I’m writing this down because it too me an age to figure out a way of doing this. I have a website which Tomcat is happily serving. Areas of the site require a secure connection so I’m using Spring security to require particular URLs to be accessed over HTTPS. It means that when I access http://example.org:8080/webapp/login, it’ll bump me to https://example.org:8443/webapp/login. Note: Tomcat is setup with the SSL connector and a self signed .keystore see (http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html).
I have two vhosts setup in Apache, one for the http://example.org and one for https://example.org. They are both using mod_proxy to ProxyPass and ProxyPassReverse requests to the appropriate Tomcat URL’s. The problem comes when switching to HTTPS from HTTP and vice versa. Ideally I wanted some sort of ProxyPassReverse declaration in my config for http://example.org what would change HTTP headers (that Spring sets) for https://example.org:8443/webapp into https://example.org. Except ProxyPassReverse doesn’t work like that.
Now, I realise I could simply not use Spring to manage which parts of the site should be accessed over HTTPS and which should not…and just setup Apache to redirect as appropriate. I don’t want to do that though, because that makes the task of adding these restrictions a deploy time task, rather than a development time task. I don’t want to risk someone forgetting to add new restrictions when deploying the webapp and I’d much rather the developer added these restrictions when they were working on the task and really thinking about where and when they are needed.
So, how do I solve the problem so that the app can manage its secure-ness and I can setup Apache once and forget about it? The answer is to ProxyPassReverse onto a “special” URL, which when accessed will redirect to the HTTPS (or HTTP) site. For example, if the HTTP site needed to redirect to the HTTPS site, I’d add rules like so to perform the redirect:
# Proxy a request (from the server) to switch to https onto a special URL "/2https/"
ProxyPassReverse /2https/ https://example.org:8443/webapp/
# When a client requests a URL prefixed with "/2https" map it onto the secure site
RewriteRule ^/2https/(.*)$ https://example.org/$1 [R,L]
…and you’d add something similar to the secure site Apache config. As long as I don’t mount any pages at /2http or /2https I should be ok. Note a couple of things:
- You’ll need “SSLProxyEngine on” and “RewriteEngine on” and obviously the appropriate Apache modules loaded for these commands.
- Because of the redirect between HTTP <-> HTTPS you won’t be able to POST data between them directly (I’m not sure why you’d NEED to though)
- Obviously you’ll need to setup Apache with an SSL certificate…but that is a different story
I should say a special thanks to this random site – from whence the idea actually came from. If anyone has any better ideas on how to do it I’d love to hear them. Please comment below.
PathActivator – Simple layout, exploring ideas and steps feels effortless.
FocusLoopPro – Practical content and clear layout make understanding effortless.
MomentumController – Clear instructions and smooth navigation help explore tools quickly.
DirectionNavigator – Friendly interface, exploring strategies is smooth and easy today.
Intentional Motion – Clear explanations and clean layout make learning strategies feel natural.
ActionHub – Clean, fast, and intuitive, made accomplishing tasks effortless.
MotionBoost – Clear guides and easy navigation, finding tips is smooth and fast.
IntentTrack – Clear resources and guides, site feels reliable and user-friendly.
ChicSpot – Sleek and stylish layout, discovering content feels easy today.
TrendMap – Well-presented tips with lots of visual inspiration.
VisionBuilder – Organized content and helpful steps simplify planning strategies.
ProgressPlanner – Easy navigation, site makes planning and following guides simple.
FutureLoop – Practical tips and structured guides make learning concepts effortless.
CreativeFlow – Smooth design, exploring ideas feels simple and natural.
AnchorWorks – Logical flow with clean design, keeping attention for longer is simple.
Growth Planner – Practical advice and clarity make learning efficient.
bondedcoregroup overview – The layout supports quick browsing and feels well put together.
ForgeAhead – Clear and organized content, learning and applying methods is easy.
FlowVision – Clear guides and smooth layout help understanding new strategies quickly.
StrategyHub – Very clear tips, making strategic concepts easy to follow and apply.
CircleVision – Smooth navigation and practical tips, understanding strategies is effortless.
TrendUpdate – Feels current and informative, great to follow.
MotionTrack – Clear content, site helps users grasp strategies effortlessly.
LinkLine – Well-laid pages with practical advice, exploring strategies is smooth.
CreativeFlow – Easy-to-follow design, navigating resources is quick and simple.
SkillBoost – Clear guides, learning concepts is smooth and effortless.
BondLine – Smooth design with clear instructions, exploring resources is easy and quick.
DirectionCircle – Clean design and helpful sections, makes understanding direction fast.
Momentum System – Clean interface and strong content make planning efficient.
CapitalNetwork – Friendly guidance makes learning and browsing seamless.
BondedSphere – Friendly design and clear guides, navigating content feels simple today.
InnovationSphere – Helpful guides with intuitive navigation simplify creating new ideas.
BridgeNetwork – Very user-friendly design, exploring resources is fast and intuitive.
TaskDock – Layout is intuitive, helping users quickly find what they need.
SecureBridge – Clear steps and practical tips make learning concepts effortless.
DirectionStation – Organized content, understanding steps is fast and natural.
DirectionTrack – Smooth interface, following concepts and planning steps is effortless.
CreateNest – Friendly interface with clear instructions, learning ideas feels effortless.
CoreCapital – Well-organized pages and clear guidance, navigating ideas is effortless.
FocusPath – Well-explained material and smooth navigation throughout.
strategicbonding site – Pages cover the essentials clearly without going too deep.
MomentumEdge – Clear design and practical guidance make following through simple and reliable.
StrategyNest – Intuitive layout and concise guides simplify exploring frameworks.
DesignVision – Smooth guides, exploring resources is effortless and intuitive.
BondVision – Friendly structure with clear guidance, exploring ideas is quick and easy.
IdeaForge – Helpful content, exploring ideas on the site is smooth and simple.
CapitalLink – Stepwise tips and organized layout improve site exploration.
ExecutionCompass – Easy interface, structured content makes exploring ideas fast and simple.
IgnitionFlow – User-friendly interface, learning and discovering feels quick and easy.
BrandDock – Interface is easy to navigate, helping launch campaigns quickly.