Apache + LDAP + SSL + Proxy frontend for proprietary web application that offers no authentication.

 Lets say we have a web application that we can't/don't want to tamper with and offers no authentication. It runs on port 8000. Offers no ssl.

Do block port 8000 on all interfaces except for 127.0.0.1.
iptables -A INPUT -p tcp -d !127.0.0.1 --dport 8000 -j DROP

Use the following configuration for apache.

Listen 80
Listen 443
LDAPVerifyServerCert off
LDAPTrustedMode SSL
LDAPTrustedGlobalCert CERT_BASE64 /etc/httpd/cert1.pem
LDAPTrustedGlobalCert KEY_BASE64 /etc/httpd/key1.pem
NameVirtualHost *:443
<VirtualHost *:443>
         ProxyRequests Off
         ProxyPreserveHost On
         ProxyPass / http://127.0.0.1:8000/
         ProxyPassReverse / http://127.0.0.1:8000/
         SSLEngine on
         SSLCertificateFile /etc/httpd/webssl.cer
         SSLCertificateKeyFile /etc/httpd/webssl.key
        <Location />
                Order deny,allow
                Allow from all
                AuthLDAPBindDN "CN=LDAP Query,CN=Users,DC=dc1,DC=example,DC=net"
                AuthLDAPBindPassword "LDAP PASSWORD FOR BIND USER"
                # search user
                AuthLDAPURL "ldap://dc1.example.net:636/CN=Users,DC=dc1,DC=example,DC=net?sAMAccountName?sub?(objectClass=*)" SSL
                AuthType Basic
                AuthName "Password Required"
                Require valid-user
                AuthBasicProvider ldap
        </Location>
</VirtualHost>
# Separate virtual host running on port 80 to rewrite http to https because the application return urls with http
<VirtualHost *:80>
         RewriteEngine On
         RewriteCond %{HTTPS} off
         RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>