Configure Apache to use external proxy for HTTPS connection

I'm trying to make my Apache use external proxy for HTTPS requests:

Listen 80
Listen 443
..
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
..
SSLProxyEngine On
SSLProxyVerify none
SSLCACertificateFile conf/cert/curl-ca-bundle.cert

ProxyRemote http://*.externaldomain.com:80 http://external.proxy.com:8585
ProxyRemote http://*.externaldomain.com:443 https://external.proxy.com:8585
ProxyPass    /sub      https://sub.externaldomain.com/

But request for http://localhost/sub/something returns 503 and gives:

[Fri Apr 15 17:38:15 2011] [error] (OS 10060)A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.  : proxy: HTTPS: attempt to connect to 11.11.11.111:443 (sub.domain.com) failed

What's weird

curl -x 11.11.11.111:8585 https://sub.externaldomain.com/something

works.

How can I make Apache use external proxy for https request?


The error your get is because of your last line into the config

 ProxyPass    /sub      https://sub.externaldomain.com/

That tells apache to proxy pass requests from /sub to sub.externaldomain.com:443 which is what you actually get into your error message.

Now your setup is missing

 ProxyRequests On 

because ProxyRemote only functions when this is on and the User Agent(browser) is configured to use the apache server as a proxy . Is my understanding that you want to do something like:

  • 1 - proxy all traffic to /sub trough the remote proxies that you have configured - but not to use the local apache server as a ProxyPass ?! - if that is the case the remove the last line

  • 2 - you want your apache server to act that it has the resource /sub locally and actually the requests are going to a remote server ?! - if that is the case you need to configure just the last line with the appropriated port AND use this directive as well

ProxyPassReverse /sub https://sub.externaldomain.com/ # here configure the right port as you can see 443 is not working


I finally got it working :) The problem was with (RTFM)

"match is either the name of a URL-scheme that the remote server supports, or a partial URL for which the remote server should be used, or * to indicate the server should be contacted for all requests. remote-server is a partial URL for the remote server. "

So resolution is simple, use ProxyRemoteMatch instead:

ProxyRemoteMatch externaldomain\.com http://external.proxy.com:8585