Apache Proxy With Ssl

Page content

using encryption in backend

if you want to use encryption between proxy and backend there is a few things to watch out for.

  • Both hosts need valid SSL certificate
    either copy the letsencrypt cert to both servers from time to time.
    or use your own CA in the backend and only run letsencrypts certbot on the proxy.
    on the proxy you could server .well-known locally so certbots verification process works.

  • certificate doesnt contain hostname of backend server
    use:
    ProxyPreserveHost On
    This way the proxy uses the same hostame as in the original request
    Only works if the same hostname resolves to different addresses internaly and externaly.
    (not sure if that’s a good design)