Setting up Apache reverse proxy to communicate with SSL backend service

Backend
1

I have Apache running as a reverse proxy and everything works perfectly when I connect to HTTP backend services. My current virtual host setup on port 443 looks like this:

ProxyPass /api/webapp http://127.0.0.1:8080/webapp/
ProxyPassReverse /api/webapp http://127.0.0.1:8080/webapp/

Users can access the service via https://127.0.0.1/api/webapp without any issues.

However, when I try to modify the configuration to connect to an HTTPS backend service like this:

ProxyPass /api/webapp https://127.0.0.1:8443/webapp/
ProxyPassReverse /api/webapp https://127.0.0.1:8443/webapp/

Apache returns a 500 internal server error. The error message shows:

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, admin@domain.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Checking the Apache error logs reveals these messages:

[Tue Sep 15 14:22:18 2014] [error] [client 127.0.0.1] SSL Proxy requested for 127.0.0.1:443 but not enabled [Hint: SSLProxyEngine]
[Tue Sep 15 14:22:18 2014] [error] proxy: HTTPS: failed to enable ssl support for [127.0.0.1]:8443 (127.0.0.1)
[Tue Sep 15 14:22:23 2014] [error] [client 127.0.0.1] SSL Proxy requested for 127.0.0.1:443 but not enabled [Hint: SSLProxyEngine]
[Tue Sep 15 14:22:23 2014] [error] proxy: HTTPS: failed to enable ssl support for [127.0.0.1]:8443 (127.0.0.1)

What configuration changes do I need to make Apache work with HTTPS backend servers?

2

The error message indicates the issue. You need to add SSLProxyEngine On to your Apache configuration to allow the reverse proxy to establish SSL connections to your backend servers. Insert this line into your virtual host config or the main Apache file. Additionally, if your backend utilizes a self-signed certificate, include SSLProxyVerify none and SSLProxyCheckPeerCN off to bypass validation. Ensure that mod_ssl is enabled and restart Apache once these changes are applied, allowing it to function as an SSL client for HTTPS backends.

3

ohh, that’s a good point! it seems like you might need to enable the SSLProxyEngine in your config. have you checked if all required ssl modules are loaded? could also be issues with certs on the backend side. let us know what you find!

4

yeah, the ssl proxy engine thing is right on, but check if your backend cert’s valid too. had the same issue - adding sslproxyverify none fixed it when i was dealing with self-signed certs on backend services.