Mailing List Archive

That depends on your requirements. You can terminate SSL at the proxy or
the web server,

Nick

On Mon, Apr 19, 2021 at 6:08 AM Jason Long <hack3rcon@yahoo.com.invalid>
wrote:

> Hello,
> In below diagram, which server must use HTTPS certification?
>
> The Internet ---> Apache Reverse Proxy (Public IP) ---> Web Site (Internal
> IP)
>
>
> Thank you.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Hi Jason

Definitely "Apache Reverse Proxy (Public IP)", whereas you could use for
example

https://letsencrypt.org/
https://certbot.eff.org/

Depending on how your connection between "Apache Reverse Proxy (Public
IP) ---> Web Site (Internal IP)" is protected, you might also want to
consider a self-signed certificate for "Web Site (Internal IP)"

HTH

Michael

Am 19.04.21 um 12:07 schrieb Jason Long:
> Hello,
> In below diagram, which server must use HTTPS certification?
>
> The Internet ---> Apache Reverse Proxy (Public IP) ---> Web Site (Internal IP)
>
>
> Thank you.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

my "definitely at the proxy" was probably answered a little bit too
quickly/intuitive :-)

As Nick is writing, it depends on your requirements and I was too
focused on my own requirements :-)

Thanks

Michael

Am 19.04.21 um 12:17 schrieb Nick Folino:
> That depends on your requirements.  You can terminate SSL at the proxy
> or the web server,
>
> Nick
>
> On Mon, Apr 19, 2021 at 6:08 AM Jason Long
> <hack3rcon@yahoo.com.invalid> wrote:
>
> Hello,
> In below diagram, which server must use HTTPS certification?
>
> The Internet ---> Apache Reverse Proxy (Public IP) ---> Web Site
> (Internal IP)
>
>
> Thank you.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> <mailto:users-unsubscribe@httpd.apache.org>
> For additional commands, e-mail: users-help@httpd.apache.org
> <mailto:users-help@httpd.apache.org>
>

Thank you.
On my Apache Reverse Proxy, I have a .conf as below:

# cat /etc/httpd/conf.d/reverse_proxy.conf 
<VirtualHost *:80>
        ProxyPreserveHost On
        ProxyPass / http://192.168.56.9/
        ProxyPassReverse / http://192.168.56.9/
</VirtualHost>


And my website configuration file is on "192.168.56.9" server. Thus, if I setup Let's Encrypt on my Apache Reverse Proxy Server, then I just need below lines in a separate .conf file?

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin root@localhost
ServerName Example.example
ServerAlias www.Example.example
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log common
SSLEngine On
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/Example.example/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/Example.example/privkey.pem
</VirtualHost>
</IfModule>


About about self-signed certificate, could above file contain two separate certification?




On Monday, April 19, 2021, 02:48:24 PM GMT+4:30, Michael Wechner <michael.wechner@wyona.com> wrote:





Hi Jason

Definitely "Apache Reverse Proxy (Public IP)", whereas you could use for
example

https://letsencrypt.org/
https://certbot.eff.org/

Depending on how your connection between "Apache Reverse Proxy (Public
IP) ---> Web Site (Internal IP)" is protected, you might also want to
consider a self-signed certificate for "Web Site (Internal IP)"

HTH

Michael

Am 19.04.21 um 12:07 schrieb Jason Long:
> Hello,
> In below diagram, which server must use HTTPS certification?
>
> The Internet ---> Apache Reverse Proxy (Public IP) ---> Web Site (Internal IP)
>
>
> Thank you.

