Cert requirements for re-encrypting to/from backend web server

luminarycrush · April 5, 2018, 11:49pm

Yes, you are correct re: ProxyPass to a subdirectory pointing to a different server.

Current, on proxy host, defined in site-non-ssl.conf (working for a long time)

<other stuff>

# tracker
ProxyPass /tracker http://10.0.0.3:80/tracker
ProxyPassReverse /tracker http://10.0.0.3:80/tracker

# catch-all to main web server
ProxyPass / http:/10.0.0.2/ connectiontimeout=10 timeout=120 Keepalive=On
ProxyPassReverse / http://10.0.0.2/

Current, on proxy host, defined in site-ssl.conf:

<other stuff, ssl stuff>

# tracker
ProxyPass /tracker https://10.0.0.3:443/tracker
ProxyPassReverse /tracker https://10.0.0.3:443/tracker

# catch-all to main web server
ProxyPass / https:/10.0.0.2:443/ connectiontimeout=10 timeout=120 Keepalive=On
ProxyPassReverse / https://10.0.0.2:443/

Then on main web server (10.0.0.2), site-non-ssl.conf:

<VirtualHost *:80>

ServerName sailtracker.net
ServerAlias www.sailtracker.net
Redirect / https://www.sailtracker.net

</VirtualHost>

The above all works fine, certbot handles it fine on servers 1 (proxy) and 2 (eg 10.0.0.2).

When I tried to do this for certs for 10.0.0.3, the tracker server, it doesn’t know what to do to validate.

Topic		Replies	Views
Letsencrypt noob.. Apache reverse proxy + SSL on backend Help	3	8028	August 22, 2018
Distributed site encryption Help	5	997	July 19, 2019
Using let's encrypt in the backend server Help	11	3445	January 8, 2020
Multiple servers: what are all the options and requirements to get it working? Help	20	11198	March 13, 2020
Certbot - HTTP Challenge with NGINX and HTTP to HTTPS Redirects Help	4	4985	June 21, 2017

Cert requirements for re-encrypting to/from backend web server

Related topics