Problem: SSL Proxy Error in Apache
The "SSL Proxy Requested But Not Enabled" error happens in Apache when you try to use SSL/TLS for proxy connections without the right setup. This problem stops secure communication between the Apache server and backend services, which can expose private data or cause connection failures.
Solution: Enabling SSL Proxy Engine in Apache
Adding the SSLProxyEngine directive
To fix the "SSL Proxy Requested But Not Enabled" error, add the SSLProxyEngine directive to your Apache configuration:
-
Open your Apache configuration file, usually at
/etc/apache2/sites-available/your-site.confor/etc/httpd/conf.d/your-site.conf. -
Add the SSLProxyEngine directive inside the VirtualHost block that handles HTTPS connections:
SSLProxyEngine onThis directive enables SSL/TLS support for proxy connections.
Tip: Verify SSL Proxy Engine
After adding the SSLProxyEngine directive, you can verify if it's enabled by running the following command:
apache2ctl -t -D DUMP_MODULES | grep sslThis will show you all SSL-related modules, including ssl_module and proxy_http_module, which are needed for SSL proxying.
Modifying the VirtualHost configuration
After adding the SSLProxyEngine directive, update your ProxyPass and ProxyPassReverse directives to use HTTPS:
- Change the ProxyPass and ProxyPassReverse directives to use the HTTPS protocol:
ProxyPass /primary/store https://localhost:9443/store/
ProxyPassReverse /primary/store https://localhost:9443/store/-
Make sure the port number (9443 in this example) matches your backend server's HTTPS port.
-
Your VirtualHost configuration should look like this:
<VirtualHost *:443>
ServerName your-domain.com
SSLEngine on
SSLCertificateFile /path/to/your/certificate.crt
SSLCertificateKeyFile /path/to/your/private.key
SSLProxyEngine on
ProxyPass /primary/store https://localhost:9443/store/
ProxyPassReverse /primary/store https://localhost:9443/store/
</VirtualHost>By adding the SSLProxyEngine directive and updating the ProxyPass and ProxyPassReverse directives, you allow Apache to establish secure HTTPS connections with your backend server.
Verifying the SSL Proxy Configuration
Testing the updated Apache configuration
After updating your Apache configuration, test that the SSL proxy works correctly. Follow these steps:
-
Restart the Apache server: Save your configuration changes and restart Apache to apply them. Use the command for your operating system:
For Ubuntu/Debian:
sudo systemctl restart apache2For CentOS/RHEL:
sudo systemctl restart httpd -
Check for HTTPS connections:
- Open a web browser and access your website using HTTPS (e.g., https://your-domain.com/primary/store).
- Check that the page loads without SSL-related errors.
- Look for the padlock icon in the address bar, showing a secure connection.
-
Review Apache error logs: Check the Apache error logs for SSL-related messages:
tail -f /var/log/apache2/error.logor
tail -f /var/log/httpd/error_log -
Use cURL to test the connection: Run this command to test the SSL connection from the command line:
curl -v https://your-domain.com/primary/storeThis will show details about the SSL handshake and connection process.
-
Check backend server logs: Review the logs of your backend server to confirm that requests are proxied correctly.
If you can make HTTPS connections without SSL-related errors and your backend server receives the proxied requests, your SSL proxy configuration works properly. If you have issues, check your configuration and SSL certificates to make sure they are set up correctly.
Tip: Use OpenSSL for SSL Certificate Verification
To verify your SSL certificate and check its details, use the OpenSSL command-line tool:
openssl s_client -connect your-domain.com:443 -servername your-domain.comThis command will display information about the SSL/TLS connection, including the certificate chain, expiration date, and any potential issues with the certificate.
