How to switch to/from HTTPS using Apache as a proxy to Tomcat

I’m writing this down because it too me an age to figure out a way of doing this. I have a website which Tomcat is happily serving. Areas of the site require a secure connection so I’m using Spring security to require particular URLs to be accessed over HTTPS. It means that when I access http://example.org:8080/webapp/login, it’ll bump me to https://example.org:8443/webapp/login. Note: Tomcat is setup with the SSL connector and a self signed .keystore see (http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html).

I have two vhosts setup in Apache, one for the http://example.org and one for https://example.org. They are both using mod_proxy to ProxyPass and ProxyPassReverse requests to the appropriate Tomcat URL’s. The problem comes when switching to HTTPS from HTTP and vice versa. Ideally I wanted some sort of ProxyPassReverse declaration in my config for http://example.org what would change HTTP headers (that Spring sets) for https://example.org:8443/webapp into https://example.org. Except ProxyPassReverse doesn’t work like that.

Now, I realise I could simply not use Spring to manage which parts of the site should be accessed over HTTPS and which should not…and just setup Apache to redirect as appropriate. I don’t want to do that though, because that makes the task of adding these restrictions a deploy time task, rather than a development time task. I don’t want to risk someone forgetting to add new restrictions when deploying the webapp and I’d much rather the developer added these restrictions when they were working on the task and really thinking about where and when they are needed.

So, how do I solve the problem so that the app can manage its secure-ness and I can setup Apache once and forget about it? The answer is to ProxyPassReverse onto a “special” URL, which when accessed will redirect to the HTTPS (or HTTP) site. For example, if the HTTP site needed to redirect to the HTTPS site, I’d add rules like so to perform the redirect:

    # Proxy a request (from the server) to switch to https onto a special URL "/2https/"
    ProxyPassReverse /2https/ https://example.org:8443/webapp/

    # When a client requests a URL prefixed with "/2https" map it onto the secure site
    RewriteRule ^/2https/(.*)$ https://example.org/$1 [R,L]

…and you’d add something similar to the secure site Apache config. As long as I don’t mount any pages at /2http or /2https I should be ok. Note a couple of things:

You’ll need “SSLProxyEngine on” and “RewriteEngine on” and obviously the appropriate Apache modules loaded for these commands.
Because of the redirect between HTTP <-> HTTPS you won’t be able to POST data between them directly (I’m not sure why you’d NEED to though)
Obviously you’ll need to setup Apache with an SSL certificate…but that is a different story

I should say a special thanks to this random site – from whence the idea actually came from. If anyone has any better ideas on how to do it I’d love to hear them. Please comment below.

12,676 thoughts on “How to switch to/from HTTPS using Apache as a proxy to Tomcat”

Зацепил раздел про Будущее чемпионов: детские футбольные академии.

Вот, делюсь ссылкой:

https://familytottenham.ru

Pretty section of content. I just stumbled upon your website and in accession capital to assert that I acquire in fact enjoyed account your blog posts.

Anyway I’ll be subscribing to your augment and even I achievement you
access consistently quickly.

wettanbieter ohne limit

Visit my web page; wette quote Berechnen

Fui tentar a sorte depois do almoço e bateu Jackpot no Caishen Wins. um carro zero pro bolso. O coração quase parou.

konsantrik kas?lma nedir hakk?ndaki makaleyi gercekten begendim. Kendiniz gorun: https://sportmodu.com/articles/konsantrik-kasilma-tanim-onemi/

“t box yagmurluk” konusu icin cok faydal? bir yaz? buldum. Kendiniz gorun: https://fittutkusu.com/articles/t-box-yagmurluk-spor-giyimde-islevsellik-siklik/

sieg platz wette pferderennen

Also visit my web blog: basketball-wetten.com

wedden promotiecodees 2026

Also visit my web page … Basketball-wetten.com

southwell cheltenham Gold Cup betting offers today

promo wedden Nederland

My homepage sportcompetities e-wedden (Russ)

Quem acreditou no Lucky Neko depois do almoço se deu bem. Eu garanti cemzão!

Acabou de bater! R$ 500 no Touro.

Avisa lá que o Mahjong liberou o Carta de 50x. Já tirei 5 mil conto ontem à noite.

I have observed that in video cameras, special receptors help to {focus|concentrate|maintain focus|target|a**** automatically. The sensors of some digital cameras change in in the area of contrast, while others use a beam involving infra-red (IR) light, particularly in low light. Higher spec cameras oftentimes use a mixture of both methods and probably have Face Priority AF where the video camera can ‘See’ any face while keeping your focus only upon that. Thanks for sharing your ideas on this blog site.

laminat parke doseme puf noktalar? hakk?ndaki makaleyi tavsiye ederim. Kendiniz gorun: https://kendihobim.com/articles/laminat-parke-doseme-puf-noktalari/

You made some good points there. I checked on the internet to
find out more about the issue and found most people will go along with
your views on this web site.

fantastic publish, very informative. I ponder why the opposite
specialists of this sector do not realize this. You should
proceed your writing. I’m confident, you’ve a
great readers’ base already!