>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

http://httpd.apache.org/docs/2.4/ssl/

Nick

On Mon, Apr 19, 2021 at 6:37 AM Jason Long <hack3rcon@yahoo.com.invalid>
wrote:

> Thank you.
> On my Apache Reverse Proxy, I have a .conf as below:
>
> # cat /etc/httpd/conf.d/reverse_proxy.conf
> <VirtualHost *:80>
> ProxyPreserveHost On
> ProxyPass / http://192.168.56.9/
> ProxyPassReverse / http://192.168.56.9/
> </VirtualHost>
>
>
> And my website configuration file is on "192.168.56.9" server. Thus, if I
> setup Let's Encrypt on my Apache Reverse Proxy Server, then I just need
> below lines in a separate .conf file?
>
> <IfModule mod_ssl.c>
> <VirtualHost *:443>
> ServerAdmin root@localhost
> ServerName Example.example
> ServerAlias www.Example.example
> ErrorLog /var/log/httpd/error.log
> CustomLog /var/log/httpd/access.log common
> SSLEngine On
> Include /etc/letsencrypt/options-ssl-apache.conf
> SSLCertificateFile /etc/letsencrypt/live/Example.example/fullchain.pem
> SSLCertificateKeyFile /etc/letsencrypt/live/Example.example/privkey.pem
> </VirtualHost>
> </IfModule>
>
>
> About about self-signed certificate, could above file contain two separate
> certification?
>
>
>
>
> On Monday, April 19, 2021, 02:48:24 PM GMT+4:30, Michael Wechner <
> michael.wechner@wyona.com> wrote:
>
>
>
>
>
> Hi Jason
>
> Definitely "Apache Reverse Proxy (Public IP)", whereas you could use for
> example
>
> https://letsencrypt.org/
> https://certbot.eff.org/
>
> Depending on how your connection between "Apache Reverse Proxy (Public
> IP) ---> Web Site (Internal IP)" is protected, you might also want to
> consider a self-signed certificate for "Web Site (Internal IP)"
>
> HTH
>
> Michael
>
> Am 19.04.21 um 12:07 schrieb Jason Long:
> > Hello,
> > In below diagram, which server must use HTTPS certification?
> >
> > The Internet ---> Apache Reverse Proxy (Public IP) ---> Web Site
> (Internal IP)
> >
> >
> > Thank you.
>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

I created a Self-Signed SSL Certificate for Apache and changed my Apache configuration file on Apache Reverse Proxy Server as below:

<VirtualHost *:80>
        ServerName 192.168.56.9
        ProxyPreserveHost On
        ProxyPass / http://192.168.56.9/
        ProxyPassReverse / http://192.168.56.9/
        Redirect / https://192.168.56.9/
</VirtualHost>
<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/selfsigned.crt
    SSLCertificateKeyFile /etc/pki/tls/private/selfsigned.key
</VirtualHost>

But when I browse my Reverse Proxy Server IP, then it is HTTP and not HTTPS. why?
It doesn't show "https://www.tecmint.com/wp-content/uploads/2020/05/SSL-Certificate-Warning.png" error too.




On Monday, April 19, 2021, 03:18:25 PM GMT+4:30, Nick Folino <nick@folino.us> wrote:





http://httpd.apache.org/docs/2.4/ssl/

Nick

On Mon, Apr 19, 2021 at 6:37 AM Jason Long <hack3rcon@yahoo.com.invalid> wrote:
> Thank you.
> On my Apache Reverse Proxy, I have a .conf as below:
>
> # cat /etc/httpd/conf.d/reverse_proxy.conf 
> <VirtualHost *:80>
>         ProxyPreserveHost On
>         ProxyPass / http://192.168.56.9/
>         ProxyPassReverse / http://192.168.56.9/
> </VirtualHost>
>
>
> And my website configuration file is on "192.168.56.9" server. Thus, if I setup Let's Encrypt on my Apache Reverse Proxy Server, then I just need below lines in a separate .conf file?
>
> <IfModule mod_ssl.c>
> <VirtualHost *:443>
> ServerAdmin root@localhost
> ServerName Example.example
> ServerAlias www.Example.example
> ErrorLog /var/log/httpd/error.log
> CustomLog /var/log/httpd/access.log common
> SSLEngine On
> Include /etc/letsencrypt/options-ssl-apache.conf
> SSLCertificateFile /etc/letsencrypt/live/Example.example/fullchain.pem
> SSLCertificateKeyFile /etc/letsencrypt/live/Example.example/privkey.pem
> </VirtualHost>
> </IfModule>
>
>
> About about self-signed certificate, could above file contain two separate certification?
>
>
>
>
> On Monday, April 19, 2021, 02:48:24 PM GMT+4:30, Michael Wechner <michael.wechner@wyona.com> wrote:
>
>
>
>
>
> Hi Jason
>
> Definitely "Apache Reverse Proxy (Public IP)", whereas you could use for
> example
>
> https://letsencrypt.org/
> https://certbot.eff.org/
>
> Depending on how your connection between "Apache Reverse Proxy (Public
> IP) ---> Web Site (Internal IP)" is protected, you might also want to
> consider a self-signed certificate for "Web Site (Internal IP)"
>
> HTH
>
> Michael
>
> Am 19.04.21 um 12:07 schrieb Jason Long:
>> Hello,
>> In below diagram, which server must use HTTPS certification?
>>
>> The Internet ---> Apache Reverse Proxy (Public IP) ---> Web Site (Internal IP)
>>
>>
>> Thank you.
>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

