I want to launch a reverse proxy server and I have a question about HTTPS certificate. My plan is like below:
The Internet --> Reverse Proxy Server (Public IP) --> Web Server (Private IP)
The HTTPS certificate for my Reverse Proxy Server is Let’s Encrypt and I want to have a Self-signed certificate for my Web Server with private IP address. My question is that the Self-signed certificate settings must be addressed in the Virtual Host file on the Reverse Proxy Server or in the Virtual Host file on the Web Server?
On the web server. The responsibility for the SSL certificate is always the responsibility of the server, never of the client.
Now since you’re using a self-signed certificate you could optionally duplicate the certificate on the client (here: the reverse proxy) too, so that it can verify that the certificate used by the server is the correct one (and as result know that we’re talking to the right server), but in general this isn’t being done it’s quite a bit of hassle to set up and keep up to date.
Thus, In the Virtual Host file on the Reverse Proxy Server, I just need Let’s Encrypt options?
If by “options” you mean “SSL Certificate configuration options” then yes, that’s correct.
How about below configuration on the Reverse Proxy Server:
ProxyPass / http://192.168.56.9/
ProxyPassReverse / http://192.168.56.9/
CustomLog /var/log/httpd/access.log common
Is it OK?
ProxyPassReverse should be on the
VirtualHost listening on port 443 and the
VirtualHost on port 80 should redirect to HTTPS.
Also, once you know that HTTPS works you should remove the
<IfModule mod_ssl.c> and
/IfModule> lines. No need asking the server over and over if it can do something you’ve seen it can do.
Can you edit my configuration here and add your changes?
Nope. You should be able to figure it out from what you had combined with what I said.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.