I have a firewall (connected to the internet) with mod_proxy installed on apache. Behind the firewall I have several web-servers running. The issue here is SSL. I like to have everything on SSL, also on the internal network for many reasons. One of the reasons is that webserver may kind of stall on use because browser client sees the server as none-SSL. So I just wanna make sure that everything is under SSL.
I am running Ubuntu 22.04, apache 2.4
Firewall apache conf looks like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName my.domain.com
ProxyPreserveHost On
ProxyPass / http://192.168.1.85/
ProxyPassReverse / http://192.168.1.85/
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/my.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/my.domain.com/privkey.pem
</VirtualHost>
The web-server "behind", looks like this:
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/html
ServerName my.domain.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
I use Bind as internal DNS software (working fine) :)
I am unsure how to do the SSL between firewall and web-server behind firewall. Hope I can get some help on this :)
I am using letsencrypt, but could also use anything else (longer term SSL), since this is an internal and secure network.
IF possible........I would very much like to (not have) an apache running on the firewall. I don't know if that is possible. The issue though is that I will have several web-servers so I cant just forward the ports.......but a thought on that would be very welcome! :)
Looking forward to hear from you all.
