ProxyReverso - Sites Seguros

ffischer
(usa Red Hat)

Enviado em 24/08/2012 - 16:24h

Pessoal boa tarde,
Estou montando um Proxy Reverso com Apache em um servidor Ubuntu.
Compilei o apache a partir do fonte com os seguintes comandos:

./configure --with-prefix=/usr/local/apache2 --with-bindir=/usr/local/bin --with-sbindir=/usr/local/sbin --enable-module=ssl --enable-module=proxy --enable-shared=proxy --enable-module-rewrite --enable-shared=rewrite
make
make install

Configurei o arquivo /usr/local/apache2/conf/extra/httpd-vhosts.conf da seguinte forma:

<VirtualHost forum.empresa.com.br:80>
ServerName forum.empresa.com.br

ProxyPass / http://IP do Servidor da aplicação/
ProxyPassReverse / http://IP do Servidor da aplicação/

</VirtualHost>

Show, fez o redirect certinho.

Agora o problema, a empresa comprou um certificado, eu baixei o certificado global e o intermediario além da chave conforme a orientação do vendedor, coloquei os arquivos em /usr/local/apache2/certs e cofnfigurei o arquivo /usr/local/apache2/conf/extra/httpd-ssl.conf da mesma forma q o /usr/local/apache2/conf/extra/httpd-vhosts.conf, comentei a chamada do /usr/local/apache2/conf/extra/httpd-vhosts.conf em httpd.conf e descomentei a linha /usr/local/apache2/conf/extra/httpd-ssl.conf, nela configurei o seguinte:

# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#

#LoadModule ssl_module /usr/local/apache2/modules/mod_ssl.so

# Until documentation is completed, please check http://www.modssl.org/
# for additional config examples and module docmentation. Directives
# and features of mod_ssl are largely unchanged from the mod_ssl project
# for Apache 1.3.

#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#
Listen 443

##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##

#
# Some MIME-types for downloading Certificates and CRLs
#
#AddType application/x-x509-ca-cert .crt
#AddType application/x-pkcs7-crl .crl

# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin
#SSLPassPhraseDialog qualidade_e_excelencia_acima_de_tudo

# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism

<VirtualHost *:443>

# General setup for the virtual host, inherited from global configuration
ServerName forum.empresa.com.br

ProxyRequests off
ProxyVia on
SSLProxyEngine on

proxypass / https://IP do Servidor da aplicação/
proxypassreverse / https://IP do Servidor da aplicação/


# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A test
# certificate can be generated with `make certificate' under
# built time. Keep in mind that if you've both a RSA and a DSA
# certificate you can configure both in parallel (to also allow
# the use of DSA ciphers, etc.)


SSLCertificateFile /usr/local/apache2/certs/sslcert.crt
SLCertificateKeyFile /usr/local/apache2/certs/private.key
SSLCertificateChainFile /usr/local/apache2/certs/intermediate.crt

</VirtualHost>


Quando eu starto o apache ele me pede o seguinte:
Apache/2.4.2 mod_ssl (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server forum.empresa.com.br:443 (RSA)
Enter pass phrase:

Eu entro com a pass phrase e ele me retorna
OK: Pass Phrase Dialog successful.

Apache no ar tudo certinho, mas quando eu vou na WEB e digito
http://forum.empresa.com.br ele me abre uma página em branco
https://forum.empresa.com.br não pode exibir a página web
http://forum.empresa.com.br:443 IT´s Works...

Alguem pode me dar uma luz ae???

Obrigado desde já

Fábio