How to switch to/from HTTPS using Apache as a proxy to Tomcat

Posted on by

I’m writing this down because it too me an age to figure out a way of doing this. I have a website which Tomcat is happily serving. Areas of the site require a secure connection so I’m using Spring security to require particular URLs to be accessed over HTTPS. It means that when I access http://example.org:8080/webapp/login, it’ll bump me to https://example.org:8443/webapp/login. Note: Tomcat is setup with the SSL connector and a self signed .keystore see (http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html).

I have two vhosts setup in Apache, one for the http://example.org and one for https://example.org. They are both using mod_proxy to ProxyPass and ProxyPassReverse requests to the appropriate Tomcat URL’s. The problem comes when switching to HTTPS from HTTP and vice versa. Ideally I wanted some sort of ProxyPassReverse declaration in my config for http://example.org what would change HTTP headers (that Spring sets) for https://example.org:8443/webapp into https://example.org. Except ProxyPassReverse doesn’t work like that.

Now, I realise I could simply not use Spring to manage which parts of the site should be accessed over HTTPS and which should not…and just setup Apache to redirect as appropriate. I don’t want to do that though, because that makes the task of adding these restrictions a deploy time task, rather than a development time task. I don’t want to risk someone forgetting to add new restrictions when deploying the webapp and I’d much rather the developer added these restrictions when they were working on the task and really thinking about where and when they are needed.

So, how do I solve the problem so that the app can manage its secure-ness and I can setup Apache once and forget about it? The answer is to ProxyPassReverse onto a “special” URL, which when accessed will redirect to the HTTPS (or HTTP) site. For example, if the HTTP site needed to redirect to the HTTPS site, I’d add rules like so to perform the redirect:

    # Proxy a request (from the server) to switch to https onto a special URL "/2https/"
    ProxyPassReverse /2https/ https://example.org:8443/webapp/

    # When a client requests a URL prefixed with "/2https" map it onto the secure site
    RewriteRule ^/2https/(.*)$ https://example.org/$1 [R,L]

…and you’d add something similar to the secure site Apache config. As long as I don’t mount any pages at /2http or /2https I should be ok. Note a couple of things:

  • You’ll need “SSLProxyEngine on” and “RewriteEngine on” and obviously the appropriate Apache modules loaded for these commands.
  • Because of the redirect between HTTP <-> HTTPS you won’t be able to POST data between them directly (I’m not sure why you’d NEED to though)
  • Obviously you’ll need to setup Apache with an SSL certificate…but that is a different story

I should say a special thanks to this random site – from whence the idea actually came from. If anyone has any better ideas on how to do it I’d love to hear them. Please comment below.

10,584 thoughts on “How to switch to/from HTTPS using Apache as a proxy to Tomcat

  8. As for our final word, we can best summarize our Stake review as such. That Stake casino is without a doubt one of the best crypto casinos we’ve found. In fact, we are hesitant to box it in to that degree, and would even go so far as to say that Stake is in fact one of the best online casinos around. If there is something that can make you feel like a real whale in a posh Las Vegas casino, that’s playing Live Roulette for high stakes and that is a fact. At these live dealer tables, players can place straight up bets, which offer high payouts but come with higher risk. Nothing says high roller better than the posh atmosphere at the live dealer tables and with the limits that allow you to stake as much as you like, you will feel like a true VIP. As I mentioned before, William Hill Casino does really well in this department and if you are a fan of the real casino thrill, I suggest you try the Mayfair, Macau, and the Vegas Live Roulette tables.
    https://entertainmentlabels.co.uk/spin-hill-casino-review-no-download-online-casino-experience-for-uk-players/
    Super Stake Roulette is Stakelogic’s first multiplier roulette game and is also innovative. To play the ‘Queens up’ bet you must already have a bet on both ‘Ante’ and ‘Super bonus’ wagers. The ‘Queens up’ bet is an optional side bet. Nova gorica casino no deposit bonus codes for free spins 2025 are players and fans looking for more accountability when it comes to refereeing errors, you will not be disappointed by PlayOJOs live casino. Automated online roulette. Stake Originals Roulette has built a loyal following, thanks to its low house edge, which is made possible thanks to the inclusion of only one green zero number. This differentiates it from other American Roulette games and means that players have a slight advantage over the house, which is always good to know! The edge for this particular version of Roulette is 2.70%.

