I am currently setting up a secure reverse proxy. My first attempt was apache/SSL and while I have been able to get reverse proxy over normal http working fine I have come to a wall in SSL reverse proxy for some reseaon. So I thought I better ask. Maybe Apache is not the best solution for secure reverse proxy. what should I use? All I want is to push traffic some back end mail servers using a secure reverse proxy. And of course try to keep it simple and free. All help appreciated.

thanks

Hi,

And welcome to LQ!

This can be done ... the question would be whether you need SSL (or some form of
encryption) between the proxy and the actual back-end (you didn't really tell us
much about your set-up), or whether the proxy can be the end-point of the incoming
SSL for a client on the internet. Obviously there can't be a trivial solution with
SSL all the way via the proxy.

One reasonably straight forward thing to do would be to set-up the proxy as the
SSL end-point and then reverse proxy to the back-end via an ssh-tunnel.


Cheers,
Tink

I don't think I would need encryption to the backend servers, but could later. Here is what i will have

Internet Web Browser --> DMZ --> Backend Lotus Notes Webmail server

So this reverse proxy server can take Internet encrypted data via SSL port 443 or other haven't decided that yet either. Eventually I will need multiple proxies on this one server so i will need multiple outside IPs which I can then forward to multiple ports on the reverse proxy server. Then the reverse proxy can communicate at this poitn with the backend which could just be port 80. Eventually I might like it to also communicate via SSL as well but for the first test I will use port 80.

So to make it more confusing this is probably what I want or envision

InternetIP#1:443 --> Firewall send to ReverseProxy:8001 --> WebmailIP#1:80
InternetIP#2:443 --> Firewall send to ReverseProxy:8002 --> WebmailIP#2:80
InternetIP#3:443 --> Firewall send to ReverseProxy:8003 --> WebmailIP#3:80
InternetIP#4:443 --> Firewall send to ReverseProxy:8004 --> WebmailIP#4:80
InternetIP#5:443 --> Firewall send to ReverseProxy:8005 --> WebmailIP#5:80

This is probably what I would like to do. Not even sure Apache is the best for this though.

Are you intending to run that reverse proxy on a different
machine per port or what's the rationale of that? If this
isn't for some sort of load-balancing I can't see the benefit
(or how you'd easily implement that).

And you didn't tell us which snag you actually hit, either.


Cheers,
Tink

From what I read, SSL requires a unique external IP to talk on for the external clients.

So lets take one connection....

serverA.domain.com is IP-A:443 which comes from the internet, then is translated at the firewall to be ProxyServer (I should only need one Server for this implementation). The ProxyServer will need different ports so that I can have different backend servers. So lets say it runs the reverse mapping for BackServerA on port 8001 then it will pass that traffic to BackServerA and talk on 80, or I could use 443 or any portal for that matter. Then serverB.domain.com will be IP-B:443 and it is translated to ProxyServer:8002 and then passed to BackServerB for communication.

Basically I want multiple sites on the internet to be reverse proxied to internal web server and I want the internet traffic to be secure. The web site is a Lotus Mail Server. Works fine with Apache and port 80 but I haven't been able to get SSL working. So instead of doing all that work I was thinking I should ask if there is another solution that I should use instead... maybe squid or nginx or somethign like that. All this server will do is reverse proxy.

serverA.domain.com(1.1.1.1):443 -> FW -> ProxyServer(172.1.1.1):8001 -> BackServerA(10.1.1.1):80

serverB.domain.com(1.1.1.2):443 -> FW -> ProxyServer(172.1.1.1):8002 -> BackServerA(10.1.1.2):80

serverC.domain.com(1.1.1.3):443 -> FW -> ProxyServer(172.1.1.1):8003 -> BackServerA(10.1.1.3):80