Can Apache reverse proxy with HTTPS pages?
client | Apache reverse proxy https://example.com https://example.net https://example.org 192.0.2.1 | ----------------------------------------- | | | https://example.com https://example.net https://example.org 192.0.2.2:1234 198.51.100.3:5678 203.0.113.4:9012 Yes, but if you wish to validate the certificates on your back-ends it is better to have separate hostnames for them. Also, example.com cannot resolve both to the reverse proxy and the back-end server at the same time. You would need to do some unnecessary – even hacky – configuration for the certificate renewals & local DNS.
You need to have both mod_ssl & mod_proxy enabled.
Example with client --> https://example.com/ --> https://backend.example.com:1234/:
<VirtualHost *:443> ServerName example.com SSLEngine on SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem SSLProxyEngine on SSLProxyVerify require SSLProxyCheckPeerName on SSLProxyCheckPeerExpire on ProxyPass / https://backend.example.com:1234/ ProxyPassReverse / https://backend.example.com:1234/ </VirtualHost> In comparison, client --> https://example.net/ --> https://198.51.100.3:5678/ without any certificate validations:
<VirtualHost *:443> ServerName example.net SSLEngine on SSLCertificateFile /etc/letsencrypt/live/example.net/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.net/privkey.pem SSLProxyEngine on SSLProxyVerify none SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off ProxyPass / https://198.51.100.3:5678/ ProxyPassReverse / https://198.51.100.3:5678/ </VirtualHost> 