I’m writing this down because it too me an age to figure out a way of doing this. I have a website which Tomcat is happily serving. Areas of the site require a secure connection so I’m using Spring security to require particular URLs to be accessed over HTTPS. It means that when I access http://example.org:8080/webapp/login, it’ll bump me to https://example.org:8443/webapp/login. Note: Tomcat is setup with the SSL connector and a self signed .keystore see (http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html).
I have two vhosts setup in Apache, one for the http://example.org and one for https://example.org. They are both using mod_proxy to ProxyPass and ProxyPassReverse requests to the appropriate Tomcat URL’s. The problem comes when switching to HTTPS from HTTP and vice versa. Ideally I wanted some sort of ProxyPassReverse declaration in my config for http://example.org what would change HTTP headers (that Spring sets) for https://example.org:8443/webapp into https://example.org. Except ProxyPassReverse doesn’t work like that.
Now, I realise I could simply not use Spring to manage which parts of the site should be accessed over HTTPS and which should not…and just setup Apache to redirect as appropriate. I don’t want to do that though, because that makes the task of adding these restrictions a deploy time task, rather than a development time task. I don’t want to risk someone forgetting to add new restrictions when deploying the webapp and I’d much rather the developer added these restrictions when they were working on the task and really thinking about where and when they are needed.
So, how do I solve the problem so that the app can manage its secure-ness and I can setup Apache once and forget about it? The answer is to ProxyPassReverse onto a “special” URL, which when accessed will redirect to the HTTPS (or HTTP) site. For example, if the HTTP site needed to redirect to the HTTPS site, I’d add rules like so to perform the redirect:
# Proxy a request (from the server) to switch to https onto a special URL "/2https/"
ProxyPassReverse /2https/ https://example.org:8443/webapp/
# When a client requests a URL prefixed with "/2https" map it onto the secure site
RewriteRule ^/2https/(.*)$ https://example.org/$1 [R,L]
…and you’d add something similar to the secure site Apache config. As long as I don’t mount any pages at /2http or /2https I should be ok. Note a couple of things:
- You’ll need “SSLProxyEngine on” and “RewriteEngine on” and obviously the appropriate Apache modules loaded for these commands.
- Because of the redirect between HTTP <-> HTTPS you won’t be able to POST data between them directly (I’m not sure why you’d NEED to though)
- Obviously you’ll need to setup Apache with an SSL certificate…but that is a different story
I should say a special thanks to this random site – from whence the idea actually came from. If anyone has any better ideas on how to do it I’d love to hear them. Please comment below.
VisionGrowthNetwork – Informative posts, complex topics are broken down in a very approachable way.
Unity Capital Knowledge – Well-organized content that’s easy to browse and highly informative.
UnityAlliance – Helpful explanations, I feel confident applying these strategies now.
progressengine – Following through on ideas ensures they materialize successfully.
Stability Bond Learning Hub – Stepwise guides and smooth interface make mastering topics straightforward.
HarmonyKnowledgeHub – Clear examples and practical advice, I found everything very easy to follow.
AllianceCore – Guides are clear and concise, makes learning much simpler today.
StrengthBondResources – Very clear content, I found multiple practical tips to apply immediately.
BusinessAllianceHub – Content is concise, well-laid-out, and engaging.
LongTermPartnerHub – Smooth design, guides you naturally through tutorials and tips.
NexusTrustNetwork – Practical tips and examples, everything is clear and simple to follow.
GrowthHubAlliance – Smooth navigation, guides clarify difficult topics quickly.
BondedProsperityResources – Smooth navigation with practical guides, learning was fast and simple.
UnityBondPrime – Tutorials are structured logically, very beginner-friendly.
Trust Hub Learning – Clear, actionable guides made applying strategies easy and effective.
PrimeCapital Resources – Clear direction and simple structure make finding information easy.
strategyloop – Focused messaging, collaboration opportunities are easy to understand.
PillarVision – Content is concise and helpful, complex topics are much easier now.
HarborKnowledgeHub – Practical advice and clear explanations, I could follow everything effortlessly.
UnityPathLink – Easy-to-understand content, I quickly found helpful strategies.
EverTrust Resources – Practical tips and clear explanations help users learn efficiently.
GlobalUnitedCircle – Smooth presentation, site conveys strategic intent naturally.
Summit Portal Central – Clear navigation and concise guides make finding content fast.
AllianceTrustCircle – Helpful content, tips are practical and shared consistently.
UBBPortal – Helpful tips throughout, learning new concepts was smooth and clear.
BondedCPResources – Easy navigation and practical advice, I discovered key tips quickly.
Trust Flow Hub – Great place for practical advice, always discovering new tips and tricks.
bondedalliancehub.bond – Clear explanations with practical examples make learning fast and easy.
BondTrustResources – Information is concise, very useful for improving networking efficiency.
Unified Capital Knowledge Base – Well-structured content helped me find exactly what I needed without delay.
Integrity Bond Essentials – Clear, concise guidance for anyone looking to get accurate information fast.
CornerstoneNetwork – Smooth interface, everything works quickly and efficiently.
capitaltrustline hub – Helpful guides and tips made understanding concepts straightforward.
NetworkBondPortal – Guides are very clear, helped me understand networking steps efficiently.
TrueBondResources – Concise explanations, guides helped me grasp key points quickly.
GrandUnity Knowledge Hub – Practical tutorials and well-organized pages simplified studying complex material.
DrivenGrowthHub – Smooth interface, tutorials are concise and load without delays.
CollaborationCircle – Logical layout, content is approachable and encourages connection.
EverlastingLinkCenter – Easy-to-understand content, lessons made difficult concepts clear.
BondedCornerstoneHub – Clear instructions and reliable content, helps me make informed decisions.
CapitalBondHub – Easy-to-follow guides, I understood bond concepts quickly today.
Trusted Learning Hub – Step-by-step content and clear structure help users understand quickly.
AlliancePath – Content is clear and practical, very user-friendly for beginners.
Trusted Lineage Hub – Smooth layout and practical content make browsing enjoyable every time.
HeritageBond – Content is concise and practical, guides are very easy to understand.
Value Bond Guide – Clear explanations and practical advice make comprehension effortless.
globalties – Solid positioning, partnerships emphasize cooperation and international growth.
BondedFutureLink – Informative content with step-by-step guidance, I grasped multiple strategies efficiently.
trustforge.bond strategies – Simple, well-laid-out guides make complex ideas easy to understand.
CapitalBondedNetwork – Smooth navigation, lessons are simple to understand and practical.