Apache reverse proxy jumps back to insecure protocol after redirect

redirect https apache-2.2 tomcat6

If sendRedirect uses a relative path, Tomcat will add absolute elements including scheme (http/https) and servername.

Scheme will default to http unless you override it. The servername will come from the host header which you've carefully passed already.

I had the same problem and used a new Tomcat connector (along side the existing one) on a separate port which overrides the scheme and sets the port for good measure:

<Connector port="8443" protocol="HTTP/1.1" URIEncoding="UTF-8"
                    connectionTimeout="20000"
                    scheme="https" proxyPort="443"/>

Then in Apache, the SSL virtual host has:

ProxyPass / http://<tomcat_server>:8443/

The plain HTTP virtual host continues to use the existing Connector port (8080)

Alternatively, you could hard code the redirect location when calling sendRedirect() but this is obviously inflexible.

Related

Can I use a subnet mask to limit the number of users on a router?
creating client certificates
OpenLDAP Chain not found
Why don't DNS root servers answer?
Trying to confirm is php7.0-fpm is working with apache on Ubuntu 16.04
Finding all network addresses associated with a given hostname
NGINX sub domain proxy pass
Comparison between performance of block layout, file layout and object layout of pNFS [duplicate]
Firewalld: How to whitelist just two IP-addresses, not on the same subnet
Rebuilding Raid-arrays
How to install packages from source code with Puppet?
When to use asObservable() in rxjs?