Enabling multiple https webservers through one firewall via apache reverse proxy
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Enabling multiple https webservers through one firewall via apache reverse proxy
I've read so many differing configurations that my head is swimming!
Here's the situation:
I have a smoothwall firewall (3.0) and have a single machine set up in the DMZ (orange).
There are multiple other servers set up behind the firewall (green).
What I want to do is this:
Enable two completely different domains with completely different certificates (one self signed, one purchased and verified) running on that single box in the dmz to be accessed through the single public IP running on the firewall via apache reverse proxy. Oh, and I'd like the reverse proxy to be running on that single server in the DMZ too.
The questions I have are these:
Is this even possible?
Do I comment out the _default_:443 virtualhost stanza in /etc/httpd/conf.d/ssl.conf (running CentOS)
Do I create a virtualhost stanza for each of the two different domains?
Where to stick the statements that cause reverse proxying to happen.
Yes, I've got one proxy that's got over 100 sites behind it, although only 2 or 3 domains.
Quote:
Originally Posted by Cerephim
Do I comment out the _default_:443 virtualhost stanza in /etc/httpd/conf.d/ssl.conf (running CentOS)
You can, or you can modify it to use...whatever works for you
Quote:
Originally Posted by Cerephim
Do I create a virtualhost stanza for each of the two different domains?
Most definitely, yes you will need different virtualhosts due to needing to supply different certificates.
Quote:
Originally Posted by Cerephim
Where to stick the statements that cause reverse proxying to happen.
Any help is *sincerely* appreciated!
I always throw them at the bottom of the particular stanza, right above the </VirtualHost>
Also, I *PREFER* (making sure to point out that this isn't the correct way, just how I like to do it) that I create a different *.conf file for EACH domain. I find it just makes it easier to find what I want to change when updating/changing (admittedly, this is because I have a RP that has 60+ proxies for each large domain and has 2 large domains)
Last edited by Timothy Miller; 09-11-2017 at 08:14 PM.
I'm guessing that how I set up the structure in /var/www has a profound effect on the way I would configure the reverse proxy lines.
Am I correct in assuming that in the line: "ProxyPass /akPhchubTest http://10.0.5.200:8084/akPhchubTest"
the /akPhchubTest is a reference to /var/www/html/akPhchubTest ?
Not for us, we have no actual sites hosted on this box, it's ONLY used as a proxy. All the sites that it references are on different servers, so it's actually referencing the other servers.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.