How to create HTTPS proxy in apache

Some times you might need https to securely send data to an API(Or access website), but the API might not officially support https or it could be some other reasons will  stick to HTTP which is insecure. I also encountered similar situation, I used TSDB to store time series date, but the TSDB supports only http , but not https. So, I decided to put a HTTPS proxy in front of original API. Since I don’t have much knowledge on apache, after a long Internet search, I finally found the solution and I just want to share

The Scenario

Scenario

The API https:// <Public IP>/api/input is exposed Internet and the unsecured API http:// 192.168.1.10/api/put is on our premises. Here, the original API don’t know anything about the HTTPS proxy. In code we can mention HTTPS proxy URL https:// <Public IP>/api/put to send data to original API. OK, let’s start by installing apache2

sudo apt-get install apache2 -y

1. Install required modules

sudo apt-get install -y libapache2-mod-proxy-html libxml2-dev apache2-prefork-dev libxml2-dev

2. Enable the modules

sudo a2enmod proxy proxy_ajp proxy_http rewrite deflate headers proxy_balancer proxy_connect proxy_htm ssl

3.Generate keys and certificates

Whenever you hear HTTPS, there should be keys and verified digital certificate. So, generate keys and certificates. (I followed this article to generate certificates, please check for more information)

Generate a Private Key
openssl genrsa -des3 -out server.key 1024
Generate a CSR (Certificate Signing Request)
openssl req -new -key server.key -out server.csr
Remove Passphrase from Key
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
Generating a Self-Signed Certificate (Recommended to use in development environment)
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

4. The config

In the below config, specify SSLCerticatFile and SSLCertificateKeyFile paths and then add the config to /etc/apache2/sites-enabled/000-default.conf

<VirtualHost *:80>
ServerName publicname.example.com
Redirect / https://publicname.example.com/
</VirtualHost>

<VirtualHost *:443>
ServerName publicname.example.com
SSLEngine on
SSLCertificateFile /path/to/cert.pem
SSLCertificateKeyFile /path/to/key.pem
ErrorLog /path/to/logs/publicaname.example.com-ssl-error.log
CustomLog /path/to/logs/publicaname.example.com-ssl.log combined

ProxyPass /api/input http://127.0.0.1:8080/api/input
ProxyPassReverse /api/input http://127.0.0.1:8080/api/input
</VirtualHost>

The above config enables both HTTP and HTTPS

5.Install one more module

After the above steps I did restart, but apache is throwing error like mod_xml2enc not available. After spend some time I found mod_xml2enc not available BUG, we need to compile and install the module

sudo apt-get install apache2-prefork-dev libxml2 libxml2-dev
mkdir ~/modbuild/ && cd ~/modbuild/
wget http://apache.webthing.com/svn/apache/filters/mod_xml2enc.c
wget http://apache.webthing.com/svn/apache/filters/mod_xml2enc.h
sudo apxs2 -aic -I/usr/include/libxml2 ./mod_xml2enc.c
cd ~
rm -rfd ~/modbuild/

6. Restart the apache

sudo service apache2 restart
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s