5

I want to forward (reverse proxy) requests to https://secure.mydomain.com(:443) to my internal (HTTPS-)WebServer on port 8443 using Lighttp.

Environment-Infos:
My WebServer is a Tomcat running on Port 8080 (HTTP) and Port 8443 (HTTPS).
HTTP and HTTPs works well when accessing it locally (http://127.0.0.1:8080 and/or https://127.0.0.1:8443)

(Port 8080 + Port 8443 are not direct reachable over the Internet.)

For HTTP, this config works:

$HTTP["host"] == "unsecure.mydomain.com" { proxy.server = ( "" => ( ( "host" => "127.0.0.1", "port" => 8080 ) ) ) }

Question:
What is needed to reverse-proxy HTTPS?

Improve this question

1 Answer 1

Reset to default
2

lighttpd doesn't support TLS on backend connections.

If the backend needs to know whether the frontend connection was made with TLS check the X-Forwarded-Proto header.

If you need an encrypted connection to the backend (due to an untrusted network), use a VPN.

If you wanted end-to-end encryption to the backend you need a TCP proxy (haproxy can route connections based on SNI), or just forward it with iptables and DNAT.

Improve this answer
1
  • this should be the accepted answer; haproxy is a very useful tool and I used it to forward a https server to internet (I just used tcp ssl pass-trough). Thanks for pointing it out Commented Sep 27, 2018 at 8:52

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.