Apache: getting proxy, rewrite, and SSL to play nice
Posted
by
Rich M
on Server Fault
See other posts from Server Fault
or by Rich M
Published on 2010-10-25T15:22:54Z
Indexed on
2011/01/17
14:54 UTC
Read the original article
Hit count: 225
Hi,
I'm having loads of trouble trying to integrate proxy, rewrite, and SSL altogether in Apache 2.
A brief history, my application runs on port 8080 and before adding SSL, I used proxy to strip the 8080 from the url's to and from the server.
So instead of www.example.com:8080/myapp, the client app accessed everything via www.example.com/myapp
Here was the conf the accomplished this:
ProxyRequests Off
<Proxy */myapp>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /myapp http://www.example.com:8080/myapp
ProxyPassReverse /myapp http://www.example.com:8080/myapp
What I'm trying to do now is force all requests to myapp to be HTTPS, and then have those SSL requests follow the same proxy rules that strip out the port number as my application used to. Simply changing the ports 8080 to 8443 in the ProxyPass lines does not accomplish this. Unfortunately I'm not an expert in Apache, and my skills of trial and error are already reaching the end of the line.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule myapp/* https://%{HTTP_HOST}%{REQUEST_URI}
ProxyRequests Off
<Proxy */myapp>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine on
ProxyPass /myapp https://www.example.com:8443/mloyalty
ProxyPassReverse /myapp https://www.example.com:8433/mloyalty
As this stands, a request to anything on the server other than /myapp load fine with http. If I make a browser http request to /mypp it then redirects to https:// www.example.com:8443/myapp , which is not the desired behavior. Links within the application then resolve to https:// www.example.com/myapp/linkedPage , which is desirable. Browser requests (http and https) to anything one level beyond just /myapp ie. /myapp/mycontext resolve to https:// www.example.com/myapp/mycontext without the port.
I'm not sure what other information there is for me to give, but I think my goals should be clear.
© Server Fault or respective owner