Reverse Proxy with SSL

etoreo · 2014-10-04 19:47:38 UTC

I need to reverse proxy a backed SSL application.

I have been told that Proxy’ing with SSL is not supported by DH and that I will need to turn off managed Apache and set it up my self. Fair enough (although it seems like they should sport it)…

Can anyone help me with the correct Apache config settings? I have been at this for well over 2 hours with no luck.

I have a nodejs application running with SSL on port 8000.
I would like to be able to navigate to https://my.example.com and get the nodejs application running on port 8000.

Here is what I have:

<VirtualHost x.x.x.x:443>
        <IfModule apache_ssl.c>
                SSLEnable
                SSLCertificateFile /dh/apache2/apache2-yyy/keys/my.example.com.crt
                SSLCertificateKeyFile /dh/apache2/apache2-yyy/keys/my.example.com.key
                SSLCertificateChainFile /dh/apache2/apache2-yyy/keys/my.example.com.int
        </IfModule>
        <IfModule mod_ssl.c>
                SSLEngine on
                SSLCertificateFile /dh/apache2/apache2-yyy/keys/my.example.com.crt
                SSLCertificateKeyFile /dh/apache2/apache2-yyy/keys/my.example.com.key
                SSLCertificateChainFile /dh/apache2/apache2-yyy/keys/my.example.com.int
                SetEnvIf User-Agent ".*MSIE [2-5]\..*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
        </IfModule>

        ProxyPass / https://x.x.x.x:8000/
        ProxyPassReverse / https://x.x.x.x:8000/
</VirtualHost>

Apache starts just fine, but when I navigate to https://my.example.com it just spins forever and gives a connection timeout error.
What am I doing wrong?
Thanks for any help and suggestions,
-Eric

P.S. Obviously, the URL given is fake and I have really been using my own domain.

Andrew_F · 2014-10-04 22:15:09 UTC

This is supported through the panel, actually! You don’t have to mess around with the web server configuration.

Setting up a proxied URL for a domain in the Mongrel and Proxy section of the panel will work for both HTTP and HTTPS versions of the site. If you don’t want to allow proxied requests from HTTP, check the “X-Forwarded-Protocol” header in the back-end application and reject requests where it’s set to “http”.

etoreo · 2014-10-05 05:05:26 UTC

Thanks for the reply Andrew.
This conflicts with the response I received from DH technical support. But let’s assume you are correct, I am still having some issues.

In the Mongrel and Proxy panel area I set up a Proxy from my.example.com to port 8000. I then run my nodejs application that is listening with SSL on port 8000.
Under these conditions I am unable to navigate to https://my.example.com - I get a time out. When I navigate to https://example.com:8000 I get the web application with SSL encryption.

Any ideas on what I am doing wrong?

Andrew_F · 2014-10-05 06:37:13 UTC

Disable SSL for your Node application. SSL termination will be handled by the web server; the backend connection is not encrypted. (Which is fine; it’s internal to your VPS.)

system · 2014-10-05 11:41:15 UTC

Quick question please. Is there a way to tell httpd.conf to accept secure connections to port 443, then forward it to 8000? That way, page will open when browsing to https://www.example.com?

etoreo · 2014-10-05 19:21:18 UTC

Hi Andrew, Thanks for the advice… but I can’t do that. My application uses sockets and they get messed up through the proxy unless SSL is turned on.

Advice?

etoreo · 2014-10-09 03:56:25 UTC

Did Andrew die? I was really appreciating his help…