Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
sesipod:linux:debian:newwebprox [2019/06/11 12:07]
sesipod [EXTRAS]
sesipod:linux:debian:newwebprox [2020/01/07 15:50] (current)
sesipod [My Config Files]
Line 58: Line 58:
       SSLCertificateFile /​root/​.acme.sh/​sesipod.info/​fullchain.cer       SSLCertificateFile /​root/​.acme.sh/​sesipod.info/​fullchain.cer
       SSLCertificateKeyFile /​root/​.acme.sh/​sesipod.info/​sesipod.info.key       SSLCertificateKeyFile /​root/​.acme.sh/​sesipod.info/​sesipod.info.key
-      ​SSLOpenSSLConfCmd DHParameters "/​etc/​ssl/​private/​dhparams_4096.pem"​+  # SSLOpenSSLConfCmd DHParameters "/​etc/​ssl/​private/​dhparams_4096.pem"​
       SSLProxyEngine On       SSLProxyEngine On
       SSLCipherSuite DHE-RSA-AES256-GCM-SHA384:​ECDHE-RSA-AES256-GCM-SHA384       SSLCipherSuite DHE-RSA-AES256-GCM-SHA384:​ECDHE-RSA-AES256-GCM-SHA384
Line 67: Line 67:
       RequestHeader setifempty X-Forwarded-Proto https       RequestHeader setifempty X-Forwarded-Proto https
       RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e       RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
-      ​Header add X-Forwarded-For "​%{REMOTE_ADDR}e"​+  #Header add X-Forwarded-For "​%{REMOTE_ADDR}e"​
       <​IfModule mod_headers.c>​       <​IfModule mod_headers.c>​
           Header always set Strict-Transport-Security "​max-age=15552000;​ includeSubDomains;​ preload"​           Header always set Strict-Transport-Security "​max-age=15552000;​ includeSubDomains;​ preload"​
Line 74: Line 74:
   ##PROXY##   ##PROXY##
       ProxyAddHeaders On       ProxyAddHeaders On
-      ProxyPass / https://​10.8.0.151+      ProxyPass / https://​10.8.0.169
-      ProxyPassReverse / https://​10.8.0.151/+      ProxyPassReverse / https://​10.8.0.169/
       ProxyPreserveHost On       ProxyPreserveHost On
       ProxyErrorOverride Off       ProxyErrorOverride Off
Line 81: Line 81:
   #   #
   </​VirtualHost>​   </​VirtualHost>​
- 
  
   echo '​include /​etc/​apache2/​proxys/​sesipod.info'​ >> /​etc/​apache2/​apache2.conf   echo '​include /​etc/​apache2/​proxys/​sesipod.info'​ >> /​etc/​apache2/​apache2.conf
Line 99: Line 98:
       SSLCertificateFile /​root/​.acme.sh/​sesipod.info/​fullchain.cer       SSLCertificateFile /​root/​.acme.sh/​sesipod.info/​fullchain.cer
       SSLCertificateKeyFile /​root/​.acme.sh/​sesipod.info/​sesipod.info.key       SSLCertificateKeyFile /​root/​.acme.sh/​sesipod.info/​sesipod.info.key
-      ​SSLOpenSSLConfCmd DHParameters "/​etc/​ssl/​private/​dhparams_4096.pem"​+  # SSLOpenSSLConfCmd DHParameters "/​etc/​ssl/​private/​dhparams_4096.pem"​
       SSLProxyEngine On       SSLProxyEngine On
       SSLCipherSuite DHE-RSA-AES256-GCM-SHA384:​ECDHE-RSA-AES256-GCM-SHA384       SSLCipherSuite DHE-RSA-AES256-GCM-SHA384:​ECDHE-RSA-AES256-GCM-SHA384
Line 108: Line 107:
       RequestHeader setifempty X-Forwarded-Proto https       RequestHeader setifempty X-Forwarded-Proto https
       RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e       RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
-      ​Header add X-Forwarded-For "​%{REMOTE_ADDR}e"​+  #Header add X-Forwarded-For "​%{REMOTE_ADDR}e"​
       <​IfModule mod_headers.c>​       <​IfModule mod_headers.c>​
           Header always set Strict-Transport-Security "​max-age=15552000;​ includeSubDomains;​ preload"​           Header always set Strict-Transport-Security "​max-age=15552000;​ includeSubDomains;​ preload"​
Line 115: Line 114:
   ##PROXY##   ##PROXY##
       ProxyAddHeaders On       ProxyAddHeaders On
-      ProxyPass / https://​10.8.0.152+      ProxyPass / https://​10.8.0.169
-      ProxyPassReverse / https://​10.8.0.152/+      ProxyPassReverse / https://​10.8.0.169/
       ProxyPreserveHost On       ProxyPreserveHost On
       ProxyErrorOverride Off       ProxyErrorOverride Off
Line 271: Line 270:
   LoadModule remoteip_module modules/​mod_remoteip.so   LoadModule remoteip_module modules/​mod_remoteip.so
   RemoteIPHeader X-Forwarded-For   RemoteIPHeader X-Forwarded-For
 +
 +----
 +
 +==== 500 error on double ssl ====
 +
 +Proxy to a server that already has an endpoint SSL cert / self signed ?
 +
 +The **SSLProxyCheckPeerCN off** will skip the end point SSL cert.
 +
 +##PROXY##
 +    ProxyAddHeaders On
 +    ProxyPass / https://​10.8.0.151/​
 +    SSLProxyCheckPeerCN off
 +    ProxyPassReverse / https://​10.8.0.151/​
 +    ProxyPreserveHost On
 +    ProxyErrorOverride Off
 +##PROXY##
  
 ---- ----