[H-GEN] Setting up reverse proxy for SSL

Michael Anthon michael at anthon.net
Mon Feb 19 17:35:00 EST 2001 

[ Humbug *General* list - semi-serious discussions about Humbug and  ]
[ Unix-related topics.  Please observe the list's charter.           ]
[ Worthwhile understanding: http://www.humbug.org.au/netiquette.html ]

I'm currently investigating a setup whereby I have a web server that is
visible to the internet and an application server inside a WAN.  I need
to enable SSL access to this application server.

Poking around in the apache configs, I have found that the mod_proxy
seems to be able to do this, however I'm a little confused about
something still.  My main concern is to do with the certificates.  If I
use the ProxyPass option to proxy requests from the web server to the
app server, does it correctly handle the certificates?  

What I am a bit uncertain of is that the browser has requested a SSL
connection to a certain address, however this request is then proxied to
another address, will this not confuse the browser?

I will be setting up a test system for this today hopefully, but any
pointers/pitfalls would be appreciated.

On another note re SSL, I have a PHP script that I am using to deliver
content.  This content may be one of several different formats (html,
pdf, ms word and ms excel so far).  To handle this, I was looking at the
document type, then sending the appropriate Content-type header, a
Content-length header (Netscape has trouble with PDF documents without
this... odd) and a Content-disposition header to specify a suggested
filename.  This was all working rather nicely and works with IE, NS4,
NS6, Mozilla and Opera.  However, when I switched over to using SSL to
connect to the server it didn't work so well.  For some reason IE will
not download the files, it returns some vague error about not being able
to download the file, showing the name of the script, not the name
provided in the Content-disposition header.  Anyone got an idea what
might be going on here, or perhaps there's a better way to do what I
want to do? (I'm tossing up the idea of using the method where you map
the first part of a URL to a script so that I can provide the complete
filename at the end of the URL... can't recall the name of this method
at the moment)

Cheers
Michael

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.

More information about the General mailing list