I had a Nginx webserver that was behind a firewall, at the same time some external developers needed to access the website. I already had an Apache webserver exposed to Internet, so I thought I could just easily set up a reverse-proxy on the Apache server towards the Nginx.
My first vhost was like this:
<VirtualHost my-apache.server.no:443> ServerName my-apache.server.no SSLProxyEngine on ProxyPass / https://nginx-server.no/ ProxyPassReverse / https://nginx-server.no/ Include conf.d/ssl.inc </VirtualHost>
But this just ended with the following error:
SSL Proxy requested for my-apache.server.no:443 but not enabled
Error during SSL Handshake with remote server
I looked into error log files both on the Apache and Nginx server, but couldn’t really find anything. After searching online and some help from ChatGPT, I found the solution. Adding some few lines to the vhost solved it:
<VirtualHost my-apache.server.no:443> ServerName my-apache.server.no SSLProxyEngine on ProxyPreserveHost Off SSLProxyVerify none SSLProxyCheckPeerName off ProxyRequests Off ProxyPass / https://nginx-server.no/ ProxyPassReverse / https://nginx-server.no/ Include conf.d/ssl.inc </VirtualHost>
And it breaks down to this explanation:
SSLProxyEngine on: Enables SSL proxy support for the virtual host.
ProxyPreserveHost Off: Disables preserving the original host header in proxied requests. This is useful when the backend server expects requests to have its own host header.
SSLProxyVerify none: Disables SSL certificate verification for the upstream server. Use with caution as it disables SSL security checks.
SSLProxyCheckPeerName off: Disables checking the peer’s SSL certificate name against the hostname being requested. Use with caution as it can potentially expose you to security risks.
ProxyRequests Off: Disables the ability to forward requests using the proxy.