Reverse Proxy over https with self signed certificate

[kjaneb Profile]

I'm running into a bit of a problem trying to proxy from one site (local) to another (remote) over https. The site works correctly if over http, but if I force it over https I receive a 500 error. I found an example of someone else encountering the same problem and I installed both the proxy and remote server certificates into the trusted root however this doesn't resolve the problem. Is there any other way to ignore security errors or debug this problem?

[HeliconAndrew]

Well, if it's certificate problems, than there's not much we can do from rules side. Certificate verification is performed once the connection is established, before any rules are applied. But from your post I understand it's 500, not SSL error message. Would you, please, specify the issue in more detail?

Regards
Andrew

[kjaneb Profile]

Hi Andrew,

I actually managed to get it working by naming my site (this is a proof of concept) to the server name so the certificate name matches and it now works correctly. The part I am stuck on now is rule grouping - I am essentially trying to preserve the protocol of requests. I currently have:

RewriteEngine on

RewriteCond %{HTTP_HOST} ^site\.dev$ [NC]
RewriteCond %{HTTPS} off
RewriteProxy (.*) http://site.local$1 [I,U,C,CR]

RewriteCond %{HTTP_HOST} ^site\.dev$ [NC]
RewriteCond %{HTTPS} on
RewriteProxy (.*) https://site.local$1 [I,U,C,CR,L]

But my logs indicate that after if https is off the comparisons end. How can I get it to perform a different action when https is on?

[HeliconAndrew]

Please, provide examples for better understanding.

Regards
Andrew

[kjaneb Profile]

Sorry for the late reply - the rewrite rules in the post are the what I'm currently using. The aim is:

http://site.dev -> http://site.local
https://site.dev -> https://site.local

Essentially I'm trying to proxy whilst preserving the host. I get the following in my log file:

Wed, 07-Aug-2013 17:22:14 GMT [site.dev/sid#1][rid#49403304/initial] (2) init rewrite engine with requested uri /Volunteer
Wed, 07-Aug-2013 17:22:14 GMT [site.dev/sid#1][rid#49403304/initial] (1) Htaccess process request C:\Program Files\Helicon\ISAPI_Rewrite3\httpd.conf
Wed, 07-Aug-2013 17:22:14 GMT [site.dev/sid#1][rid#49403304/initial] (3) applying pattern '(.*)' to uri '/Volunteer'
Wed, 07-Aug-2013 17:22:14 GMT [site.dev/sid#1][rid#49403304/initial] (4) RewriteCond: input='site.dev' pattern='^site\.dev$' => matched
Wed, 07-Aug-2013 17:22:14 GMT [site.dev/sid#1][rid#49403304/initial] (4) RewriteCond: input='on' pattern='off' => not-matched

[HeliconAndrew]

Well, the part of the log you provided onlyy shows that requests to HTTP hit the first rule. The second rule should have mae the redirect.

Code: Select all

(4) RewriteCond: input='on' pattern='off' => not-matched

Regards
Andrew