You need to read the documentation and search for examples on how to
configure HTTPS.

On Mon, Apr 19, 2021 at 8:26 AM Jason Long <hack3rcon@yahoo.com.invalid>
wrote:

> I created a Self-Signed SSL Certificate for Apache and changed my Apache
> configuration file on Apache Reverse Proxy Server as below:
>
> <VirtualHost *:80>
> ServerName 192.168.56.9
> ProxyPreserveHost On
> ProxyPass / http://192.168.56.9/
> ProxyPassReverse / http://192.168.56.9/
> Redirect / https://192.168.56.9/
> </VirtualHost>
> <VirtualHost *:443>
> SSLEngine on
> SSLCertificateFile /etc/pki/tls/certs/selfsigned.crt
> SSLCertificateKeyFile /etc/pki/tls/private/selfsigned.key
> </VirtualHost>
>
> But when I browse my Reverse Proxy Server IP, then it is HTTP and not
> HTTPS. why?
> It doesn't show "
> https://www.tecmint.com/wp-content/uploads/2020/05/SSL-Certificate-Warning.png"
> error too.
>
>
>
>
> On Monday, April 19, 2021, 03:18:25 PM GMT+4:30, Nick Folino <
> nick@folino.us> wrote:
>
>
>
>
>
> http://httpd.apache.org/docs/2.4/ssl/
>
> Nick
>
> On Mon, Apr 19, 2021 at 6:37 AM Jason Long <hack3rcon@yahoo.com.invalid>
> wrote:
> > Thank you.
> > On my Apache Reverse Proxy, I have a .conf as below:
> >
> > # cat /etc/httpd/conf.d/reverse_proxy.conf
> > <VirtualHost *:80>
> > ProxyPreserveHost On
> > ProxyPass / http://192.168.56.9/
> > ProxyPassReverse / http://192.168.56.9/
> > </VirtualHost>
> >
> >
> > And my website configuration file is on "192.168.56.9" server. Thus, if
> I setup Let's Encrypt on my Apache Reverse Proxy Server, then I just need
> below lines in a separate .conf file?
> >
> > <IfModule mod_ssl.c>
> > <VirtualHost *:443>
> > ServerAdmin root@localhost
> > ServerName Example.example
> > ServerAlias www.Example.example
> > ErrorLog /var/log/httpd/error.log
> > CustomLog /var/log/httpd/access.log common
> > SSLEngine On
> > Include /etc/letsencrypt/options-ssl-apache.conf
> > SSLCertificateFile /etc/letsencrypt/live/Example.example/fullchain.pem
> > SSLCertificateKeyFile /etc/letsencrypt/live/Example.example/privkey.pem
> > </VirtualHost>
> > </IfModule>
> >
> >
> > About about self-signed certificate, could above file contain two
> separate certification?
> >
> >
> >
> >
> > On Monday, April 19, 2021, 02:48:24 PM GMT+4:30, Michael Wechner <
> michael.wechner@wyona.com> wrote:
> >
> >
> >
> >
> >
> > Hi Jason
> >
> > Definitely "Apache Reverse Proxy (Public IP)", whereas you could use for
> > example
> >
> > https://letsencrypt.org/
> > https://certbot.eff.org/
> >
> > Depending on how your connection between "Apache Reverse Proxy (Public
> > IP) ---> Web Site (Internal IP)" is protected, you might also want to
> > consider a self-signed certificate for "Web Site (Internal IP)"
> >
> > HTH
> >
> > Michael
> >
> > Am 19.04.21 um 12:07 schrieb Jason Long:
> >> Hello,
> >> In below diagram, which server must use HTTPS certification?
> >>
> >> The Internet ---> Apache Reverse Proxy (Public IP) ---> Web Site
> (Internal IP)
> >>
> >>
> >> Thank you.
> >
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >> For additional commands, e-mail: users-help@httpd.apache.org
> >>
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Hi Jason

