OT: Apache as reverse SSL proxy

Doug Poland doug at polands.org
Tue Oct 5 15:17:10 UTC 2010


On Tue, Oct 05, 2010 at 02:32:11AM -0500, Ryan Coleman wrote:
> 
> On Oct 5, 2010, at 2:05 AM, Adam Vande More wrote:
> 
> > On Tue, Oct 5, 2010 at 1:36 AM, Ryan Coleman <ryan.coleman at cwis.biz> wrote:
> >> 
> >> On Oct 5, 2010, at 12:33 AM, Matthew Seaman wrote:
> >> 
> >>> Nowadays there is also the possibility of RFC2817 -- in essence
> >>> you start an ordinary HTTP session, then issue a STARTTLS command
> >>> and upgrade the connection to encrypted.  This will allow
> >>> name-based virtual hosting with TLS to work as intended.
> >>> Unfortunately, last I checked, while apache supports this, most
> >>> web browsers do not.
> >> 
> >> Throwing just my two bits in: Apache supports it, as does Firefox,
> >> and nothing else (maybe Safari does...).
> >> 
> >> IE definitely does not. I looked into this before opting to go
> >> multiple static IPs at home for my webservers.
> >> 
> > 
> > IE 7+ does however support RFC 3546(SNI), which is the defacto
> > standard for accomplishing SSL name based vhosts.
> > http://en.wikipedia.org/wiki/Server_Name_Indication
> 
>
Thanks all for the confirmation and information on apache, vhosts,
HTTPS, and reverse proxying.  In my situation, the clients are custom
written applications on embedded systems.  I don't know much about their
ability to conform with the latest RFC's but my guess is they will not.





More information about the freebsd-questions mailing list