Mod Security (Reverse proxy with SSL)



  • Hello All,
    I have Mod_Security working fine with HTTP(80)
    But i need use mod_security with HTTPS(443) with Godaddy SSL.
    I have the 3 files in /usr/local/apache22/etc/ (I have created this path):
    Certificate File: www.mydomain.com.crt
    Certificate Key File: www.mydomain.com.pem
    Certificate Chain File: gb_bundle.crt

    i setup new SiteProxy with these data:
    Site Name: MyDomain SSL
    Webmaster: email@domain.com
    IP Address: xxx.xxx.xxx.xxx
    Protocol: HTTPS
    Port: 443
    Certificate File: www.mydomain.com.crt
    Certificate Key File: www.mydomain.com.pem
    Certificate Chain File: gb_bundle.crt
    Preserver Proxy Hostname: Uncheck
    Primary Site Name: www.mydomain.com
    WebServer backend URL: 192.168.0.1

    But its not work. What i need do?
    *** If i add a Port Forward (NAT) to internal server on https port, its working fine. But i really need certificate.

    Thanks!



  • cosmo,

    did you tried Certificate File and Certificate Key File with full path instead of just .crt and .pem filename?



  • Hello,

    I got it working. It seems it's not possible to do reverse proxy on 443 and 80. I had to remove port 80 to get it working.

    On proxy server settings is set port to bind to 443.
    I removedĀ  the port 80 site proxy (with a config for port 80 and 443 it didn't work).

    You have to enter the file name only for certificate files (with full path it will search for /usr/local/apache22/etc/usr/local/apache22/etc/cert_file according to the log)
    So i think there is a typo in the path they given under the option. You have to put your certificate files in /usr/local/etc/apache22/ instead of /usr/local/apache22/etc/

    When you add full path name apache will not run and there is no proxy at all.

    You must not add a port forward in the NAT

    Greetings.


Locked