3

I need to communicate with a httpS SOAP server on a different port than the standard 443. The client app doesn't work (because of restrictions) with different ports than the standard ones for HTTP and HTTPS

How can I setup my linux server running Apache to tunnel all these requests coming in at soap.domain.com to https://soapserver.otherdomain.com:1234/Service.asmx ?

jrnk
  • 31
  • 1
  • 2

3 Answers3

1

A reverse proxy will help you.

You can use apache mod_proxy to help you. By using mod_proxy apache will receive the request on the standard HTTP/HTTPS ports and then internally redirect it to the SOAP server.

http://httpd.apache.org/docs/2.0/mod/mod_proxy.html

Read up on reverse proxy. It will help you understand better.

Sameer
  • 4,070
  • 2
  • 16
  • 11
  • Thanks, but is it going to be a problem that I will be running this through a self-signed SSL certificate on the proxy? – jrnk Dec 05 '10 at 20:46
  • That won't be a problem! Remember that specifying HTTPS without a port in a URL says two things. One, that you're using a secure channel. Two, that you're using port 443. By specifying an alternate port, you're still using an encrypted stream. – Andrew M. Dec 06 '10 at 03:08
1

I'd use a reverse proxy such as haproxy or nginx with proxy_pass option.

Both will allow you to proxy requests to upstream servers and both will allow HTTPS to soap.domain.com and allow proxying to an encrypted HTTPS upstream server in your case: https://soapserver.otherdomain.com:1234/Service.asmx

In my experience nginx is the somewhat easier to setup and configure.

An appropriate nginx configuration may resemble the following:

listen       443 ssl;
server_name  soap.domain.com;
ssl_certificate     soap.domain.com.crt;
ssl_certificate_key soap.domain.com.key;
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers         HIGH:!aNULL:!MD5;

location / {
    proxy_pass https://soapserver.otherdomain.com:1234;                     
}

And yes, you can use a self signed certificate

hookenz
  • 14,132
  • 22
  • 86
  • 142
0

I'm not clear where you need to do this - on the SOAP client? On the SOAP server? somewhere in between? The approach is the same regardless - there are multiple ways of doing this.

  • You could use iptables to rewrite the packet addresses.
  • Run a packet proxy daemon (e.g. netcat) to listen on port 443 and connect to port XXX
  • Configure [x]inetd to listen on port 443 and run a generic socket client (e.g. netcat again) connecting to port XXX

The first method would allow you to preserve the client address seen by the server.

symcbean
  • 19,931
  • 1
  • 29
  • 49
  • Thanks, I will look into this; I need to do this in between, since the SOAP client is unable to connect to a different port than the standard available ones and the SOAP server is beyond my control and is running on another port. So therefore I have a need to place one in the middle that basically just answers the requests from the client to (https)soap.serverinthemiddle.com with the actual answer of (https)soap.server.com:1234/Service.asmx – jrnk Dec 07 '10 at 08:23
  • You probably don't need a seperate machine - all three approaches would work deployed on either the client or the server - but since I assume that the soap service runs on a MSWindows box, it's rather difficult to implement there. – symcbean Dec 08 '10 at 10:40