How to switch to/from HTTPS using Apache as a proxy to Tomcat

Posted on by

I’m writing this down because it too me an age to figure out a way of doing this. I have a website which Tomcat is happily serving. Areas of the site require a secure connection so I’m using Spring security to require particular URLs to be accessed over HTTPS. It means that when I access http://example.org:8080/webapp/login, it’ll bump me to https://example.org:8443/webapp/login. Note: Tomcat is setup with the SSL connector and a self signed .keystore see (http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html).

I have two vhosts setup in Apache, one for the http://example.org and one for https://example.org. They are both using mod_proxy to ProxyPass and ProxyPassReverse requests to the appropriate Tomcat URL’s. The problem comes when switching to HTTPS from HTTP and vice versa. Ideally I wanted some sort of ProxyPassReverse declaration in my config for http://example.org what would change HTTP headers (that Spring sets) for https://example.org:8443/webapp into https://example.org. Except ProxyPassReverse doesn’t work like that.

Now, I realise I could simply not use Spring to manage which parts of the site should be accessed over HTTPS and which should not…and just setup Apache to redirect as appropriate. I don’t want to do that though, because that makes the task of adding these restrictions a deploy time task, rather than a development time task. I don’t want to risk someone forgetting to add new restrictions when deploying the webapp and I’d much rather the developer added these restrictions when they were working on the task and really thinking about where and when they are needed.

So, how do I solve the problem so that the app can manage its secure-ness and I can setup Apache once and forget about it? The answer is to ProxyPassReverse onto a “special” URL, which when accessed will redirect to the HTTPS (or HTTP) site. For example, if the HTTP site needed to redirect to the HTTPS site, I’d add rules like so to perform the redirect:

    # Proxy a request (from the server) to switch to https onto a special URL "/2https/"
    ProxyPassReverse /2https/ https://example.org:8443/webapp/

    # When a client requests a URL prefixed with "/2https" map it onto the secure site
    RewriteRule ^/2https/(.*)$ https://example.org/$1 [R,L]

…and you’d add something similar to the secure site Apache config. As long as I don’t mount any pages at /2http or /2https I should be ok. Note a couple of things:

  • You’ll need “SSLProxyEngine on” and “RewriteEngine on” and obviously the appropriate Apache modules loaded for these commands.
  • Because of the redirect between HTTP <-> HTTPS you won’t be able to POST data between them directly (I’m not sure why you’d NEED to though)
  • Obviously you’ll need to setup Apache with an SSL certificate…but that is a different story

I should say a special thanks to this random site – from whence the idea actually came from. If anyone has any better ideas on how to do it I’d love to hear them. Please comment below.

12,049 thoughts on “How to switch to/from HTTPS using Apache as a proxy to Tomcat

  1. Hello I think your site might be having browser compatibility issues. When I look at your blog site in Firefox it looks fine but when opening in Internet Explorer it has some overlapping. I just wanted to give you a quick heads up Other then that excellent blog Gates of Olympus Xmas 1000

  6. Hello to all the contents existing at this site are really awesome for people knowledge well keep up the nice work fellows. Idol Pop Fever

  10. Hi there for all time i used to check website posts here early in the morning for the reason that i love to find out more and more. Candy Blitz Bombs

  11. WOW just what I was looking for. Came here by searching for meta_keyword Sugar Rush 1000

  15. Wow superb blog layout How long have you been blogging for? you make blogging look easy. The overall look of your website is magnificent let alone the content Gates of Olympus Super Scatter

  17. This is really interesting, You’re a very skilled blogger.

    I have joined your feed and look forward to seeking
    more of your fantastic post. Also, I’ve shared your
    website in my social networks!

  18. Хотите наслаждаться фильмов без регистрации? тогда я нашёл кое-что интересное ТВ-шоу сегодня представлены в самых разнообразных форматах: от реалити до документальных проектов. Каждый найдет что-то по душе среди этого многообразия. семейные фильмы Смотреть их онлайн – это способ оставаться в курсе трендов и получать максимум информации. Не пропустите самые интересные новинки. Вот тут на сайт: — https://www.filmy-serialy-online-1.top боевики смотреть онлайнновые фильмы 2025 смотретьсемейные фильмы онлайн бесплатно Приятного вечера с фильмами

  19. I got this site from my buddy who informed me concerning this web page and now this time I am visiting this web site and reading very informative posts at this place. Inca Queen

  22. Hi everything is going perfectly here and ofcourse every one is sharing information thats really good keep up writing. The Dog House Megaways

  23. Appreciating the dedication you put into your site and in depth information you present. Its great to come across a blog every once in a while that isnt the same old rehashed information. Excellent read Ive bookmarked your site and Im including your RSS feeds to my Google account. Idol Pop Fever

  25. Heya are using WordPress for your blog platform? Im new to the blog world but Im trying to get started and create my own. Do you need any html coding knowledge to make your own blog? Any help would be really appreciated Big Bass Floats My Boat

  30. Amazing! This blog looks just like my old one! It’s on a
    entirely different topic but it has pretty much the same page layout and design. Wonderful choice
    of colors!

  31. You’re so awesome! I don’t think I’ve truly read through anything like
    this before. So nice to discover somebody with genuine thoughts on this topic.
    Really.. many thanks for starting this up. This web site is
    something that’s needed on the web, someone with some originality!

  33. I blog often and I genuinely thank you for your information. The article has really peaked
    my interest. I am going to bookmark your site and
    keep checking for new details about once per week. I opted in for your
    RSS feed as well.

  34. What’s up Dear, are you actually visiting this web site regularly, if so afterward you will without doubt obtain pleasant experience.

  45. Hi, i think that i saw you visited my site thus i came to “return the favor”.I am attempting to find things to improve my website!I suppose its ok to use some of
    your ideas!!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>