I wanted to have an octopi behind a simple proxy.
So add the proxy to apache
<IfModule mod_proxy.c> ProxyRequests off ProxyVia On ProxyPass / http://octoprint.darkink.internal/ ProxyPassReverse / http://octopi.darkink.internal/ <Location /> ProxyPassReverse / </Location> </IfModule>
then add some securtiy, creating a new CA following this and this.
openssl genrsa -des3 -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 3650 -out rootCA.pem openssl genrsa -out steven.key 2048 openssl req -new -key steven.key -out steven.csr openssl x509 -req -in steven.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out steven.crt -days 365 -sha256 openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12
adding to the proxy
SSLVerifyClient require SSLVerifyDepth 10 SSLCACertificateFile /srv/www/clients/client1/web26/ssl/auth/rootCA.pem SSLCACertificatePath /srv/www/clients/client1/web26/ssl/auth
We then need to add revocation here and here:
openssl ca -config rootCA.conf -gencrl -out rootCA.crl
We add this to the proxy
SSLCARevocationFile /srv/www/clients/client1/web26/ssl/auth/rootCA.crl SSLCARevocationCheck chain
then add the certificate to the browser and try it !
if we want to revoke it we must do
openssl ca -config rootCA.conf -revoke certs/test.crt openssl ca -config rootCA.conf -gencrl -out rootCA.crl openssl crl -in intermediate/crl/intermediate.crl.pem -noout -text