67

I want to proxy requests from an SSL site via a non-SSL site. My Apache httpd.conf looks like this:

<VirtualHost 1.2.3.4:80>
    ServerName foo.com
    ProxyPass / https://bar.com/
</VirtualHost>

So, when I visit http://foo.com, I expect apache to make a request to https://bar.com and send me the the page it fetched.

Instead, I get a 500 error, and in the error log, I see:

[error] proxy: HTTPS: failed to enable ssl support for 4.3.2.1:443 (bar.com)

Presumably I'm missing a directive here. Which might it be?

Never mind the security implications. I fully understand the risks.

tylerl
  • 14,885
  • 7
  • 49
  • 71

2 Answers2

86

You'll need mod_ssl, mod_proxy and optionally mod_rewrite. Depending on your distribution and Apache version you may have to check if mod_proxy_connect and mod_proxy_http are loaded as well.

The directives for enabling SSL proxy support are in mod_ssl:

<VirtualHost 1.2.3.4:80>
    ServerName foo.com
    SSLProxyEngine On
    SSLProxyCheckPeerCN on
    SSLProxyCheckPeerExpire on
    ProxyPass / https://secure.bar.com
    ProxyPassReverse / https://secure.bar.com
</VirtualHost>

IIRC you can also use:

    RewriteRule / https://secure.bar.com [P]    # don't forget to setup SSLProxy* as well
Sam Halicke
  • 6,122
  • 1
  • 24
  • 35
2

In Apache 1.x, mod_ssl would fix up ProxyPass. Do you have mod_ssl installed?

Jim Zajkowski
  • 1,604
  • 12
  • 11