Here are some httpd configuration snippets which show how to use the Apache web server as an SSL front-end proxy.
See also:
Configure the Apache web server for SSL
Of course the first step is to enable SSL for the web server, see the httpd docs for this.
SSL virtual host config
Once the web server is setup for SSL we can define a virtual host using mod_proxy.
The httpd server will then receive the requests over an https connexion and proxy them to Cocoon using non-encrypted http connections.
First we redirect the non-SSL port 80 to the SSL site, to prevent non-SSL access:
<VirtualHost 1.2.3.4:80>
ServerName secret.stuff.com
Redirect / https://secret.stuff.com
</VirtualHost>
Then we define the SSL-enabled virtual host
<VirtualHost 1.2.3.4:443>
ServerName secret.stuff.com
# enable SSL
SSLEngine On
SSLCertificateFile /somewhere/my-certificate.crt
SSLCertificateKeyFile /somewhere/my-certificate.key
CustomLog /var/log/apache2/mylog combined
ProxyPass / http://localhost:8888/my-cocoon-app-root/
ProxyPassReverse / http://localhost:8888/my-cocoon-app-root/
</VirtualHost>
Security notes
A firewall must obviously be configured to make sure the port on which Cocoon is running is only accessible via the httpd virtual host, i.e. in our example access to port 8888 must not be allowed from the outside.