|
Hi Brad,
Small correction in the example
I want to configure like this
ProxyPass / https://xx.xx.xx.140:5080/
ProxyPassReverse / https://xx.xx.xx.140:5080/
Before forwarding the request to the SSL enabled end point, we need to
use/validate it with an SSL certificate right?
Let's assume I got the SSL certificate for the endpoint (
https://xx.xx.xx.140:5080/) and imported it into DCM. How can i tell the
reverse proxy before forwarding the request to the endpoint (
https://xx.xx.xx.140:5080/) it should use/validate the SSL certificate
which is available in the DCM?
Regards,
Suren
On Tue, Jan 11, 2022 at 9:23 AM Brad Stone <bvstone@xxxxxxxxx> wrote:
Certificate/SSL is in the proxy, not the server you're forwarding to.which
On Tue, Jan 11, 2022 at 8:16 AM Suren K <suren7437@xxxxxxxxx> wrote:
Hi Brad/Pete,
I can enable the SSL for the server which is acting as a reverse proxy,
But I am trying to configure the resource in the configuration file
http://xx.xx.xx.140:5080/is SSL enabled.
For example, I have taken Pete's example
I want to configure like this below
ProxyPass / https://xx.xx.xx.140:5080/ <http://xx.xx.xx.140:5080/>
ProxyPassReverse / https://xx.xx.xx.140:5080/ <
Webis
In this case reverse proxy will redirect all the requests to
https://xx.xx.xx.140:5080. Since this is an SSL enabled resource (
https://xx.xx.xx.140:5080), I wanted to know where we mention the
certificate details to use?
Regards,
Suren
On Mon, Jan 10, 2022 at 2:34 PM Pete Helgren <pete@xxxxxxxxxx> wrote:
I agree with Brad's setup. My config for Petes Workshop is like this
(my reverse proxy handles three SSL enabled sites, petesworkshop.com
thejust one of them):
<VirtualHost xx.xx.xx.140:443>
ServerName www.petesworkshop.com
ServerAlias petesworkshop.com *.petesworkshop.com
SSLEngine On
SSLAppName QIBM_HTTP_SERVER_PETES
DocumentRoot /www/petes/htdocs
SSLServerCert petesworkshop
SSLProtocolDisable SSLv3 TLSv1 TLSv1.1
ProxyTimeout 300
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
ProxyPass / http://xx.xx.xx.140:5080/
ProxyPassReverse / http://xx.xx.xx.140:5080/
</VirtualHost>
Pete Helgren
www.petesworkshop.com
GIAC Secure Software Programmer-Java
AWS Certified Cloud Practitioner
Microsoft Certified: Azure Fundamentals
Twitter - Sys_i_Geek IBM_i_Geek
On 1/10/2022 12:19 PM, Suren K wrote:
Hi All,
Currently I am using Reverse proxy in IBMi which in turn redirects
requests into two other servers(one IBMi IWS and another one Java
HTTPService windows Server).
I created a new HTTP Server (reverse proxy server) in IBMi using
has/QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGMAdmin
and added the below lines in the HTTP Server Configuration file(httpd.conf)
LoadModule proxy_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_http_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_connect_module
/QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGMLoadModule proxy_ftp_module /QSYS.LIB/QHTTPSVR.LIB/QZSRCORE.SRVPGM
LoadModule proxy_balancer_module
the
ProxyPass /test/customer http://IP:port/test/customer
ProxyPassReverse test/customer http://IP:port/test/customer
This is working fine, but when I try to configure the https url in
proxy it is not working.
Could you please help me out with any web page or document which
mailingmailingthose
steps on how to configure ssl enabled url in the reverse proxy?--
Example I am trying the below which is not working
SSLProxyEngine On
ProxyPass /test/customer https://IP:port/test/customer
ProxyPassReverse test/customer https://IP:port/test/customer
Any inputs will be very much appreciated.
Regards,
Suren
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
list--
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400)
--list--
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.
This is the Web Enabling the IBM i (AS/400 and iSeries) (WEB400) mailing
list
To post a message email: WEB400@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/web400.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
