0

I've got a two sites running over https in local network and uses letsencrypt certificates - lets call them git.foo.com and api.foo.com.

I want to see these sites from internet. I've got an OpenWRT router which is running on white ip address (and dns records for git.foo.com and api.foo.com aims to it's IP).

I've just redirect (using iptables) traffic from 80 and 443 dport to an another local machine which must be a proxy. The question is how to pass ssl traffic to specific site (which is already uses ssl) server by site hostname?

Improve this question
2
  • You may wish to have a look here - - serverfault.com/q/718799/210623
    – Anaksunaman
    Commented Sep 11, 2017 at 14:18
  • brilliance. Half way done. way to git.foo.com works. But when i'm connecting to api.foo.com (which is running on the same machine as git.foo.com) git.foo.com opens.
    – qmor
    Commented Sep 11, 2017 at 16:36

1 Answer 1

Reset to default
1

Did it using apache. 

<VirtualHost *:443>
    ServerName git.foo.com
    ErrorLog /var/log/apache2/git.error.log
    TransferLog /var/log/apache2/git.com.access.log
    SSLEngine On
    SSLProxyEngine On
    ProxyRequests Off
    ProxyPreserveHost On
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerExpire off
    SSLInsecureRenegotiation on
    SSLProxyVerify none
    SSLProxyCheckPeerName Off
    SSLVerifyClient none
    SSLCertificateFile /etc/certs/git.foo.com/fullchain2.pem
    SSLCertificateKeyFile /etc/certs/git.foo.com/privkey2.pem

    ProxyPass / https://192.168.3.230/
    ProxyPassReverse / https://192.168.3.230/

    <Location "/">
            Require all granted
    </Location>
</VirtualHost>

<VirtualHost *:443>
    ServerName api.foo.com
    ErrorLog /var/log/apache2/api.error.log
    TransferLog /var/log/apache2/api.access.log
    SSLEngine On
    SSLProxyEngine On
    ProxyPreserveHost on
    ProxyRequests Off
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerExpire off
    SSLInsecureRenegotiation on
    SSLProxyVerify none
    SSLProxyCheckPeerName Off
    SSLVerifyClient none
    SSLCertificateFile /etc/certs/api.foo.com/fullchain5.pem
    SSLCertificateKeyFile /etc/certs/api.foo.com/privkey5.pem

    ProxyPass / https://192.168.3.230/
    ProxyPassReverse / https://192.168.3.230/

    <Location "/">
            Require all granted
    </Location>
</VirtualHost>


<VirtualHost *:80>
    ServerName subapi.foo.com

    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / https://192.168.3.27/
    ProxyPassReverse / https://192.168.3.27/

    <Location "/">
            Require all granted
    </Location>
</VirtualHost>
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .