SSL Proxy with Apache HTTPD

Sometime you have a service running and you need to protect communication to it, over the internet or intranet.  The best way to do this is to use SSL/HTTPS, however may your service isn’t setup to easily add SSL to it, so it just supports HTTPS. Now the question is how do you secure it?  The simple answer is with Apache HTTPD, as an SSL Proxy. This works by leaving your service running on localhost:8080 only, and allowing Apache HTTPD to route 0.0.0.0:80 traffic to 0.0.0.0:443 traffic which proxies it to localhost:8080 These directions are for Windows I will try and get a set posted for Linux soon. On Windows with Apache HTTP it is best to use / for your directory separator than \.

  1. Download Apache HTTP, this assumes you have Apache 2.4
  2. Place the Apache24 directory from the zip on your file system at c:/
  3. Open a command prompt.
  4. Enter the follow command to change to the directory, “cd /Apache24/bin
  5. To test Apache HTTP run this command next, “httpd.exe“. Test http://localhost  you should see “It works!” Use Ctrl-C to stop the server.
  6. To place certificates from Certificate Authority follow these commands
    1. cd /Apache24
    2. mkdir ssl
    3. cd ssl/
    4. mkdir crt
    5. mkdir key
    6. Place the CRT file in the crt directory as hostname.domainname.crt
    7. Place the Key file in the key directory as hostname.domainname.key
  7. Open c:/Apache24/conf/httpd.conf
    1. Uncomment the following lines
      1. LoadModule proxy_module modules/mod_proxy.so
      2. LoadModule proxy_http_module modules/mod_proxy_http.so
      3. LoadModule rewrite_module modules/mod_rewrite.so
      4. LoadModule ssl_module modules/mod_ssl.so
      5. LoadModule mod_socache_shmcb
    2. Scroll to the bottom of this file
    3. Insert the following:
      SSLSessionCache        "shmcb:c:/Apache24/logs/ssl_scache(512000)"
      SSLSessionCacheTimeout  300
      
      <VirtualHost *:80>
      ServerName hostname.domainname
      ServerAlias www.hostname.domainname
      
      RewriteEngine on
      ReWriteCond %{SERVER_PORT} !^443$
      RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
      </VirtualHost>
      
      <VirtualHost *:443>
      ServerName hostname.domainname
      ServerAlias www.hostname.domainname
      
      SSLEngine On
      SSLCertificateFile    c:/apache24/ssl/crt/hostname.domainname.crt
      SSLCertificateKeyFile c:/apache24/ssl/key/hostname.domainname.key
      
      ProxyRequests     Off
      ProxyPass         /  http://localhost:8080/
      ProxyPassReverse  /  http://localhost:8080/
      ProxyPassReverse  /  http://hostname.domainname/
      
      <Proxy http://localhost:8080/*>
      Order allow,deny
      Allow from all
      </Proxy>
      
      ProxyPreserveHost on
      
      </VirtualHost>
  8. Now change hostname.domainname to your fully qualified domain name.
  9. cd /Apache24/bin
  10. Execute the command “httpd.exe”
  11. Verify you can access “http://hostname.domainname”  and “https://hostname.domainname”  (Browser dependent, if your using a self signed certificate you will have to accept the certificate or tell your browser to proceed.
  • Ghostprogrammer
  • I am known for being able to quickly decipher difficult problems to assist development teams in producing a solution. I have been called upon to be the Team Lead for multiple large-scale projects. I have a keen interest in learning new technologies, always ready for a new challenge.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: