I have spent 3 days on this problem and have hit a brick wall but I am a bit of a nube so please be gentle.

I am trying to set up a debian linux server to be a proxy to a windows server. The windows box is in a different data centre to the linux, it has http and https elements to the web site hosted on the server. We physically moved the windows server to a new data centre so it has a new ip address and I installed the linux server in the original datacentre using the original ip address.

I have installed openssl apache 1.3.xx and apache-ssl packages to the server, I reliase that I might be able to just use apache-ssl but for the time being I have both.

I have loaded the proxy_module /usr/lib/apache/1.3/libproxy.so and edited the modules.conf file.

In my httpd.conf file I have the following (edited for security)

<VirtualHost *:80>
ServerName my.server.com
ProxyPass / http://my.ip.49.20/
ProxyPassReverse / http://my.ip.49.20/
</VirtualHost>

This works fine for browser traffic to http://my.server.com from my windows workstation. I get the page I was expecting on the windows web server and because I am using Firefox with an plugin loaded in the bottom right hand corner of my browser I see I am connected to the original ip address.

So far so good: Now I want to do the same but for https traffic to the same server.

Using apache-ssl
I have imported the certificate file from the windows box as a .pfx. I converted it to .pem format using pkcs12

I then edited that file to leave me with the
---Begin Key---
*****
-----End Key ----
and

----Begin Certificate ----
***
---End Certificate ----

as two separate files named xxx.crt and xxx.key and have referenced them in the virtual host definition


In the /etc/apache-ssl/httpd.conf file I have

SSLDisable
<VirtualHost my.server.com:443>
SSLEnable
SSLCertificateFile /etc/apache-ssl/myfile.crt
SSLCertificateKeyFile /etc/apache-ssl/myfile.key
Servername my.server.com
ProxyPass / https://my.ip.49.20/
ProxyPassReverse / https://my.ip.49.20/
</VirtualHost>

But it does not work at all.

I think I am missing something that is right in front of me but can not see it.
Can anybody help please ?

Have you seen reference guides doing this? I wouldn't think it would be possible / logical to do this, as the proxy directives you have there relate to mapping of POST and GETs which wouldn't be applicable to SSL connections. Check the SSLProxy* directives within mod_ssl, i think that's more where you want to be looking. http://httpd.apache.org/docs/2.0/mod/mod_ssl.html

Hi not sure but I think I have made progress.

I have slightly altered the certificate and key. The SSL part of httpd.conf in the apache-ssl still looks the same as shown but I am now getting a different error when I try to connect, the error is the same for IE or Firefox see below.


Forbidden
You don't have permission to access / on this server.


--------------------------------------------------------------------------------

Apache/1.3.34 Ben-SSL/1.55 Server xxxxxxxxxxxxxxxx.com Port 443

The certificate seems to be correct now and accepted, if I click on the padlock symbol in either IE or Firefox I get all the correct details so now I think I am very close.

Any pointers from anybody would be a big help.

Hi not sure but I think I have made progress.

I have slightly altered the certificate and key. The SSL part of httpd.conf in the apache-ssl still looks the same as shown but I am now getting a different error when I try to connect, the error is the same for IE or Firefox see below.


Forbidden
You don't have permission to access / on this server.


--------------------------------------------------------------------------------

Apache/1.3.34 Ben-SSL/1.55 Server xxxxxxxxxxxxxxxx.com Port 443

The certificate seems to be correct now and accepted, if I click on the padlock symbol in either IE or Firefox I get all the correct details so now I think I am very close.

Any pointers from anybody would be a big help.