Last active
February 15, 2022 20:58
-
-
Save rafaelfoster/7249179 to your computer and use it in GitHub Desktop.
Apache Reverse Proxy + SSL Client Authentication
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The first two lines are also important | |
| # Some tests with *:443 never work for me. Needed to test more times | |
| NameVirtualHost server.example.com:443 | |
| <VirtualHost server.example.com:443> | |
| ServerName server.example.com | |
| # SSL Params | |
| # Activate the client certificate | |
| SSLEngine On | |
| SSLCertificateFile /etc/httpd/cert/ca.crt | |
| SSLCertificateKeyFile /etc/httpd/cert/ca.key | |
| # Proxy Params | |
| ProxyVia On | |
| ProxyRequests On | |
| ProxyPreserveHost Off | |
| SSLProxyVerifyDepth 2 | |
| ProxyPass /example http://example.com/ | |
| ProxyPassReverse /example http://example.com | |
| Redirect Permanent /example http://example.com | |
| <Location /example> | |
| # SSL Params | |
| # Enable de Client Authentication only in this location | |
| SSLVerifyDepth 3 | |
| SSLVerifyClient optional_no_ca | |
| SSLOptions +ExportCertData +StdEnvVars | |
| # Define HTTP Headers that will be forwarded to WebServer | |
| # CLIENT_SSL vars founded on: http://httpd.apache.org/docs/2.2/mod/mod_ssl.html | |
| RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s" | |
| RequestHeader set SSL_CLIENT_I_DN "%{SSL_CLIENT_I_DN}s" | |
| RequestHeader set SSL_SERVER_S_DN_OU "%{SSL_SERVER_S_DN_OU}s" | |
| RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s" | |
| requestHeader set SSL_CLIENT_S_DN_x509 "%{SSL_CLIENT_S_DN_x509}s" | |
| </Location> | |
| </VirtualHost> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment