Apache Reverse Proxy


#1

Hi,
I have an apache proxy that map some services.
Some are hosted on the same machine under tomcat / https, others are on other machines. I would like to create a new server to host only apache and use as reverse proxy for these services. I would like to use a new clean VM with Apache and “letsencrypt / certbot” to certify services. What is best way to proceed? Can I install on this machine certbot apache and use it to certify all services mapped? As usual routes in this case the verification? Thanks in advance .

my actual apache conf.

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ProxyRequests off
        ProxyPreserveHost on
        SSLProxyEngine on

...

        ServerName XYZ

        <Proxy balancer://xyz>
                # WebHead1
                BalancerMember https://AAA.BBB.CCC.DDD:8443
               

                # Security "technically we aren't blocking
                # anyone but this the place to make those
                # chages
                Order Deny,Allow
                Deny from none
                Allow from all

                # Load Balancer Settings
                # We will be configuring a simple Round
                # Robin style load balancer.  This means
                # that all webheads take an equal share of
                # of the load.
                ProxySet lbmethod=byrequests

        </Proxy>
... etc

#2

I’ve used certbot with mod_proxy before and the apache plugin seems to handle it just fine, as long as you have your VirtualHosts split up into separate files as it expects. I was using ProxyPass rather than <Proxy>, but I doubt that would make a difference.

Note that the resulting certificates will be installed on the proxy machine to protect the connection between an end-user’s browser and the proxy - they won’t secure the connection from the proxy to the backends. For that it’s probably simpler to whitelist some self-signed certs.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.