How apache reverse proxy can be configured without breaking the https tunnel between client & server?
Question
I have configured apache reverse proxy. In that configuration https connection is possible between client to reverse proxy and again reverse proxy to server. But I want https connection between client to server like forward proxy. The https connection should not be broken at reverse proxy.
Https tunnel New Https tunnel
<===============> <===================>
Client-----------------------Apache Reverse proxy ----------------------------Server
Above solution is not desirable.
Https Tunnel
<========================================>
Client--------------------Apache Reverse proxy ----------------Server
Above solution is desirable.
If end to end https tunnel is not possible in reverse proxy then how can it be ensured that ssl proxying option is safe and even the Reverse proxy administrator(if reverse proxy got compromised) can not decrypt the tunnel or man in middle attack can't be done.
1 answers
solution1
0 ACCPTED 2014-11-07 09:10:29
You can't. Because HTTPS by design guarantees that the sender is talking to the receiver via certificates. Your proxy here would be "the man in the middle" :-)
See http://en.wikipedia.org/wiki/Reverse_proxy
In the case of secure websites, a web server may not perform SSL encryption itself, but instead offloads the task to a reverse proxy that may be equipped with SSL acceleration hardware. (See SSL termination proxy.)
What you can do
Client------Apache Reverse proxy----SC--------------SS---------Server
HTTPS SSL HTTP
(listen to 443)
Where SC = Stunnel Client and SS = Stunnel Server
SC must run in the same machine as your apache reverse proxy, while SS must run in your server target.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.