Sometime you have a service running and you need to protect communication to it, over the internet or intranet. The best way to do this is to use SSL/HTTPS, however may your service isn’t setup to easily add SSL to it, so it just supports HTTPS. Now the question is how do you secure it? The simple answer is with Apache HTTPD, as an SSL Proxy. This works by leaving your service running on localhost:8080 only, and allowing Apache HTTPD to route 0.0.0.0:80 traffic to 0.0.0.0:443 traffic which proxies it to localhost:8080 These directions are for Windows I will try and get a set posted for Linux soon. On Windows with Apache HTTP it is best to use / for your directory separator than \.
- Download Apache HTTP, this assumes you have Apache 2.4
- Place the Apache24 directory from the zip on your file system at c:/
- Open a command prompt.
- Enter the follow command to change to the directory, “cd /Apache24/bin“
- To test Apache HTTP run this command next, “httpd.exe“. Test http://localhost you should see “It works!” Use Ctrl-C to stop the server.
- To place certificates from Certificate Authority follow these commands
- cd /Apache24
- mkdir ssl
- cd ssl/
- mkdir crt
- mkdir key
- Place the CRT file in the crt directory as hostname.domainname.crt
- Place the Key file in the key directory as hostname.domainname.key
- Open c:/Apache24/conf/httpd.conf
- Uncomment the following lines
- LoadModule proxy_module modules/mod_proxy.so
- LoadModule proxy_http_module modules/mod_proxy_http.so
- LoadModule rewrite_module modules/mod_rewrite.so
- LoadModule ssl_module modules/mod_ssl.so
- LoadModule mod_socache_shmcb
- Scroll to the bottom of this file
- Insert the following:
SSLSessionCache "shmcb:c:/Apache24/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 <VirtualHost *:80> ServerName hostname.domainname ServerAlias www.hostname.domainname RewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] </VirtualHost> <VirtualHost *:443> ServerName hostname.domainname ServerAlias www.hostname.domainname SSLEngine On SSLCertificateFile c:/apache24/ssl/crt/hostname.domainname.crt SSLCertificateKeyFile c:/apache24/ssl/key/hostname.domainname.key ProxyRequests Off ProxyPass / http://localhost:8080/ ProxyPassReverse / http://localhost:8080/ ProxyPassReverse / http://hostname.domainname/ <Proxy http://localhost:8080/*> Order allow,deny Allow from all </Proxy> ProxyPreserveHost on </VirtualHost>
- Uncomment the following lines
- Now change hostname.domainname to your fully qualified domain name.
- cd /Apache24/bin
- Execute the command “httpd.exe”
- Verify you can access “http://hostname.domainname” and “https://hostname.domainname” (Browser dependent, if your using a self signed certificate you will have to accept the certificate or tell your browser to proceed.