Apache Reverse Proxy, SNI SSL and mod_gnutls on Debian Squeeze
<VirtualHost *:80> ServerName example.com ServerAlias www.example.com ProxyRequests Off ProxyPass / http://127.0.0.1:81/ ProxyPassReverse / http://127.0.0.1:81/ <Proxy http://127.0.0.1:81> Order deny,allow Allow from all </Proxy> </VirtualHost>
The same config holds true if you need/want a Reverse Proxy for SSL/TLS. BUT … if you are using Server Name Indication (SNI) in order to use multiple SSL certificates for different hostnames on one IP address, on Debian Squeeze you run into problems with libapache2-mod-gnutls, wich has a nasty bug in version 0.5.6 (which is of course included in Debian Squeeze).
In order to get SSL with SNI and a Reverse Proxy, you have to recompile the libapache2-mod-gnutls library to include a two line patch.
cd ~ mdkir src cd src apt-get source libapache2-mod-gnutls patch < mod-gnutls-0.5.6_proxy.patch cd mod-gnutls-0.5.6 dpkg-buildpackage -rfakeroot -b sudo dpkg -i libapache2-mod-gnutls_0.5.6-1+squeeze1_i386.deb /etc/init.d/apache2 restart
And now you can use mod_proxy with mod_gnutls. :D