<IfModule @ssl_module@> <IfModule mod_proxy.c> #here we can test http <-> https <VirtualHost proxy_http_https> #these are not on by default in the 1.x based mod_ssl <IfDefine APACHE2> SSLProxyEngine On SSLProxyProtocol All SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem #SSLProxyMachineCertificatePath @SSLCA@/asf/proxy SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt SSLProxyCACertificatePath @ServerRoot@/conf/ssl SSLProxyCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl <IfVersion >= 2.3.15> SSLProxyCARevocationCheck chain </IfVersion> SSLProxyVerify on SSLProxyVerifyDepth 10 </IfDefine> ProxyPass / https://@proxyssl_url@/ ProxyPassReverse / https://@proxyssl_url@/ </VirtualHost> #here we can test https <-> https <VirtualHost proxy_https_https> SSLEngine on #these are not on by default in the 1.x based mod_ssl <IfDefine APACHE2> SSLProxyEngine On # ensure that client_ok.pem is picked first: SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem SSLProxyMachineCertificatePath @SSLCA@/asf/proxy SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt SSLProxyVerify on SSLProxyCARevocationPath @SSLCA@/asf/crl <IfVersion >= 2.3.15> SSLProxyCARevocationCheck chain </IfVersion> </IfDefine> ProxyPass / https://@proxyssl_url@/ ProxyPassReverse / https://@proxyssl_url@/ ProxyPass /proxy/wsoc wss://localhost:@proxy_https_https_port@/modules/lua/websockets.lua </VirtualHost> #here we can test http <-> https using SSLProxyMachine* inside <Proxy> <VirtualHost proxy_http_https_proxy_section> #these are not on by default in the 1.x based mod_ssl <IfDefine APACHE2> SSLProxyEngine On SSLProxyProtocol All SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt SSLProxyCACertificatePath @ServerRoot@/conf/ssl SSLProxyCARevocationFile @SSLCA@/asf/crl/ca-bundle.crl <IfVersion >= 2.3.15> SSLProxyCARevocationCheck chain </IfVersion> SSLProxyVerify on SSLProxyVerifyDepth 10 </IfDefine> ProxyPass / https://@proxyssl_url@/ ProxyPassReverse / https://@proxyssl_url@/ <IfDefine APACHE2> <Proxy https://@proxyssl_url@> SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem #SSLProxyMachineCertificatePath @SSLCA@/asf/proxy </Proxy> </IfDefine> </VirtualHost> #here we can test https <-> https using SSLProxyMachine* inside <Proxy> <VirtualHost proxy_https_https_proxy_section> SSLEngine on #these are not on by default in the 1.x based mod_ssl <IfDefine APACHE2> SSLProxyEngine On SSLProxyCACertificateFile @SSLCA@/asf/certs/ca.crt SSLProxyVerify on SSLProxyCARevocationPath @SSLCA@/asf/crl <IfVersion >= 2.3.15> SSLProxyCARevocationCheck chain </IfVersion> </IfDefine> ProxyPass / https://@proxyssl_url@/ ProxyPassReverse / https://@proxyssl_url@/ <IfDefine APACHE2> <Proxy https://@proxyssl_url@> # ensure that client_ok.pem is picked first: SSLProxyMachineCertificateFile @SSLCA@/asf/proxy/client_ok.pem SSLProxyMachineCertificatePath @SSLCA@/asf/proxy </Proxy> </IfDefine> </VirtualHost> #here we can test https <-> http <VirtualHost proxy_https_http> SSLEngine on ProxyPass / http://@servername@:@port@/ ProxyPassReverse / http://@servername@:@port@/ </VirtualHost> </IfModule> </IfModule>