Reverse-proxying with SSL

Apache does name-based virtual hosting, and it does proxying, and it does both quite nicely. Problem is, it won’t mix the former with SSL. This, to my mind, is a major failing. We know why it doesn’t do it: SSL is defined per virtual host, but the server must know to which host the client is talking before it can unwrap the SSL-wrapped channel to find out which host… yadda, yadda, open box with crowbar inside.

However, with a wildcard SSL certificate matching all virtual hosts on the server, it is perfectly possible to unwrap the channel before directing the traffic to a specific virtual host. This is an edge case, but a very valuable edge case which MS ISA Server supports just fine.

In short, it would be nice to be able to specify a server-wide SSL wildcard certificate that applied to all SSL virtual hosts and did not prevent name-based virtual hosting. I understand that this may be difficult with Apache’s current architecture (vhost dispatch handled early in the pipeline) but if time allows I may experiment with the source code.

A dedicated HTTP/S reverse-proxying gateway application could be very useful.