I currently have a pfSense firewall that redirects port 80 and 443 to an internal Apache that acts as a reverse proxy for several subdomains on our company.
Since pfSense provides a reverse proxy through Squid3, I'd like to get rid of the Apache server and route everything with pfSense instead.
My current Apache configuration is something like this:
<VirtualHost *:80 *:443>
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
ServerName trac.mycompany.com
SSLProxyEngine on
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
ProxyPreserveHost On
ProxyPass / https://trac.mycompany.com/
ProxyPassReverse / https://trac.mycompany.com/
ProxyVia on
</VirtualHost>
<VirtualHost *:80 *:443>
ServerName svn.mycompany.com
ProxyPass / http://svn.mycompany.com/
ProxyPassReverse / http://svn.mycompany.com/
ProxyVia On
</VirtualHost>
As you can see, both are pretty straight forward. I know that using virtual hosts with HTTPS and a single external IP address limits me to use self signed certificates, and I'm aware of the risks, but at this moment don't care (I just want the usernames and password to be sent encrypted).
On pfSense, I configured it as follows:
The reverse proxy is on. Both trac and svn run on the same local server (192.168.0.26).
The problem is that when the proxy hits the internal server, the local server Apache always tries to serve the trac subdomain, instead of matching by name.
Is this something I can accomplish with the Reverse Proxy module of pfSense? Am I missing something obvious here?
i know this is a late response but better late than never :) you probably sorted yourself out by now but if you didnt... create a secondary IP address on the local server running off the same NIC and run each website on a separate IP.
i didnt think you could ever serve 2 https sites off the same IP address and ports since the headers get lost with encryption and you always end up on the main default site. 2 http sites is fine but 2 https sites needs different ports or different IPs.