Apache: getting proxy, rewrite, and SSL to play nice

Posted by Rich M on Server Fault See other posts from Server Fault or by Rich M
Published on 2010-10-25T15:22:54Z Indexed on 2011/01/17 14:54 UTC
Read the original article Hit count: 225

Filed under:
|
|
|

Hi,

I'm having loads of trouble trying to integrate proxy, rewrite, and SSL altogether in Apache 2.

A brief history, my application runs on port 8080 and before adding SSL, I used proxy to strip the 8080 from the url's to and from the server.

So instead of www.example.com:8080/myapp, the client app accessed everything via www.example.com/myapp

Here was the conf the accomplished this:

ProxyRequests Off

<Proxy */myapp>
    Order deny,allow
    Allow from all
</Proxy>

ProxyPass /myapp http://www.example.com:8080/myapp
ProxyPassReverse /myapp http://www.example.com:8080/myapp

What I'm trying to do now is force all requests to myapp to be HTTPS, and then have those SSL requests follow the same proxy rules that strip out the port number as my application used to. Simply changing the ports 8080 to 8443 in the ProxyPass lines does not accomplish this. Unfortunately I'm not an expert in Apache, and my skills of trial and error are already reaching the end of the line.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule myapp/* https://%{HTTP_HOST}%{REQUEST_URI}

ProxyRequests Off


<Proxy */myapp>
    Order deny,allow
    Allow from all
</Proxy>

SSLProxyEngine on

ProxyPass /myapp https://www.example.com:8443/mloyalty
ProxyPassReverse /myapp https://www.example.com:8433/mloyalty

As this stands, a request to anything on the server other than /myapp load fine with http. If I make a browser http request to /mypp it then redirects to https:// www.example.com:8443/myapp , which is not the desired behavior. Links within the application then resolve to https:// www.example.com/myapp/linkedPage , which is desirable. Browser requests (http and https) to anything one level beyond just /myapp ie. /myapp/mycontext resolve to https:// www.example.com/myapp/mycontext without the port.

I'm not sure what other information there is for me to give, but I think my goals should be clear.

© Server Fault or respective owner

Related posts about apache

Related posts about ssl