Forum

HI,

I've setup correctly SSL on the ending instance that is going to serve one wordpress site.
I've done the same to a hiwatha that should be used only for reverse proxying.
So, SSL configuration per se is not a problem.

What I'd like is to have the reverse proxy decode SSL and then send the plain connections to the receiving ends, as I'd like to have several applications for http. But spent many hours on this and the best I get is a sign that the connection is not secure.

The configuration of the reverse proxy:

set LOCALHOST = 127.0.0.0/8                                                                                                                                                                                                                                                     
set MyIPv4 = 127.0.0.1
ServerId = www
ConnectionsTotal = 1000
ConnectionsPerIP = 25
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log
Binding {
        Port = 80
}
Binding {
        Port = 443
        TLScertFile = tls/hino.pt-1.pem
        #Interface = 127.0.0.1
        MaxRequestSize = 2048
        TimeForRequest = 30
}
Hostname = 127.0.0.1
WebsiteRoot = /usr/local/www/hiawatha
StartFile = index.html
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
VirtualHost {
        Hostname = hino.pt, *.hino.pt
        TLScertFile = tls/hino.pt-1.pem
        WebsiteRoot = /usr/local/www/hiawatha/hino.pt/public
        AccessLogfile = /usr/local/www/hiawatha/hino.pt/log/access.log
        ErrorLogfile = /usr/local/www/hiawatha/hino.pt/log/error.log
        TimeForCGI = 5
        StartFile = index.html
        ReverseProxy .* http://127.0.0.80:8080/
        RequireTLS = no
}

The config of the ending webserver:

set LOCALHOST = 127.0.0.0/8
set MyIPv4 = 127.0.0.80
ServerId = www
ConnectionsTotal = 4000
ConnectionsPerIP = 32
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log
ThreadKillRate = 10
CacheSize = 8
CacheMaxFilesize = 512
MaxUrlLength = 1000
SocketSendTimeout = 30
LogfileMask = deny LOCALHOST, deny MyIPv4
RequestLimitMask = deny LOCALHOST, deny MyIPv4
Binding {
        Port = 8080
        MaxKeepAlive = 100
        TimeForRequest = 5,15
        MaxRequestSize = 16000
        MaxUploadSize = 2
}
Binding {
        Port = 443
        TLScertFile = tls/hino.pt-1.pem
        #Interface = 127.0.0.80
        MaxRequestSize = 2048
        TimeForRequest = 30
}
FastCGIserver {
        FastCGIid = PHP7_hino
        ConnectTo = /var/run/php-fpm/sockets/php-fpm_hino.sock
        Extension = php
}
Hostname = 127.0.0.80
WebsiteRoot = /usr/local/www/hiawatha
StartFile = index.html
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
VirtualHost {
        Hostname = hino.pt, *.hino.pt
        TLScertFile = tls/hino.pt-1.pem
        WebsiteRoot = /usr/local/www/hiawatha/hino.pt/public
        AccessLogfile = /usr/local/www/hiawatha/hino.pt/log/access.log
        ErrorLogfile = /usr/local/www/hiawatha/hino.pt/log/error.log
        StartFile = index.php
        TimeForCGI = 30
        UseFastCGI = PHP7_hino
}

Tried to point (ReverseProxy .* http://127.0.0.80:8080/) to 8080, to 443, to 8443 (not shown)...
I'd appreciate the have the solution for this!

Ok, already solved this.

ReverseProxy .* https://127.0.0.80:8443/

Added the 's', so as to be 'https' and changed also to the ssl binding in the receiving webserver.
Don't know if the receiving webserver is using any certificate or not, would like to be clarified in order to try to understand this.

The receiving webserver must be using SSL if the https reverse proxy works. It will of course be using a certificate. By default, Hiawatha doesn't the the validity of that certificate. Use the CAcertificates setting for that.