How to configure mod_proxy to ProxyPass based on http vs https?

I have Apache Tomcat running with SSL enabled. I have Apache HTTP Server acting as a reverse proxy so my if users hit http://myserver/tomcat/ they are passed to http://myserver:8080.

ProxyPass /tomcat/ http://myserver:8080/
ProxyPassReverse /tomcat/ http://myserver:8080/

I have Apache HTTP server configured for SSL as well so when users hit https://myserver/tomcat/ they should be passed to https://myserver:8443/.

With the current ProxyPass & ProxyPassReverse configuration they are going to be redirected to the non-ssl URL. How can I setup the proxy pass so that it redirects to different protocol and port based on the incoming request?

That is, if someone comes in via HTTPS how can I redirect them to my tomcat @ https://myserver:8443?


Update:

@mike-insch

I tried:

NameVirtualHost *:443

<VirtualHost *:80>
    ProxyPass /tomcat/ http://myserver:8080/
    ProxyPassReverse /tomcat/ http://myserver:8080/
</VirtualHost>

<VirtualHost *:443>
    ProxyPass /tomcat/ https://myserver:8443/
    ProxyPassReverse /tomcat/ https://myserver:8443/
</VirtualHost>

Now when I visit: https://myserver/tomcat/ I get "page not found". In the error log I see "File does not exist: /var/apache2/htdocs/tomcat"

Which is correct, but I expected the request to be routed to tomcat running at https://myserver:8443/.

Guess I need to look more at the virtual hosts, unless something looks glaringly wrong.


Solution 1:

You need to do this via two independent <VirtualHost *:X> directives. Your HTTP directives go inside <VirtualHost *:80> while your HTTPS directives go inside <VirtualHost *:443>. Adjust as required if your server has multiple Address Based or Name Based virtual hosts configured. See the Apache 2 documentation for full details.

Solution 2:

For completeness: if it's an option, it's a good idea to terminate SSL at Apache, rather than having Tomcat handle it as well. Providing Tomcat is only accessible from Apache this is simpler and no less secure.

In this setup, Apache would proxy HTTP and HTTPS to http://myserver:8080/:

NameVirtualHost *:443

<VirtualHost *:80>
    ProxyPass /tomcat/ http://myserver:8080/
    ProxyPassReverse /tomcat/ http://myserver:8080/
</VirtualHost>

<VirtualHost *:443>
    ProxyPass /tomcat/ http://myserver:8080/
    ProxyPassReverse /tomcat/ http://myserver:8080/
</VirtualHost>