Here are some httpd configuration snippets which show how to use the Apache web server as an SSL front-end proxy.

See also:

Configure the Apache web server for SSL

Of course the first step is to enable SSL for the web server, see the httpd docs for this.

SSL virtual host config

Once the web server is setup for SSL we can define a virtual host using mod_proxy.

The httpd server will then receive the requests over an https connexion and proxy them to Cocoon using non-encrypted http connections.

First we redirect the non-SSL port 80 to the SSL site, to prevent non-SSL access:

<VirtualHost 1.2.3.4:80>
    ServerName  secret.stuff.com
    Redirect / https://secret.stuff.com
</VirtualHost>

Then we define the SSL-enabled virtual host

<VirtualHost 1.2.3.4:443>
    ServerName  secret.stuff.com

    # enable SSL
    SSLEngine On
    SSLCertificateFile /somewhere/my-certificate.crt
    SSLCertificateKeyFile /somewhere/my-certificate.key

    CustomLog /var/log/apache2/mylog combined

    ProxyPass / http://localhost:8888/my-cocoon-app-root/
    ProxyPassReverse / http://localhost:8888/my-cocoon-app-root/
</VirtualHost>

Security notes

A firewall must obviously be configured to make sure the port on which Cocoon is running is only accessible via the httpd virtual host, i.e. in our example access to port 8888 must not be allowed from the outside.

ApacheModProxySsl (last edited 2009-09-20 23:40:12 by localhost)