I would like to have an Apache 2.4 proxy which redirects port 80 and 443 requests to different machines in the local network, depending on the host name. I used mod_proxy and it works fine with port 80.
Now I am trying to do a HTTPS->HTTPS redirect. Following code works:
<VirtualHost *:443>
ServerName domain.tld
ServerAlias www.domain.tld
SSLProxyEngine On
ProxyPass / https://new.domain.tld/
ProxyPassReverse / https://new.domain.tld/
SSLEngine on
SSLCertificateFile /etc/myssl/public.pem
SSLCertificateKeyFile /etc/myssl/privkey.pem
SSLCertificateChainFile /etc/myssl/chain-class2.pem
</VirtualHost>
The problem is that the proxy needs to have all the SSL keyfiles of the machines, which produces a lot of overhead in the yearly certificate renewal.
I do understand that the proxy needs to establish an encrypted connection using its own key material to inspect the Host: HTTP-header to find out which VirtualHost to use.
But since today's browsers usually implement SNI, I would like to use this information to delegate to the correct VirtualHost without requiring any key material at the proxy. Is this possible in Apache 2.4?
