Although you should almost never have a decent rationale for doing this, at some point I needed to do it, and documentation was scarce. The basic idea is we have a website – https://www.securewebsite.com and our clients cannot use https (ssl), so we need to decrypt it to http for them.

In order to accomplish this, Apache 2.x is needed, along with mod_ssl and mod_proxy. Here is the magic:

<VirtualHost virtualhostipaddress:443>
        SSLProxyEngine on
        #SSLProxyCACertificateFile /etc/apache2/ssl/google.crt
        SSLEngine on
        RequestHeader set Front-End-Https "On"
        ServerName testing

        #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /etc/apache2/ssl.crt
        SSLCertificateKeyFile /etc/apache2/ssl.key
        #LogLevel debug

        ErrorLog /var/log/apache2/ssl_proxy_error.log
        CustomLog /var/log/apache2/ssl_proxy_access.log combined

        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        ProxyVia On
        ProxyRequests Off
        ProxyPreserveHost Off
        ProxyPass / https://www.securewebsite.com:443/
        ProxyPassReverse / https://www.securewebsite.com:443/

        #SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown
</VirtualHost>

Obviously replace virtualhostipaddress with the ip you want to bind to and securewebsite.com with the actual website.

I have another position open, it’s a contract position for 3 months atleast. Pays great, will need to come onsite to Cincinnati.

Skills we need:

• Administration – familiar with Apache / SSL / SSH / Kickstart or autoyast / rsync / hardening etc
• Virtualization – xen
• RPM creation
• Perl (Catalyst is a plus)
• PHP (Symfony is a plus)
• Python (Django is a plus)
• C
• Compiling kernels, making slight adjustments to drivers etc
• Thin client experience is a plus
• Software distribution (ZLM / Altiris)
• Bash scripting
• Javascript / Jquery
• HTML / CSS
• Rest
• XML / JSON / Yaml
• Git / Bazaar / Svn
• Having a github or launchpad account is a plus

If you think you fit the bill email me ASAP as it is an immediate opening, and I will put you in touch with my HR department. You can find my email through Launchpad or Google.

When using an Intel raid controller, you have two options: let the raid controller handle the raid, or run a linux software raid (md). If you want to run a linux software raid, and use autoyast, a prompt box will popup during the middle of the installation. This becomes a problem if you are imaging several thousand Linux systems.

Add this to your bootup options (in our case PXE config, but you can type it manually also from the installation CD prompt):

libstorage_imsm_driver=mdadm

That is all there is to it. To configure the rest of autoyast, you can check out Uwe Gansert’s website as he maintains it: http://www.suse.com/~ug/

Other hard to find resources when tracking these things down:

• Yast2 SVN Repository
• OpenSUSE Git Repository