Upstream (reverse) proxy with encryption for service connections

In this configuration, a source system calls the reverse proxy, which transmits the request to the destination URL. The reply follows the opposite path. The source system to reverse proxy communication is encrypted for both request and reply.

Use the following Apache configuration building block.

#SSL sessions are cached to ensure possible reuse across sessions
SSLSessionCache shm:$SSL_CACHE(512000)
SSLSessionCacheTimeout 300

 #Private keys are secured through a pass-phrase
SSLPassPhraseDialog   exec:$ReverseProxyTrustedPassPhraseScript

 #Disable forward proxying for security purposes
ProxyRequests Off

 #The reverse proxy listens to the source system on the reverse proxy port.
Listen $REVERSEPROXY_PORT_NUMBER_HERE

 <VirtualHost *:$REVERSEPROXY_PORT_NUMBER_HERE>
  <Proxy *>
    Order Deny,Allow
    Deny from all

     # The Virtual Host accepts requests only from the source system
    Allow from $SourceSystem
  </Proxy>

   # The Virtual Hosts associates the packet to the destination URL
  ProxyPass    / $DestinationURL

   #Communication is encrypted on the source system to reverse proxy leg
  SSLEngine   on

   #The Virtual Host authenticates to the source system providing its certificate
  SSLCertificateFile  $ReverseProxyTrustedCertFile

   #The communication security is achieved using the PrivateKey, which is secured
  #through a pass-phrase script.
  SSLCertificateKeyFile $ReverseProxyTrustedProtectedPrivateKeyFile 

   #Logs redirected to appropriate location
  ErrorLog   $ApacheErrorLog

 </VirtualHost>