The reverse proxy entries should look something like

<VirtualHost *:80>
    ServerAdmin michael.wechner@wyona.com
    ServerName www.wechner.ch
    ServerAlias wechner.ch
    ErrorLog ${APACHE_LOG_DIR}/wechner.ch-error_log
    CustomLog ${APACHE_LOG_DIR}/wechner.ch-access_log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =wechner.ch [OR]
RewriteCond %{SERVER_NAME} =www.wechner.ch
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

which means when you enter http://wechner.ch you will get redirected to
https://wechner.ch


<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin michael.wechner@wyona.com
    ServerName www.wechner.ch
    ServerAlias wechner.ch
    ErrorLog ${APACHE_LOG_DIR}/wechner.ch-error_log
    CustomLog ${APACHE_LOG_DIR}/wechner.ch-access_log combined

    ProxyPassReverseCookiePath /yanel /

    ProxyPass           /  http://127.0.0.1:7070/yanel/wechner/
    ProxyPassReverse    /  http://127.0.0.1:7070/yanel/wechner/

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/katerinaoliveros.com-0001/cert.pem
SSLCertificateKeyFile
/etc/letsencrypt/live/katerinaoliveros.com-0001/privkey.pem
SSLCertificateChainFile
/etc/letsencrypt/live/katerinaoliveros.com-0001/chain.pem
</VirtualHost>

and the virtual host config  for 443 should contain the ProxyPass entries.

Actually certbot should do all of this for you automatically. Maybe you
can try the following

- Delete the virtual host config for 443/HTTPS
- Make sure the virtual host config for 80/HTTP without SSL works
- Run certbot
- When certbot asks you whether you want to redirct from HTTP to HTTPS,
then select yes

