× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Hi Brad,

Small correction in the example

I want to configure like this
ProxyPass / https://xx.xx.xx.140:5080/
ProxyPassReverse / https://xx.xx.xx.140:5080/

Before forwarding the request to the SSL enabled end point, we need to
use/validate it with an SSL certificate right?

Let's assume I got the SSL certificate for the endpoint (
https://xx.xx.xx.140:5080/) and imported it into DCM. How can i tell the
reverse proxy before forwarding the request to the endpoint (
https://xx.xx.xx.140:5080/) it should use/validate the SSL certificate
which is available in the DCM?

Regards,
Suren

On Tue, Jan 11, 2022 at 9:23 AM Brad Stone <bvstone@xxxxxxxxx> wrote:

Certificate/SSL is in the proxy, not the server you're forwarding to.

On Tue, Jan 11, 2022 at 8:16 AM Suren K <suren7437@xxxxxxxxx> wrote:

Hi Brad/Pete,

I can enable the SSL for the server which is acting as a reverse proxy,

But I am trying to configure the resource in the configuration file which
is SSL enabled.

For example, I have taken Pete's example

I want to configure like this below

ProxyPass / https://xx.xx.xx.140:5080/ <http://xx.xx.xx.140:5080/>
ProxyPassReverse / https://xx.xx.xx.140:5080/ <http://xx.xx.xx.140:5080/


In this case reverse proxy will redirect all the requests to
https://xx.xx.xx.140:5080. Since this is an SSL enabled resource (
https://xx.xx.xx.140:5080), I wanted to know where we mention the
certificate details to use?

Regards,
Suren

On Mon, Jan 10, 2022 at 2:34 PM Pete Helgren <pete@xxxxxxxxxx> wrote:

I agree with Brad's setup. My config for Petes Workshop is like this
(my reverse proxy handles three SSL enabled sites, petesworkshop.com
is
just one of them):

<VirtualHost xx.xx.xx.140:443>
ServerName www.petesworkshop.com
ServerAlias petesworkshop.com *.petesworkshop.com
SSLEngine On
SSLAppName QIBM_HTTP_SERVER_PETES
DocumentRoot /www/petes/htdocs
SSLServerCert petesworkshop
SSLProtocolDisable SSLv3 TLSv1 TLSv1.1
ProxyTimeout 300
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
ProxyPass / http://xx.xx.xx.140:5080/
ProxyPassReverse / http://xx.xx.xx.140:5080/
</VirtualHost>


Pete Helgren
www.petesworkshop.com
GIAC Secure Software Programmer-Java
AWS Certified Cloud Practitioner
Microsoft Certified: Azure Fundamentals
Twitter - Sys_i_Geek IBM_i_Geek

On 1/10/2022 12:19 PM, Suren K wrote:
Hi All,

Currently I am using Reverse proxy in IBMi which in turn redirects
the
requests into two other servers(one IBMi IWS and another one Java Web
Service windows Server).

I created a new HTTP Server (reverse proxy server) in IBMi using HTTP
Admin
and added the below lines in the HTTP Server Configuration file
(httpd.conf)

LoadModule proxy_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_http_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_connect_module
/QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_ftp_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_balancer_module
/QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM

ProxyPass /test/customer http://IP:port/test/customer
ProxyPassReverse test/customer http://IP:port/test/customer

This is working fine, but when I try to configure the https url in
the
proxy it is not working.

Could you please help me out with any web page or document which has
those
steps on how to configure ssl enabled url in the reverse proxy?

Example I am trying the below which is not working

SSLProxyEngine On
ProxyPass /test/customer https://IP:port/test/customer
ProxyPassReverse test/customer https://IP:port/test/customer

Any inputs will be very much appreciated.

Regards,
Suren
--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.


--
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.