Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am currently setting up a secure reverse proxy. My first attempt was apache/SSL and while I have been able to get reverse proxy over normal http working fine I have come to a wall in SSL reverse proxy for some reseaon. So I thought I better ask. Maybe Apache is not the best solution for secure reverse proxy. what should I use? All I want is to push traffic some back end mail servers using a secure reverse proxy. And of course try to keep it simple and free. All help appreciated.
This can be done ... the question would be whether you need SSL (or some form of
encryption) between the proxy and the actual back-end (you didn't really tell us
much about your set-up), or whether the proxy can be the end-point of the incoming
SSL for a client on the internet. Obviously there can't be a trivial solution with
SSL all the way via the proxy.
One reasonably straight forward thing to do would be to set-up the proxy as the
SSL end-point and then reverse proxy to the back-end via an ssh-tunnel.
I don't think I would need encryption to the backend servers, but could later. Here is what i will have
Internet Web Browser --> DMZ --> Backend Lotus Notes Webmail server
So this reverse proxy server can take Internet encrypted data via SSL port 443 or other haven't decided that yet either. Eventually I will need multiple proxies on this one server so i will need multiple outside IPs which I can then forward to multiple ports on the reverse proxy server. Then the reverse proxy can communicate at this poitn with the backend which could just be port 80. Eventually I might like it to also communicate via SSL as well but for the first test I will use port 80.
So to make it more confusing this is probably what I want or envision
InternetIP#1:443 --> Firewall send to ReverseProxy:8001 --> WebmailIP#1:80
InternetIP#2:443 --> Firewall send to ReverseProxy:8002 --> WebmailIP#2:80
InternetIP#3:443 --> Firewall send to ReverseProxy:8003 --> WebmailIP#3:80
InternetIP#4:443 --> Firewall send to ReverseProxy:8004 --> WebmailIP#4:80
InternetIP#5:443 --> Firewall send to ReverseProxy:8005 --> WebmailIP#5:80
This is probably what I would like to do. Not even sure Apache is the best for this though.
Are you intending to run that reverse proxy on a different
machine per port or what's the rationale of that? If this
isn't for some sort of load-balancing I can't see the benefit
(or how you'd easily implement that).
And you didn't tell us which snag you actually hit, either.
From what I read, SSL requires a unique external IP to talk on for the external clients.
So lets take one connection....
serverA.domain.com is IP-A:443 which comes from the internet, then is translated at the firewall to be ProxyServer (I should only need one Server for this implementation). The ProxyServer will need different ports so that I can have different backend servers. So lets say it runs the reverse mapping for BackServerA on port 8001 then it will pass that traffic to BackServerA and talk on 80, or I could use 443 or any portal for that matter. Then serverB.domain.com will be IP-B:443 and it is translated to ProxyServer:8002 and then passed to BackServerB for communication.
Basically I want multiple sites on the internet to be reverse proxied to internal web server and I want the internet traffic to be secure. The web site is a Lotus Mail Server. Works fine with Apache and port 80 but I haven't been able to get SSL working. So instead of doing all that work I was thinking I should ask if there is another solution that I should use instead... maybe squid or nginx or somethign like that. All this server will do is reverse proxy.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.