HTH

Michael



Am 19.04.21 um 14:26 schrieb Jason Long:
> I created a Self-Signed SSL Certificate for Apache and changed my Apache configuration file on Apache Reverse Proxy Server as below:
>
> <VirtualHost *:80>
>         ServerName 192.168.56.9
>         ProxyPreserveHost On
>         ProxyPass / http://192.168.56.9/
>         ProxyPassReverse / http://192.168.56.9/
>         Redirect / https://192.168.56.9/
> </VirtualHost>
> <VirtualHost *:443>
>     SSLEngine on
>     SSLCertificateFile /etc/pki/tls/certs/selfsigned.crt
>     SSLCertificateKeyFile /etc/pki/tls/private/selfsigned.key
> </VirtualHost>
>
> But when I browse my Reverse Proxy Server IP, then it is HTTP and not HTTPS. why?
> It doesn't show "https://www.tecmint.com/wp-content/uploads/2020/05/SSL-Certificate-Warning.png" error too.
>
>
>
>
> On Monday, April 19, 2021, 03:18:25 PM GMT+4:30, Nick Folino <nick@folino.us> wrote:
>
>
>
>
>
> http://httpd.apache.org/docs/2.4/ssl/
>
> Nick
>
> On Mon, Apr 19, 2021 at 6:37 AM Jason Long <hack3rcon@yahoo.com.invalid> wrote:
>> Thank you.
>> On my Apache Reverse Proxy, I have a .conf as below:
>>
>> # cat /etc/httpd/conf.d/reverse_proxy.conf
>> <VirtualHost *:80>
>>         ProxyPreserveHost On
>>         ProxyPass / http://192.168.56.9/
>>         ProxyPassReverse / http://192.168.56.9/
>> </VirtualHost>
>>
>>
>> And my website configuration file is on "192.168.56.9" server. Thus, if I setup Let's Encrypt on my Apache Reverse Proxy Server, then I just need below lines in a separate .conf file?
>>
>> <IfModule mod_ssl.c>
>> <VirtualHost *:443>
>> ServerAdmin root@localhost
>> ServerName Example.example
>> ServerAlias www.Example.example
>> ErrorLog /var/log/httpd/error.log
>> CustomLog /var/log/httpd/access.log common
>> SSLEngine On
>> Include /etc/letsencrypt/options-ssl-apache.conf
>> SSLCertificateFile /etc/letsencrypt/live/Example.example/fullchain.pem
>> SSLCertificateKeyFile /etc/letsencrypt/live/Example.example/privkey.pem
>> </VirtualHost>
>> </IfModule>
>>
>>
>> About about self-signed certificate, could above file contain two separate certification?
>>
>>
>>
>>
>> On Monday, April 19, 2021, 02:48:24 PM GMT+4:30, Michael Wechner <michael.wechner@wyona.com> wrote:
>>
>>
>>
>>
>>
>> Hi Jason
>>
>> Definitely "Apache Reverse Proxy (Public IP)", whereas you could use for
>> example
>>
>> https://letsencrypt.org/
>> https://certbot.eff.org/
>>
>> Depending on how your connection between "Apache Reverse Proxy (Public
>> IP) ---> Web Site (Internal IP)" is protected, you might also want to
>> consider a self-signed certificate for "Web Site (Internal IP)"
>>
>> HTH
>>
>> Michael
>>
>> Am 19.04.21 um 12:07 schrieb Jason Long:
>>> Hello,
>>> In below diagram, which server must use HTTPS certification?
>>>
>>> The Internet ---> Apache Reverse Proxy (Public IP) ---> Web Site (Internal IP)
>>>
>>>
>>> Thank you.
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

On Mon, Apr 19, 2021 at 10:20 AM Michael Wechner
<michael.wechner@wyona.com> wrote:
>
> Hi Jason
>
> The reverse proxy entries should look something like
>
>
(I'm not the OP - - - but - - - - )

Thank you - - - - I find most docs and almost all man pages are written
by experts for experts who just might need a reminder and everything
would be good - - - - your answer on the other hand answers the
question for someone who knows maybe not so much and gives
an example (something that is quite rare in docs and an almost never
in man pages).

Thanking you for your assistance!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Thank you Michael.
I changed my Virtual Host config file as below:

<VirtualHost *:80>
    ServerName 192.168.56.9
    ErrorLog ${APACHE_LOG_DIR}/error_log
    CustomLog ${APACHE_LOG_DIR}/access_log combined
    
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =192.168.56.9 [OR]
    RewriteCond %{SERVER_NAME} =192.168.56.9
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName 192.168.56.9
    ErrorLog ${APACHE_LOG_DIR}/error_log
    CustomLog ${APACHE_LOG_DIR}/access_log combined


    ProxyPreserveHost On
    ProxyPass / http://192.168.56.9/
    ProxyPassReverse / http://192.168.56.9/
    Redirect / https://192.168.56.9/
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/selfsigned.crt
    SSLCertificateKeyFile /etc/pki/tls/private/selfsigned.key
</VirtualHost>


When I browse my Reverse Proxy Server, then it couldn't forward me to my real server (192.168.56.9). Which part of my configuration is wrong?



