Apache HTTPS ProxyPass certificate location
- by oz1cz
I'm trying to set up an Apache server that uses ProxyPass to pass HTTPS requests on to another server.
Let's call the proxy server ALPHA and the target server BETA.
ALPHA does not run HTTPS, but BETA does.
I first tried using this virtual host specification on ALPHA:
<VirtualHost *:443>
ServerName mysite.com
ProxyPass / https://192.168.1.105/ # BETA's IP address
ProxyPassReverse / https://192.168.1.105/ # BETA's IP address
ProxyPreserveHost On
ProxyTimeout 600
SSLProxyEngine On
RequestHeader set Front-End-Https "On"
CacheDisable *
</VirtualHost>
But when I tried this, Apache complained saying, "[error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]".
I had to copy the SSL certificate from BETA to ALPHA and add these lines to the host specification on ALPHA:
SSLEngine on
SSLCertificateKeyFile /usr/local/ssl/private/BETA_private.key
SSLCertificateFile /usr/local/ssl/crt/BETA_public.crt
SSLCertificateChainFile /usr/local/ssl/crt/BETA_intermediate.crt
Now the system works. But I have a feeling that I have done something wrong or unnecessary. I have the web site's private key and certificate lying on both ALPHA and BETA. Is that necessary? Should I have done it differently?