Here are some httpd configuration snippets which show how to use the Apache web server as an SSL front-end proxy.
Configure the Apache web server for SSL
Of course the first step is to enable SSL for the web server, see the httpd docs for this.
SSL virtual host config
Once the web server is setup for SSL we can define a virtual host using mod_proxy.
The httpd server will then receive the requests over an https connexion and proxy them to Cocoon using non-encrypted http connections.
First we redirect the non-SSL port 80 to the SSL site, to prevent non-SSL access:
<VirtualHost 18.104.22.168:80> ServerName secret.stuff.com Redirect / https://secret.stuff.com </VirtualHost>
Then we define the SSL-enabled virtual host
<VirtualHost 22.214.171.124:443> ServerName secret.stuff.com # enable SSL SSLEngine On SSLCertificateFile /somewhere/my-certificate.crt SSLCertificateKeyFile /somewhere/my-certificate.key CustomLog /var/log/apache2/mylog combined ProxyPass / http://localhost:8888/my-cocoon-app-root/ ProxyPassReverse / http://localhost:8888/my-cocoon-app-root/ </VirtualHost>
A firewall must obviously be configured to make sure the port on which Cocoon is running is only accessible via the httpd virtual host, i.e. in our example access to port 8888 must not be allowed from the outside.