here is what I tired to do:
Apache error log:
[client 192.168.2.157] SSL Proxy requested for test.xxx.com:443 but not enabled [Hint: SSLProxyEngine]
[error] proxy: HTTPS: failed to enable ssl support for 192.168.2.157:443 (test.xxx.com)
Then I tried use apache(on the internet) proxy to https://google.com and the error log is the same.
However,https to http works. browser -internet-> https(Apache proxypass)-intranet->(Apache http)
My config:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/xxx_com.crt
SSLCertificateKeyFile /etc/apache2/ssl/xxx_com.key
SSLCertificateChainFile /etc/apache2/ssl/sub.class2.server.ca.pem
ProxyPreserveHost On
ProxyRequests Off
ProxyVia Off
AllowEncodedSlashes NoDecode
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / https://2w.xxx.com/
ProxyPassReverse / https://2w.xxx.com/
ServerName test.xxx.com
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
ErrorLog "/var/log/apache2/error-ssl.log"
</VirtualHost>
OR:
<VirtualHost *:443>
ProxyPass / https://google.com/
ProxyPassReverse / https://google.com/
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/xxx_com.crt
SSLCertificateKeyFile /etc/apache2/ssl/xxx_com.key
SSLCertificateChainFile /etc/apache2/ssl/sub.class2.server.ca.pem
ServerName test.xxx.com
</VirtualHost>
Seems like it's not possible for apache to handle https to https? if apache does not support this how about nginx?
<VirtualHost *:443>
SSLEngine On
SSLProxyEngine On
ServerName my.example.com:443
SSLCertificateFile "${SRVROOT}/conf/ssl/example.pem"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/example.key"
ErrorLog "|bin/rotatelogs.exe -l /var/logs/apache/example/error.%Y-%m-%d.log 86400"
CustomLog "|bin/rotatelogs.exe -l /var/logs/apache/example/ssl_request.%Y-%m-%d.log 86400" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ProxyRequests Off
ProxyPass / https://www.google.com/
<Location />
ProxyPassReverse /
Options FollowSymLinks
Require all granted
</Location>
</VirtualHost>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.