Steven Harms

Although you should almost never have a decent rationale for doing this, at some point I needed to do it, and documentation was scarce. The basic idea is we have a website – https://www.securewebsite.com and our clients cannot use https (ssl), so we need to decrypt it to http for them.

In order to accomplish this, Apache 2.x is needed, along with mod_ssl and mod_proxy. Here is the magic:

<VirtualHost virtualhostipaddress:443>
        SSLProxyEngine on
        #SSLProxyCACertificateFile /etc/apache2/ssl/google.crt
        SSLEngine on
        RequestHeader set Front-End-Https "On"
        ServerName testing

        #SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /etc/apache2/ssl.crt
        SSLCertificateKeyFile /etc/apache2/ssl.key
        #LogLevel debug

        ErrorLog /var/log/apache2/ssl_proxy_error.log
        CustomLog /var/log/apache2/ssl_proxy_access.log combined

        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        ProxyVia On
        ProxyRequests Off
        ProxyPreserveHost Off
        ProxyPass / https://www.securewebsite.com:443/
        ProxyPassReverse / https://www.securewebsite.com:443/

        #SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown
</VirtualHost>

Obviously replace virtualhostipaddress with the ip you want to bind to and securewebsite.com with the actual website.

No related posts.