× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Brad,

For SSL I have this in the reverse proxy  I use for all my public websites (only showing vhost entries for www.petesworkshop.com)

# Enable SSL

 LoadModule ibm_ssl_module /QSYS.LIB/QHTTPSVR.LIB/QZSRVSSL.SRVPGM

#Listen on both ports
Listen 10.0.10.210:80
Listen 10.0.10.210:443 https

#vhost for petesworkshop on port 80
<VirtualHost *:80>
 ServerName www.petesworkshop.com
 ServerAlias petesworkshop.com
 ProxyPass / http://10.0.10.206:5080/
 ProxyPassReverse / http://10.0.10.206:5080/
</VirtualHost>

#vhost for petesworkshop on port 443
 <VirtualHost *:443>
  ServerName www.petesworkshop.com
  ServerAlias petesworkshop.com

  SSLEngine On
  SSLAppName QIBM_HTTP_SERVER_PETES
  SSLProtocolDisable SSLv2 SSLv3
  ProxyPass / http://10.0.10.206:5080/
  ProxyPassReverse / http://10.0.10.206:5080/
</VirtualHost>

In the config file for petesworkshop: <snippets>

SetEnv HTTPS_PORT 443

<VirtualHost 10.0.10.206:5080>

    DocumentRoot "/ifs_path_to/petesworkshop/"
    ServerName www.petesworkshop.com
    ServerAlias petesworkshop.com
    DirectoryIndex index.html index.php index.htm parent.htm
    ErrorLog logs/petesworkshop.log

</VirtualHost>

LetsEncrypt provides the certificate.  I used DCM to import and assign the cert to the "PETES" server.  That is about it....

Pete Helgren
www.petesworkshop.com
GIAC Secure Software Programmer-Java
Twitter - Sys_i_Geek IBM_i_Geek

On 6/20/2018 2:50 PM, Bradley Stone wrote:
Here's how I do it to route specific host names to an internal IP:

https://www.fieldexit.com/forum/display?threadid=14

For SSL it doesn't work, though. I haven't figured that one out yet.. once
I get time I hope to though.

On Wed, Jun 20, 2018 at 10:35 AM Nathan Andelin <nandelin@xxxxxxxxx> wrote:

Would anyone be willing to post an HTTP server configuration for a reverse
proxy running on IBM i 7.3?

The one I migrated from 7.1 doesn't work at 7.3. I whittled it down to the
following (attempting to simplify):

LoadModule proxy_connect_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_ftp_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_http_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
Listen *:80 http
ProxyPassReverse / http://65.103.249.57:9000/
ProxyPass / http://65.103.249.57:9000/

When I do logging in both the reverse proxy instance, which is listening on
port 80, and the normal instance which is listening on port 9000, the
requested URL's often don't match. Some of the URL's requested are munged
into unexpected paths, which don't exist, as logged by the instance that is
running on port 9000.

I figure I'm missing some "fix_it" directive.
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.