How to configure mod_proxy to ProxyPass based on http vs https?

apache-2.2 mod-proxy

I have Apache Tomcat running with SSL enabled. I have Apache HTTP Server acting as a reverse proxy so my if users hit http://myserver/tomcat/ they are passed to http://myserver:8080.

ProxyPass /tomcat/ http://myserver:8080/
ProxyPassReverse /tomcat/ http://myserver:8080/

I have Apache HTTP server configured for SSL as well so when users hit https://myserver/tomcat/ they should be passed to https://myserver:8443/.

With the current ProxyPass & ProxyPassReverse configuration they are going to be redirected to the non-ssl URL. How can I setup the proxy pass so that it redirects to different protocol and port based on the incoming request?

That is, if someone comes in via HTTPS how can I redirect them to my tomcat @ https://myserver:8443?

Update:

@mike-insch

I tried:

NameVirtualHost *:443

<VirtualHost *:80>
    ProxyPass /tomcat/ http://myserver:8080/
    ProxyPassReverse /tomcat/ http://myserver:8080/
</VirtualHost>

<VirtualHost *:443>
    ProxyPass /tomcat/ https://myserver:8443/
    ProxyPassReverse /tomcat/ https://myserver:8443/
</VirtualHost>

Now when I visit: https://myserver/tomcat/ I get "page not found". In the error log I see "File does not exist: /var/apache2/htdocs/tomcat"

Which is correct, but I expected the request to be routed to tomcat running at https://myserver:8443/.

Guess I need to look more at the virtual hosts, unless something looks glaringly wrong.


Solution 1:

You need to do this via two independent <VirtualHost *:X> directives. Your HTTP directives go inside <VirtualHost *:80> while your HTTPS directives go inside <VirtualHost *:443>. Adjust as required if your server has multiple Address Based or Name Based virtual hosts configured. See the Apache 2 documentation for full details.

Solution 2:

For completeness: if it's an option, it's a good idea to terminate SSL at Apache, rather than having Tomcat handle it as well. Providing Tomcat is only accessible from Apache this is simpler and no less secure.

In this setup, Apache would proxy HTTP and HTTPS to http://myserver:8080/:

NameVirtualHost *:443

<VirtualHost *:80>
    ProxyPass /tomcat/ http://myserver:8080/
    ProxyPassReverse /tomcat/ http://myserver:8080/
</VirtualHost>

<VirtualHost *:443>
    ProxyPass /tomcat/ http://myserver:8080/
    ProxyPassReverse /tomcat/ http://myserver:8080/
</VirtualHost>

Related

Advantages of Using Nginx or HA Proxy as Load Balancer
Why does Cisco IOS require domain-name to be set before SSH keys can be generated?
Jenkins CI - Cannot allocate memory
nginx: how do I track down a random 500 from nginx (not my application). Potentially has something to do with load?
ip route add - RTNETLINK answers: File exists
Can someone explain the "use-cases" for the default munin graphs?
How can I download Maven artifacts in chef?
Apache restart needed for PHP to re-read php.ini?
Why doesn't Linode ever have to shut down for updates?
SSH - cannot start sftp-server when trying to force internal sftp
Vagrant (Virtualbox) host-only multiple node networking issue
Apache prefork optimization - Choosing the right `MaxRequestsPerChild` value