Thursday, July 07, 2005
Setting up Apache webserver as a reverse proxy
The apache webserver can be setup as a reverse proxy. A reverse proxy helps with inbound requests. When a client makes a request to your site, the request goes to the proxy server. The proxy server then sends the client's request through a specific passage in the firewall to the content server. The content server passes the result through the passage back to the proxy. The proxy sends the retrieved information to the client, as if the proxy were the actual content server
Here are the steps to setup an apache server as a secure ssl proxy
Basic 2.0.50 Apache setup: (for a higher version of apache, replace you version number string from the setup below)
Here are the steps to setup an apache server as a secure ssl proxy
Basic 2.0.50 Apache setup: (for a higher version of apache, replace you version number string from the setup below)
- Download Apache 2.0.50 from: http://apache.roweboat.net/httpd/http-2.0.50.tar.gz
- Become 'root' user
- Extract all files from the gz archive
- gzip -d -c httpd-2.0.50.tar.gz | tar xvf -
- Setting up ssl-aware apache
- cd apache-httpd-2.0.50
- ./configure --prefix=/usr/local/apache2 --enable-mods-shared=all --enable-ssl--enable-proxy --enable-proxy-connect --enable-proxy-http --enable-rewrite
- make
- make install
- Now start your httpd server
- /bin/apachectl start
- Test installation by typing http://localhost
- Now stop httpd server
- /bin/apachectl stop
- Configuring Apache for SSL Proxy support
- Add the below specified lines to your apache config located in /conf/httpd.conf
- LoadModule proxy_module modules/mod_proxy.so
- LoadModule proxy_connect_module modules/mod_proxy_connect.so
- LoadModule proxy_http_module modules/mod_proxy_http.so
- Add the proxypass directive
- ProxyPass /abc https://someotherserver
- Get a "real world" certificate from verisign or thwate or someone else and install it into apache
- mkdir /conf/ssl.key
- mkdir /conf/ssl.crt
- cp real-world.crt /conf/ssl.crt/.
- cp real-world.key /conf/ssl.key/.
- make sure you specify the correct servername in the ssl.conf (located in /conf/ directory)
- Add the following line to under the in the ssl.conf
- SSLProxyEngine on
- Starting apache with SSL enabled configuration
- To start apache with ssl enabled :httpd -D SSL
- Test installation by typing https://
Secure your proxy server !!!
Copyright Anand Jain 2004, 2005. All rights
reserved.
Webmaster
