I’m writing this down because it too me an age to figure out a way of doing this. I have a website which Tomcat is happily serving. Areas of the site require a secure connection so I’m using Spring security to require particular URLs to be accessed over HTTPS. It means that when I access http://example.org:8080/webapp/login, it’ll bump me to https://example.org:8443/webapp/login. Note: Tomcat is setup with the SSL connector and a self signed .keystore see (http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html).
I have two vhosts setup in Apache, one for the http://example.org and one for https://example.org. They are both using mod_proxy to ProxyPass and ProxyPassReverse requests to the appropriate Tomcat URL’s. The problem comes when switching to HTTPS from HTTP and vice versa. Ideally I wanted some sort of ProxyPassReverse declaration in my config for http://example.org what would change HTTP headers (that Spring sets) for https://example.org:8443/webapp into https://example.org. Except ProxyPassReverse doesn’t work like that.
Now, I realise I could simply not use Spring to manage which parts of the site should be accessed over HTTPS and which should not…and just setup Apache to redirect as appropriate. I don’t want to do that though, because that makes the task of adding these restrictions a deploy time task, rather than a development time task. I don’t want to risk someone forgetting to add new restrictions when deploying the webapp and I’d much rather the developer added these restrictions when they were working on the task and really thinking about where and when they are needed.
So, how do I solve the problem so that the app can manage its secure-ness and I can setup Apache once and forget about it? The answer is to ProxyPassReverse onto a “special” URL, which when accessed will redirect to the HTTPS (or HTTP) site. For example, if the HTTP site needed to redirect to the HTTPS site, I’d add rules like so to perform the redirect:
# Proxy a request (from the server) to switch to https onto a special URL "/2https/"
ProxyPassReverse /2https/ https://example.org:8443/webapp/
# When a client requests a URL prefixed with "/2https" map it onto the secure site
RewriteRule ^/2https/(.*)$ https://example.org/$1 [R,L]
…and you’d add something similar to the secure site Apache config. As long as I don’t mount any pages at /2http or /2https I should be ok. Note a couple of things:
- You’ll need “SSLProxyEngine on” and “RewriteEngine on” and obviously the appropriate Apache modules loaded for these commands.
- Because of the redirect between HTTP <-> HTTPS you won’t be able to POST data between them directly (I’m not sure why you’d NEED to though)
- Obviously you’ll need to setup Apache with an SSL certificate…but that is a different story
I should say a special thanks to this random site – from whence the idea actually came from. If anyone has any better ideas on how to do it I’d love to hear them. Please comment below.
GlobalGrowthAlliance – Professional presentation, information is logically structured.
workflowbeacon – Direction applied properly energizes growth and keeps processes running smoothly.
energyflowguide – Useful suggestions, keeping energy directed toward tasks is simpler now.
Ищешь грузчиков? заказать грузчиков помощь при переезде доставке и монтаже. Аккуратная работа с мебелью и техникой подъем на этаж разборка и сборка. Гибкий график быстрый выезд и понятная стоимость.
TrustedGlobalCircle – Informative posts, I make it a habit to check back frequently.
GlobalTrustForum – Well-laid-out sections make the information accessible.
FutureAllianceConnect – Clear structure, presentation is easy to follow and professional.
ideaexplorer – Discover new approaches and expand your creative potential.
HubOfBondedConnections – Simple to navigate, finding resources was quick and effortless.
growthallies – Trusted connections that enhance collaboration and long-term success.
AnchorAllianceNetwork – Easy to read guides, practical for everyday networking.
ideasintopractice – Useful guidance, helps convert creative thoughts into actions efficiently.
progressbeacon – Forward motion is simpler when a reliable system is in place.
PathwayBondedResources – Guides are clear and structured, makes learning smooth and simple.
NextGenConnectHub – Minimalist design, finding content is simple and fast.
innovationcircle – Modern hub, partnerships are clearly built around growth and mutual success.
AllianceBondNetwork – Helpful tips and practical advice, I learned several things quickly.
Official Bond Platform – Everything feels organized and easy to understand at a glance.
GlobalBondCircle – Clean presentation, content is approachable and simple to understand.
BlueChipBondPortalHub – Excellent resources, guides are helpful and structured logically.
SummitConnections – Navigation is smooth, I can quickly find useful networking tips.
growthpartners – Partners who help unlock growth potential and long-term collaboration.
UnityTrustHub – Smooth tutorials and concise lessons, learning about bonds became easy today.
AllianceTrustHub – Smooth interface, guides are practical and concise.
UnityCapitalCircle – Lessons are simple and actionable, everything is laid out clearly.
successhub – Practical guidance for creating strong, collaborative, and trustworthy networks.
TrustBondHub – Clear layout and helpful examples, I understood complex points quickly.
PTGNetwork – Straightforward layout, resource was simple to use and effective.
Bonded Principles Tutorials – Easy-to-read instructions that make bonds accessible for everyone.
AllianceInsightLink – Clear explanations, I found all the tutorials very useful today.
directionfocusstream – Advice is simple yet effective for guiding growth strategies.
LeadershipHubGlobal – Organized and simple, content emphasizes reliability.
UnityHeritageInfo – Helpful content and examples, everything is simple to follow.
GlobalProfessionalUnity – Smooth navigation, main points are highlighted clearly.
focusbeacon – Proper direction ensures motion flows smoothly throughout tasks.
NetworkOfBondedStrength – Informative and concise, made learning straightforward.
CapitalBondNetwork – Easy to follow guides, makes understanding bonds quick and simple.
BTPResources – Clear and structured content, I learned multiple techniques quickly.
BondEverCircle – Clear tutorials with step-by-step guidance, understanding bond strategies was simple.
SecureBondResources – Everything loads fast, and the tutorials are very straightforward.
GrowthFocusNetwork – Organized layout, lessons are easy to follow and save for later.
Capital Trust Center – Organized, approachable resources make learning fast and intuitive.
humanconnections – Refreshing focus, trust and relationships are front and center.
VisionCoreNetwork – Smooth and organized layout, I grasped key points in no time.
ValueBondCenter – Simple navigation, practical tutorials make understanding bonds fast.
ForwardThinkingBond – Well-structured, communicates determination and growth clearly.
SharedSuccessBridge – Logical layout, exploring sections feels natural and straightforward.
AlliedKnowledgeBond – Informative and practical, I understood several new concepts quickly.
BondedVisionsHub – Clean layout and easy-to-follow instructions, I’ll return to this site often.
BondedUnity – Simple navigation and helpful tips, I could follow the lessons without confusion.