How to switch to/from HTTPS using Apache as a proxy to Tomcat

Posted on by

I’m writing this down because it too me an age to figure out a way of doing this. I have a website which Tomcat is happily serving. Areas of the site require a secure connection so I’m using Spring security to require particular URLs to be accessed over HTTPS. It means that when I access http://example.org:8080/webapp/login, it’ll bump me to https://example.org:8443/webapp/login. Note: Tomcat is setup with the SSL connector and a self signed .keystore see (http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html).

I have two vhosts setup in Apache, one for the http://example.org and one for https://example.org. They are both using mod_proxy to ProxyPass and ProxyPassReverse requests to the appropriate Tomcat URL’s. The problem comes when switching to HTTPS from HTTP and vice versa. Ideally I wanted some sort of ProxyPassReverse declaration in my config for http://example.org what would change HTTP headers (that Spring sets) for https://example.org:8443/webapp into https://example.org. Except ProxyPassReverse doesn’t work like that.

Now, I realise I could simply not use Spring to manage which parts of the site should be accessed over HTTPS and which should not…and just setup Apache to redirect as appropriate. I don’t want to do that though, because that makes the task of adding these restrictions a deploy time task, rather than a development time task. I don’t want to risk someone forgetting to add new restrictions when deploying the webapp and I’d much rather the developer added these restrictions when they were working on the task and really thinking about where and when they are needed.

So, how do I solve the problem so that the app can manage its secure-ness and I can setup Apache once and forget about it? The answer is to ProxyPassReverse onto a “special” URL, which when accessed will redirect to the HTTPS (or HTTP) site. For example, if the HTTP site needed to redirect to the HTTPS site, I’d add rules like so to perform the redirect:

    # Proxy a request (from the server) to switch to https onto a special URL "/2https/"
    ProxyPassReverse /2https/ https://example.org:8443/webapp/

    # When a client requests a URL prefixed with "/2https" map it onto the secure site
    RewriteRule ^/2https/(.*)$ https://example.org/$1 [R,L]

…and you’d add something similar to the secure site Apache config. As long as I don’t mount any pages at /2http or /2https I should be ok. Note a couple of things:

  • You’ll need “SSLProxyEngine on” and “RewriteEngine on” and obviously the appropriate Apache modules loaded for these commands.
  • Because of the redirect between HTTP <-> HTTPS you won’t be able to POST data between them directly (I’m not sure why you’d NEED to though)
  • Obviously you’ll need to setup Apache with an SSL certificate…but that is a different story

I should say a special thanks to this random site – from whence the idea actually came from. If anyone has any better ideas on how to do it I’d love to hear them. Please comment below.

9,365 thoughts on “How to switch to/from HTTPS using Apache as a proxy to Tomcat

  2. Доброго Мы сокращаем простои — результаты которые говорят сами за себя РњС‹ РЅРµ только чиним оборудование — РјС‹ меняем его Рє лучшему. Модернизация СЃ нашими специалистами означает повышение производительности Рё эффективности вашей техники. РњС‹ внедряем инновационные решения которые делают ваше оборудование более экономичным надежным Рё производительным. РЎ нами ваше оборудование будет работать РЅР° полную мощность что откроет новые возможности для вашего бизнеса. Полная информация по ссылке – п»їhttps://dag-techservice.ru/ сервисное обслуживание лифтового оборудования монтаж промышленного оборудования сервисная карта обслуживания оборудования промышленный аутсорсинг обслуживания Автоматическая линия фасовки цемента — кейс DAG TechService сервисное обслуживание оборудования пример Удачи и комфорта в жизни Уменьшите затраты н 1088_2f

  7. Good day This post could not be written any better Reading this post reminds me of my previous room mate He always kept talking about this. I will forward this page to him. Fairly certain he will have a good read. Many thanks for sharing adult xxx video porn site xxx sex video

  10. Добрый день SMM продвижение в соцсетях Махачкалы работает только тогда когда связано с сайтом. Если текст ограничен словами «ведение страниц» интереса нет. Но если раскрыть: таргетированная реклама создание контента интеграция с лендингом SEO оптимизация и аналитика внимание удерживается. Человек видит что SMM — это часть стратегии а не отдельное действие. Полная информация по ссылке – https://www.ts-web.ru/blog/seo/core-web-vitals.html контекстная реклама для образовательных курсов восстановление сайта после взлома реклама в социальных сетях Россия сопровождение интернет-магазинов WordPress Семантическое ядро шаг за шагом: инструменты и лайфхаки Блог TS-WEB интернет-магазин с интеграцией CRM Россия Удачи и комфорта в жизни Интернет-магазин WordPress: удобный старт для онлайн-бизнеса bd1081_

  25. Do you have a spam issue on this site; I also am a blogger and I was wondering your situation; many of us have developed some nice practices and we are looking to trade methods with others please shoot me an e-mail if interested. Watch sexual porno video xxx sex adults site

  28. Good morning Curate bug mysterious lists with interesting and valuable software patch impact and squash errors efficiently see on the website for bug trackers Full information on the link – https://a-parserim.site All the best and development in business

  34. My partner and I absolutely love your blog and find nearly all of your posts to be precisely what Im looking for. can you offer guest writers to write content available for you? I wouldnt mind composing a post or elaborating on a number of the subjects you write with regards to here. Again awesome web log Watch sexual porno video xxx sex adults site

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>