I had a Nginx webserver that was behind a firewall, at the same time some external developers needed to access the website. I already had an Apache webserver exposed to Internet, so I thought I could just easily set up a reverse-proxy on the Apache server towards the Nginx.
My first vhost was like this:
<VirtualHost my-apache.server.no:443>
ServerName my-apache.server.no
SSLProxyEngine on
ProxyPass / https://nginx-server.no/
ProxyPassReverse / https://nginx-server.no/
Include conf.d/ssl.inc
</VirtualHost>But this just ended with the following error:
SSL Proxy requested for my-apache.server.no:443 but not enabledError during SSL Handshake with remote serverI looked into error log files both on the Apache and Nginx server, but couldn’t really find anything. After searching online and some help from ChatGPT, I found the solution. Adding some few lines to the vhost solved it:
<VirtualHost my-apache.server.no:443>
ServerName my-apache.server.no
SSLProxyEngine on
ProxyPreserveHost Off
SSLProxyVerify none
SSLProxyCheckPeerName off
ProxyRequests Off
ProxyPass / https://nginx-server.no/
ProxyPassReverse / https://nginx-server.no/
Include conf.d/ssl.inc
</VirtualHost>And it breaks down to this explanation:
- .
SSLProxyEngine on: Enables SSL proxy support for the virtual host. ProxyPreserveHost Off: Disables preserving the original host header in proxied requests. This is useful when the backend server expects requests to have its own host header.SSLProxyVerify none: Disables SSL certificate verification for the upstream server. Use with caution as it disables SSL security checks.SSLProxyCheckPeerName off: Disables checking the peer’s SSL certificate name against the hostname being requested. Use with caution as it can potentially expose you to security risks.ProxyRequests Off: Disables the ability to forward requests using the proxy.