10

I have Apache Tomcat running with SSL enabled. I have Apache HTTP Server acting as a reverse proxy so my if users hit http://myserver/tomcat/ they are passed to http://myserver:8080.

ProxyPass /tomcat/ http://myserver:8080/ ProxyPassReverse /tomcat/ http://myserver:8080/

I have Apache HTTP server configured for SSL as well so when users hit https://myserver/tomcat/ they should be passed to https://myserver:8443/.

With the current ProxyPass & ProxyPassReverse configuration they are going to be redirected to the non-ssl URL. How can I setup the proxy pass so that it redirects to different protocol and port based on the incoming request?

That is, if someone comes in via HTTPS how can I redirect them to my tomcat @ https://myserver:8443?

Update:

@mike-insch

I tried:

NameVirtualHost *:443 <VirtualHost *:80> ProxyPass /tomcat/ http://myserver:8080/ ProxyPassReverse /tomcat/ http://myserver:8080/ </VirtualHost> <VirtualHost *:443> ProxyPass /tomcat/ https://myserver:8443/ ProxyPassReverse /tomcat/ https://myserver:8443/ </VirtualHost>

Now when I visit: https://myserver/tomcat/ I get "page not found". In the error log I see "File does not exist: /var/apache2/htdocs/tomcat"

Which is correct, but I expected the request to be routed to tomcat running at https://myserver:8443/.

Guess I need to look more at the virtual hosts, unless something looks glaringly wrong.

Improve this question
1
  • I don't think you need the NameVirtualHost directive here. Also, you'll need to add the appropriate directives to enable SSL inside your <VirtualHost *:443> section. Commented Jul 19, 2011 at 19:44

2 Answers 2

Reset to default
5

You need to do this via two independent <VirtualHost *:X> directives. Your HTTP directives go inside <VirtualHost *:80> while your HTTPS directives go inside <VirtualHost *:443>. Adjust as required if your server has multiple Address Based or Name Based virtual hosts configured. See the Apache 2 documentation for full details.

Improve this answer
2
  • So I've added the following: NameVirtualHost *:443 Commented Jul 19, 2011 at 16:51
  • 3
    Don't forget to add the SSLProxyEngine on directive Commented Mar 9, 2012 at 15:24
6

For completeness: if it's an option, it's a good idea to terminate SSL at Apache, rather than having Tomcat handle it as well. Providing Tomcat is only accessible from Apache this is simpler and no less secure.

In this setup, Apache would proxy HTTP and HTTPS to http://myserver:8080/:

NameVirtualHost *:443 <VirtualHost *:80> ProxyPass /tomcat/ http://myserver:8080/ ProxyPassReverse /tomcat/ http://myserver:8080/ </VirtualHost> <VirtualHost *:443> ProxyPass /tomcat/ http://myserver:8080/ ProxyPassReverse /tomcat/ http://myserver:8080/ </VirtualHost>
Improve this answer
1
  • 1
    If doing this, you don't need to repeat the proxy directives in both VirtualHosts. You can just pull them out to the server context. Commented Sep 3, 2013 at 15:20

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.