On Monday, April 19, 2021, 09:36:59 PM GMT+4:30, o1bigtenor <o1bigtenor@gmail.com> wrote:





On Mon, Apr 19, 2021 at 10:20 AM Michael Wechner
<michael.wechner@wyona.com> wrote:
>
> Hi Jason
>
> The reverse proxy entries should look something like
>
>
(I'm not the OP - - - but - - - - )

Thank you - - - - I find most docs and almost all man pages are written
by experts for experts who just might need a reminder and everything
would be good - - - - your answer on the other hand answers the
question for someone who knows maybe not so much and gives
an example (something that is quite rare in docs and an almost never
in man pages).

Thanking you for your assistance!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

You'll never learn anything if you keep asking people to solve your
problems for you.
Read the docs I posted for you and look for working examples on-line.

On Mon, Apr 19, 2021 at 2:14 PM Jason Long <hack3rcon@yahoo.com.invalid>
wrote:

> Thank you Michael.
> I changed my Virtual Host config file as below:
>
> <VirtualHost *:80>
> ServerName 192.168.56.9
> ErrorLog ${APACHE_LOG_DIR}/error_log
> CustomLog ${APACHE_LOG_DIR}/access_log combined
>
> RewriteEngine on
> RewriteCond %{SERVER_NAME} =192.168.56.9 [OR]
> RewriteCond %{SERVER_NAME} =192.168.56.9
> RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
> [END,NE,R=permanent]
> </VirtualHost>
>
> <IfModule mod_ssl.c>
> <VirtualHost *:443>
> ServerName 192.168.56.9
> ErrorLog ${APACHE_LOG_DIR}/error_log
> CustomLog ${APACHE_LOG_DIR}/access_log combined
>
>
> ProxyPreserveHost On
> ProxyPass / http://192.168.56.9/
> ProxyPassReverse / http://192.168.56.9/
> Redirect / https://192.168.56.9/
> SSLEngine on
> SSLCertificateFile /etc/pki/tls/certs/selfsigned.crt
> SSLCertificateKeyFile /etc/pki/tls/private/selfsigned.key
> </VirtualHost>
>
>
> When I browse my Reverse Proxy Server, then it couldn't forward me to my
> real server (192.168.56.9). Which part of my configuration is wrong?
>
>
>
> On Monday, April 19, 2021, 09:36:59 PM GMT+4:30, o1bigtenor <
> o1bigtenor@gmail.com> wrote:
>
>
>
>
>
> On Mon, Apr 19, 2021 at 10:20 AM Michael Wechner
> <michael.wechner@wyona.com> wrote:
> >
> > Hi Jason
> >
> > The reverse proxy entries should look something like
> >
> >
> (I'm not the OP - - - but - - - - )
>
> Thank you - - - - I find most docs and almost all man pages are written
> by experts for experts who just might need a reminder and everything
> would be good - - - - your answer on the other hand answers the
> question for someone who knows maybe not so much and gives
> an example (something that is quite rare in docs and an almost never
> in man pages).
>
> Thanking you for your assistance!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Thanks.
When I browse my IP with the HTTPS protocol, then problem solved.






On Monday, April 19, 2021, 11:30:34 PM GMT+4:30, Nick Folino <nick@folino.us> wrote:





You'll never learn anything if you keep asking people to solve your problems for you.
Read the docs I posted for you and look for working examples on-line.

