache HTTPD (version with ssl_mod already built in): here


Modify httpd.config in the following manner:

#Listen 80 - disable :80 listening port - it's not needed for 
#reverse proxy
Listen 443


#=== MODULES IMPORTANT FOR SSL REVERSE PROXY ===
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so


<VirtualHost *:443>
  ServerName *.forcom.com.pl
  ProxyRequests On
  <Proxy *>
    Order allow,deny
    Allow from all
 </Proxy>

  SSLProxyEngine On
  ProxyPass / http://127.0.0.1:890/
  ProxyPassReverse / http://127.0.0.1:890/

  LogLevel info
  ErrorLog "c:/ApacheLogs/ssl-proxy.log"
  CustomLog "c:/ApacheLogs/ssl-proxy.log" combined

  SSLEngine on
  SSLProxyEngine On
  SSLProtocol all
  SSLCertificateFile "C:/cert/ssl/fcompany.pem"
  SSLCertificateKeyFile "C:/cert/ssl/fcompanypriv.key"
</VirtualHost>


Apache HTTPD config file along with sample certificates can be downloaded from here.

3 comments:

  1. The information on this blog is very useful and very interesting. If someone needs to know about the just click access Mp3skull in UK

    ReplyDelete
  2. This article really helped me out. Thanks for posting!

    - Steve

    ReplyDelete
  3. Interesting topic for a blog. I have been searching the Internet for fun and came upon your website. Fabulous post. Thanks a ton for sharing your knowledge! It is great to see that some people still put in an effort into managing their websites Microleaves. I'll be sure to check back again real soon.

    ReplyDelete

If you like this post, please leave a comment :)