leyrers online pamphlet :: y2012 : m04 : Apache Reverse Proxy, SNI SSL and mod

Apache Reverse Proxy, SNI SSL and mod_gnutls on Debian Squeeze

Getting Apache to behave as an Reverse Proxy (eg. for a IBM Lotus Domino Server running on port 81) is not that hard to achieve:

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
 
    ProxyRequests Off
 
    ProxyPass / http://127.0.0.1:81/
    ProxyPassReverse / http://127.0.0.1:81/
 
    <Proxy http://127.0.0.1:81>
        Order deny,allow
        Allow from all
    </Proxy>
 
</VirtualHost>

The same config holds true if you need/want a Reverse Proxy for SSL/TLS. BUT … if you are using Server Name Indication (SNI) in order to use multiple SSL certificates for different hostnames on one IP address, on Debian Squeeze you run into problems with libapache2-mod-gnutls, wich has a nasty bug in version 0.5.6 (which is of course included in Debian Squeeze).

In order to get SSL with SNI and a Reverse Proxy, you have to recompile the libapache2-mod-gnutls library to include a two line patch.

cd ~
mdkir src
cd src
apt-get source libapache2-mod-gnutls
patch < mod-gnutls-0.5.6_proxy.patch
cd mod-gnutls-0.5.6
dpkg-buildpackage -rfakeroot -b
sudo dpkg -i libapache2-mod-gnutls_0.5.6-1+squeeze1_i386.deb
/etc/init.d/apache2 restart

And now you can use mod_proxy with mod_gnutls. :D

Tagged as: apache, debian, gnutls, reverse proxy, sni, ssl, tls | Author: Martin Leyrer
[Samstag, 20120421, 16:41 | permanent link | 0 Kommentar(e)

Comments are closed for this story.