On Mon, Apr 19, 2021 at 2:14 PM Jason Long <hack3rcon@yahoo.com.invalid> wrote:
> Thank you Michael.
> I changed my Virtual Host config file as below:
>
> <VirtualHost *:80>
>     ServerName 192.168.56.9
>     ErrorLog ${APACHE_LOG_DIR}/error_log
>     CustomLog ${APACHE_LOG_DIR}/access_log combined
>     
>     RewriteEngine on
>     RewriteCond %{SERVER_NAME} =192.168.56.9 [OR]
>     RewriteCond %{SERVER_NAME} =192.168.56.9
>     RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
> </VirtualHost>
>
> <IfModule mod_ssl.c>
> <VirtualHost *:443>
>     ServerName 192.168.56.9
>     ErrorLog ${APACHE_LOG_DIR}/error_log
>     CustomLog ${APACHE_LOG_DIR}/access_log combined
>
>
>     ProxyPreserveHost On
>     ProxyPass / http://192.168.56.9/
>     ProxyPassReverse / http://192.168.56.9/
>     Redirect / https://192.168.56.9/
>     SSLEngine on
>     SSLCertificateFile /etc/pki/tls/certs/selfsigned.crt
>     SSLCertificateKeyFile /etc/pki/tls/private/selfsigned.key
> </VirtualHost>
>
>
> When I browse my Reverse Proxy Server, then it couldn't forward me to my real server (192.168.56.9). Which part of my configuration is wrong?
>
>
>
> On Monday, April 19, 2021, 09:36:59 PM GMT+4:30, o1bigtenor <o1bigtenor@gmail.com> wrote:
>
>
>
>
>
> On Mon, Apr 19, 2021 at 10:20 AM Michael Wechner
> <michael.wechner@wyona.com> wrote:
>>
>> Hi Jason
>>
>> The reverse proxy entries should look something like
>>
>>
> (I'm not the OP - - - but - - - - )
>
> Thank you - - - - I find most docs and almost all man pages are written
> by experts for experts who just might need a reminder and everything
> would be good - - - - your answer on the other hand answers the
> question for someone who knows maybe not so much and gives
> an example (something that is quite rare in docs and an almost never
> in man pages).
>
> Thanking you for your assistance!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

K



From: Nick Folino <nick@folino.us>
Sent: Monday, April 19, 2021 1:00 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Apache Reverse Proxy and HTTPS.



You'll never learn anything if you keep asking people to solve your problems for you.

Read the docs I posted for you and look for working examples on-line.



On Mon, Apr 19, 2021 at 2:14 PM Jason Long <hack3rcon@yahoo.com.invalid <mailto:hack3rcon@yahoo.com.invalid> > wrote:

Thank you Michael.
I changed my Virtual Host config file as below:

<VirtualHost *:80>
ServerName 192.168.56.9
ErrorLog ${APACHE_LOG_DIR}/error_log
CustomLog ${APACHE_LOG_DIR}/access_log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =192.168.56.9 [OR]
RewriteCond %{SERVER_NAME} =192.168.56.9
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} <https://%25%7bSERVER_NAME%7d%25%7bREQUEST_URI%7d> [END,NE,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName 192.168.56.9
ErrorLog ${APACHE_LOG_DIR}/error_log
CustomLog ${APACHE_LOG_DIR}/access_log combined


ProxyPreserveHost On
ProxyPass / http://192.168.56.9/
ProxyPassReverse / http://192.168.56.9/
Redirect / https://192.168.56.9/
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/selfsigned.crt
SSLCertificateKeyFile /etc/pki/tls/private/selfsigned.key
</VirtualHost>


When I browse my Reverse Proxy Server, then it couldn't forward me to my real server (192.168.56.9). Which part of my configuration is wrong?



On Monday, April 19, 2021, 09:36:59 PM GMT+4:30, o1bigtenor <o1bigtenor@gmail.com <mailto:o1bigtenor@gmail.com> > wrote:





On Mon, Apr 19, 2021 at 10:20 AM Michael Wechner
<michael.wechner@wyona.com <mailto:michael.wechner@wyona.com> > wrote:
>
> Hi Jason
>
> The reverse proxy entries should look something like
>
>
(I'm not the OP - - - but - - - - )

Thank you - - - - I find most docs and almost all man pages are written
by experts for experts who just might need a reminder and everything
would be good - - - - your answer on the other hand answers the
question for someone who knows maybe not so much and gives
an example (something that is quite rare in docs and an almost never
in man pages).