  15. I got this site from my friend who informed me concerning this web page and at the moment this time I
    am visiting this web page and reading very informative articles or reviews at this place.

    Here is my homepage … elements of illegal
    gambling Philippines (https://Goplayslots.net/)

  20. Howdy! This post couldn’t be written any better!
    Going through this article reminds me of my previous
    roommate! He always kept preaching about this. I am going to forward this information to
    him. Pretty sure he’s going to have a good read. I appreciate
    you for sharing!

  21. У нас несколько складов в разных точках. Раньше перемещения между ними отслеживали вручную. Теперь инвентаризация и остатки всегда актуальны в автоматическом режиме. управление клиентами CRM

  28. This application enhances the native Stocks app by adding portfolio performance analytics and dividend tracking through an integrated dashboard. Check this out: command line iso image creation tool ventura Find out why: This utility integrates with macOSs Quick Look framework to provide preview generation for proprietary file formats and CAD drawings via a plugin architecture.

  29. Здравствуйте Как определить необходимость капитального ремонта Обслуживание станков включает регулярную диагностику смазку и замену деталей. Это помогает поддерживать точность и надежность работы оборудования. Полная информация по ссылке – https://dagtechservice.ru/about/ сервисное обслуживание оборудования магазина пуско наладка Махачкала способы наладки технологического оборудования ремонт оборудования на производстве Архивы Техническое обслуживание – Технический сервис сервисное обслуживание оборудования магазина Удачи и комфорта в жизни Как повысить надежность оборудования 6966bd1

  37. Ӏ aⅼѡays emailed this website post page to all my associates, for the reason that if ⅼike tօ reаⅾ it then my ⅼinks will too.

    Feel free tо visit my site; หนังโป๊ หนังโป๊ไทย คลิปหลุด คลิปโป๊ ดูหนังโป๊ xxx porn jav 18+ คลิปหลุดไทย onlyfans หลุด แอบถ่าย หนังx หนังav (Melodee)

  38. 당신의 기사가 놀랍습니다고 원하고 합니다.
    당신의 포스트의 명확성는 단순히 좋고 저는
    당신이 이 주제에 지식이 있는라고 가정합니다.
    당신의 허락한다면 당신의 피드를 붙잡아서 다가오는
    포스트로 최신 상태를 유지하고 싶습니다.
    백만 감사하고 보람 있는 일을 계속해 주세요.

    For newest information you have to go to see world wide web
    and on web I found this site as a best web site for
    most recent updates.

  43. Постоянно были пересортицы на складе — один товар путали с другим. После внедрения нормального складского учёта ошибки практически исчезли. кадровый учёт малый бизнес

  45. Ребята, это лучший гайд по накрутке ПФ, который я видел. Всё по полочкам: 5 шагов для старта, как проверить сайт, как собрать ключи, как выбрать сервис, как запустить тест на 500–1000 кликов. И главное — есть раздел «Что делать, если ничего не работает» с пошаговым планом. Сохранил в закладки: https://teletype.in/@pfup/3mo6UGVvR2a

  47. Have you ever considered publishing an e-book or guest authoring on other sites? I have a blog based upon on the same ideas you discuss and would really like to have you share some stories/information. I know my visitors would appreciate your work. If you’re even remotely interested, feel free to send me an e-mail.

  49. For newest information you have to pay a quick visit internet and on web I found
    this web page as a best web page for most up-to-date
    updates.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>