I’m writing this down because it too me an age to figure out a way of doing this. I have a website which Tomcat is happily serving. Areas of the site require a secure connection so I’m using Spring security to require particular URLs to be accessed over HTTPS. It means that when I access http://example.org:8080/webapp/login, it’ll bump me to https://example.org:8443/webapp/login. Note: Tomcat is setup with the SSL connector and a self signed .keystore see (http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html).
I have two vhosts setup in Apache, one for the http://example.org and one for https://example.org. They are both using mod_proxy to ProxyPass and ProxyPassReverse requests to the appropriate Tomcat URL’s. The problem comes when switching to HTTPS from HTTP and vice versa. Ideally I wanted some sort of ProxyPassReverse declaration in my config for http://example.org what would change HTTP headers (that Spring sets) for https://example.org:8443/webapp into https://example.org. Except ProxyPassReverse doesn’t work like that.
Now, I realise I could simply not use Spring to manage which parts of the site should be accessed over HTTPS and which should not…and just setup Apache to redirect as appropriate. I don’t want to do that though, because that makes the task of adding these restrictions a deploy time task, rather than a development time task. I don’t want to risk someone forgetting to add new restrictions when deploying the webapp and I’d much rather the developer added these restrictions when they were working on the task and really thinking about where and when they are needed.
So, how do I solve the problem so that the app can manage its secure-ness and I can setup Apache once and forget about it? The answer is to ProxyPassReverse onto a “special” URL, which when accessed will redirect to the HTTPS (or HTTP) site. For example, if the HTTP site needed to redirect to the HTTPS site, I’d add rules like so to perform the redirect:
# Proxy a request (from the server) to switch to https onto a special URL "/2https/"
ProxyPassReverse /2https/ https://example.org:8443/webapp/
# When a client requests a URL prefixed with "/2https" map it onto the secure site
RewriteRule ^/2https/(.*)$ https://example.org/$1 [R,L]
…and you’d add something similar to the secure site Apache config. As long as I don’t mount any pages at /2http or /2https I should be ok. Note a couple of things:
- You’ll need “SSLProxyEngine on” and “RewriteEngine on” and obviously the appropriate Apache modules loaded for these commands.
- Because of the redirect between HTTP <-> HTTPS you won’t be able to POST data between them directly (I’m not sure why you’d NEED to though)
- Obviously you’ll need to setup Apache with an SSL certificate…but that is a different story
I should say a special thanks to this random site – from whence the idea actually came from. If anyone has any better ideas on how to do it I’d love to hear them. Please comment below.
trustaxis.bond – Helpful guides and tips, everything is easy to follow and understand.
BondNetworkCircle – Well-organized interface, content makes networking efficient and approachable.
trustbridgegroup.bond – The site’s design is great, and the bond guides are easy to follow and understand.
BusinessAllianceGlobal – Well-structured design, ideas feel deliberate and business-oriented.
CoreTrustGuide – Easy-to-follow instructions, guides are highly useful and organized.
UnityHeritagePortal – Helpful tutorials with concise explanations, everything is easy to access.
IroncladNetworkPortal – Simple interface, instructions are straightforward and helpful.
Bond Circle Resources – Well-designed content with smooth operation and trustworthy information.
Keystone Partners Tutorials – Concepts are explained plainly without unnecessary complexity.
BondedNetwork – Guides are well-structured, practical tips are immediately usable.
Trusted Allied Tips – Smooth navigation and helpful resources make grasping information simple.
Growth Hub Guides – Structured examples and intuitive pages make concepts simple to follow.
SynergyKnowledgeCore – Well-structured tutorials, I grasped the key points without confusion.
BondedHorizonsHub – Very clear tutorials, I quickly picked up several useful strategies.
GlobalIntegrityCircle – Well-structured platform, lessons are concise yet packed with value.
integrityaxis.bond study – Well-laid-out pages and concise content enhance understanding efficiently.
CoreAllianceBond – Informative tutorials, I can grasp key concepts without difficulty.
bondedtrustcore knowledge hub – Clear pages and supportive tips make studying efficient.
unitydrivenbond.bond – Excellent info and fast, easy-to-navigate site made my experience great today.
GlobalTrustHub – Clean and professional, messaging comes across as credible.
ProsperityLink – Well-organized guides, I quickly gained knowledge I can use.
BondedStrategyHub – Well-structured advice, I can apply these tips immediately to improve partnerships.
LegacyTrustResources – Easy guides and structured lessons, learning key points was simple.
SecureUnity Resources – Content is straightforward and the site is intuitive to use.
Alliance Knowledge Hub – Clear instructions and practical tips improved my understanding efficiently.
NobleConnect – Easy to navigate, everything is explained in simple steps.
partneralliance – Well-defined theme, alliances come across as professional and well considered.
AllianceKnowledgeHub – Helpful and clear tutorials, made learning complex ideas simple.
BondedEnduranceResources – Practical guides, easy to read and understand quickly.
Growth Circle Central – Well-organized content and practical examples made grasping ideas straightforward.
GrowthTrustCircle – Clean flow, content inspires confidence and clarity.
unitydrivenbond.bond – Trustworthy and well-organized site, navigation is simple and the content loads fast.
SolidarityHub – Very clear and practical guides, I could follow everything easily.
bondedpillars.bond lessons – Helpful insights and structured guides, I quickly learned valuable strategies.
BondedCollective Resources – Simple breakdowns and clean layout speed up the learning process.
MutualHubResources – Well-structured tutorials with actionable advice, I learned key points fast.
CapitalHubBond – Easy layout, concepts are explained clearly and effectively.
trustfoundry tips – Helpful instructions and practical advice made studying straightforward.
Evergreen Bond Academy – Friendly layout and actionable lessons make topics easy to grasp.
CapitalAllianceHub – Very professional content, practical strategies that can be applied immediately.
UnitedBondCenter – Guides are straightforward and informative, very beginner-friendly.
Bonded Legacy Knowledge – Smooth navigation and concise content make exploring enjoyable.
HeritageNetworkBond – Informative and well-laid-out content, perfect for beginners today.
Bonded Strength Essentials – Everything is clearly arranged, making the guidance feel reliable.
Growth Academy Portal – Well-laid-out content and concise examples simplify understanding.
Secure Path Guide – Detailed insights that help both new learners and seasoned users.
Bond Collective Tutorials – Intuitive navigation and reliable advice help users learn efficiently.
unitystronghold.bond resources – Easy-to-follow guides and a supportive community improve navigation.
bondednexus guides – Helpful articles and friendly explanations make finding answers simple.
Alliance Bond Knowledge Base – Well-presented advice makes this a useful bookmark.