Thanking you for your assistance!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org <mailto:users-unsubscribe@httpd.apache.org>
For additional commands, e-mail: users-help@httpd.apache.org <mailto:users-help@httpd.apache.org>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org <mailto:users-unsubscribe@httpd.apache.org>
For additional commands, e-mail: users-help@httpd.apache.org <mailto:users-help@httpd.apache.org>

sure, happy to help! I also received a lot of help on mailing lists :-)

I also understand Nick's statement though, that in order to learn, you
have to dig in yourself.

But it can be a difficult balance sometimes, because sometimes one
cannot see the forest for the trees anymore.

I have been more than 20 years on public mailing lists and the
question/answer patterns are still the same.... well, let's see, maybe
we can break the patterns in the near future :-)

Cheers

Michael

Am 19.04.21 um 19:06 schrieb o1bigtenor:
> On Mon, Apr 19, 2021 at 10:20 AM Michael Wechner
> <michael.wechner@wyona.com> wrote:
>> Hi Jason
>>
>> The reverse proxy entries should look something like
>>
>>
> (I'm not the OP - - - but - - - - )
>
> Thank you - - - - I find most docs and almost all man pages are written
> by experts for experts who just might need a reminder and everything
> would be good - - - - your answer on the other hand answers the
> question for someone who knows maybe not so much and gives
> an example (something that is quite rare in docs and an almost never
> in man pages).
>
> Thanking you for your assistance!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

On Mon, Apr 19, 2021 at 3:05 PM Michael Wechner
<michael.wechner@wyona.com> wrote:
>
> sure, happy to help! I also received a lot of help on mailing lists :-)
>
> I also understand Nick's statement though, that in order to learn, you
> have to dig in yourself.
>
> But it can be a difficult balance sometimes, because sometimes one
> cannot see the forest for the trees anymore.
>
> I have been more than 20 years on public mailing lists and the
> question/answer patterns are still the same.... well, let's see, maybe
> we can break the patterns in the near future :-)
>

Hmmmmm

Answers like your's DO help change things.
The rtfm answers are most often given by those that have likely done
this thousands of times and they NEED very little to complete most
anything. Those of us starting out, on the other hand, need more than
the far too terse things masquerading as docs all too often.

I have been able to figure out ONE such system but it took lots of
hours and lots of repetition except now it seems like I'm an
expert - - - - except I'm not - - - - I just beat my head against the
wall long enough and experimented enough so that I now know
what I'm doing with ONE program.

Now with something that is connected to the web - - - - - would you
want to suffer through ten or maybe even twenty iterations before
you got it right - - - - with every iteration having you open to
malicious ingress? Not I - - - - and that's why I am appreciating
your assistance. - - - You've saved me a lot of work - - - - - it doesn't
seem much to you but to someone to whom the docs are far too terse
- - - well an example makes all the difference.

Thanks

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Thank you Michael.






On Tuesday, April 20, 2021, 12:35:08 AM GMT+4:30, Michael Wechner <michael.wechner@wyona.com> wrote:





sure, happy to help! I also received a lot of help on mailing lists :-)

I also understand Nick's statement though, that in order to learn, you
have to dig in yourself.

But it can be a difficult balance sometimes, because sometimes one
cannot see the forest for the trees anymore.

I have been more than 20 years on public mailing lists and the
question/answer patterns are still the same.... well, let's see, maybe
we can break the patterns in the near future :-)

Cheers

Michael

Am 19.04.21 um 19:06 schrieb o1bigtenor:
> On Mon, Apr 19, 2021 at 10:20 AM Michael Wechner
> <michael.wechner@wyona.com> wrote:
>> Hi Jason
>>
>> The reverse proxy entries should look something like
>>
>>
> (I'm not the OP - - - but - - - - )
>
> Thank you - - - - I find most docs and almost all man pages are written
> by experts for experts who just might need a reminder and everything
> would be good - - - - your answer on the other hand answers the
> question for someone who knows maybe not so much and gives
> an example (something that is quite rare in docs and an almost never
> in man pages).
>
> Thanking you for your assistance!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org

>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org