I want to forward (reverse proxy) requests to https://secure.mydomain.com(:443) to my internal (HTTPS-)WebServer on port 8443 using Lighttp.
Environment-Infos:
My WebServer is a Tomcat running on Port 8080 (HTTP) and Port 8443 (HTTPS).
HTTP and HTTPs works well when accessing it locally (http://127.0.0.1:8080 and/or https://127.0.0.1:8443)
(Port 8080 + Port 8443 are not direct reachable over the Internet.)
For HTTP, this config works:
$HTTP["host"] == "unsecure.mydomain.com" {
proxy.server = ( "" => ( (
"host" => "127.0.0.1",
"port" => 8080
) ) )
}
Question:
What is needed to reverse-proxy HTTPS?
lighttpd doesn't support TLS on backend connections.
If the backend needs to know whether the frontend connection was made with TLS check the
X-Forwarded-Proto
header.If you need an encrypted connection to the backend (due to an untrusted network), use a VPN.
If you wanted end-to-end encryption to the backend you need a TCP proxy (haproxy can route connections based on SNI), or just forward it with iptables and DNAT.