How to switch to/from HTTPS using Apache as a proxy to Tomcat

Posted on by

I’m writing this down because it too me an age to figure out a way of doing this. I have a website which Tomcat is happily serving. Areas of the site require a secure connection so I’m using Spring security to require particular URLs to be accessed over HTTPS. It means that when I access http://example.org:8080/webapp/login, it’ll bump me to https://example.org:8443/webapp/login. Note: Tomcat is setup with the SSL connector and a self signed .keystore see (http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html).

I have two vhosts setup in Apache, one for the http://example.org and one for https://example.org. They are both using mod_proxy to ProxyPass and ProxyPassReverse requests to the appropriate Tomcat URL’s. The problem comes when switching to HTTPS from HTTP and vice versa. Ideally I wanted some sort of ProxyPassReverse declaration in my config for http://example.org what would change HTTP headers (that Spring sets) for https://example.org:8443/webapp into https://example.org. Except ProxyPassReverse doesn’t work like that.

Now, I realise I could simply not use Spring to manage which parts of the site should be accessed over HTTPS and which should not…and just setup Apache to redirect as appropriate. I don’t want to do that though, because that makes the task of adding these restrictions a deploy time task, rather than a development time task. I don’t want to risk someone forgetting to add new restrictions when deploying the webapp and I’d much rather the developer added these restrictions when they were working on the task and really thinking about where and when they are needed.

So, how do I solve the problem so that the app can manage its secure-ness and I can setup Apache once and forget about it? The answer is to ProxyPassReverse onto a “special” URL, which when accessed will redirect to the HTTPS (or HTTP) site. For example, if the HTTP site needed to redirect to the HTTPS site, I’d add rules like so to perform the redirect:

    # Proxy a request (from the server) to switch to https onto a special URL "/2https/"
    ProxyPassReverse /2https/ https://example.org:8443/webapp/

    # When a client requests a URL prefixed with "/2https" map it onto the secure site
    RewriteRule ^/2https/(.*)$ https://example.org/$1 [R,L]

…and you’d add something similar to the secure site Apache config. As long as I don’t mount any pages at /2http or /2https I should be ok. Note a couple of things:

  • You’ll need “SSLProxyEngine on” and “RewriteEngine on” and obviously the appropriate Apache modules loaded for these commands.
  • Because of the redirect between HTTP <-> HTTPS you won’t be able to POST data between them directly (I’m not sure why you’d NEED to though)
  • Obviously you’ll need to setup Apache with an SSL certificate…but that is a different story

I should say a special thanks to this random site – from whence the idea actually came from. If anyone has any better ideas on how to do it I’d love to hear them. Please comment below.

10,629 thoughts on “How to switch to/from HTTPS using Apache as a proxy to Tomcat

  2. Ребята, очень современный гайд! Автор объясняет, как изменился маркетинг с приходом Search Generative Experience (SGE) и GEO. Ключевые темы: оптимизация под генеративные ответы ИИ (цитируемость, структурированные данные), контентная стратегия с фокусом на личный опыт и E-E-A-T 2.0, техническое SEO 2026 (INP, Edge SEO, Green SEO). Также разбираются визуальный и голосовой поиск, Social SEO и гиперлокальное продвижение с AR-навигацией. Очень актуально: https://aikidovaenga.ru/stati/prodvizhenie-sajtov-polnoe-rukovodstvo-po-seo-i-internet-marketingu-v-2026-godu/

  7. Hello! I know this is somewhat off topic but I was wondering if you knew where I could
    locate a captcha plugin for my comment form? I’m using the same blog
    platform as yours and I’m having problems finding one?
    Thanks a lot!

    my web-site … how to play casino in dafabet (Alberta)

  8. I’m pretty pleased to discover this great site. I need to to thank you
    for ones time due to this fantastic read!! I definitely savored every little bit of it and i also have
    you book-marked to look at new stuff on your site.

    My blog; website

  15. Discover the amazing features of hghjfjdossa and elevate your experience today. Recently hghjfjdossa has become a focal point in multiple areas of study.

  34. I just couldn’t depart your website before suggesting that I extremely loved the standard
    information a person supply in your guests?
    Is gonna be back ceaselessly in order to investigate cross-check new posts

  42. Для тех кто любит кино онлайн рекомендую место где можно смотреть фильмы — это KinoStart. Наслаждайтесь лучшими фильмами онлайн вместе с KinoStart. Мы собрали для вас самые интересные и популярные картины. кино онлайн 2025 Смотрите кино в высоком качестве погружаясь в каждую историю. Пусть каждый просмотр будет особенным. Если интересно то вот: — https://www.kinostart-1.top фильмы бесплатно онлайнсмотреть кино 2025 бесплатносмотреть фильмы в full hd Наслаждайтесь кино на KinoStart

  43. Write more, thats all I have to say. Literally, it seems as though you relied
    on the video to make your point. You definitely know what youre talking about, why throw away your intelligence on just posting videos to your site when you
    could be giving us something enlightening to read?

  44. O foco agora não é só big win, é constância de sessão com meta de saída clara.

  49. Ребята, отличная метафора — сайт как магнит. Автор объясняет, почему даже красивый ресурс может быть невидимкой для поисковиков. Разбирает три ключевые проблемы: нерелевантный контент (когда пользователи уходят через 10 секунд), техническую «анестезию» (медленная загрузка, кривая мобилка) и неправильную семантику. Спойлер: длинные хвостовые запросы дают 70% целевого трафика. Советую: http://studio-didier.com/anatomiya-cifrovogo-magnita-pochemu-vash-sajt-ne-vidit-dazhe-poiskovik/

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>