Apache Reverse Proxy https to http

Question

I have an internet-accessible apache server that has SSL enabled and working. On the local network, there is another server which provides a tomcat app over http.

The apache server reverse proxies the tomcat app. When the apache server is used over http, the tomcat app is correctly proxied, but when using it over https, the tomcat server returns 404 resource not found. So is the https request not translated to http? I would prefer to do it without touching the tomcat config, since that's not my area.

This is my config:

<VirtualHost *:443> ServerName ext-service.example.com SSLEngine on SSLCertificateFile /etc/apache2/ssl.crt/mycert.crt SSLCertificateKeyFile /etc/apache2/ssl.key/mykey.key SSLCertificateChainFile /etc/apache2/ssl.crt/mybundle.crt ProxyRequests Off ProxyPreserveHost Off <Proxy *> AddDefaultCharset off Order deny,allow Allow from all </Proxy> DocumentRoot /srv/www/empty/ ProxyPass / http://int-service.example.com/ ProxyPassReverse / http://int-service.example.com/ </VirtualHost> 

Answer 1

If the tomcat is set up to use AJP I suggest you to use that.

ProxyPass / ajp://int-service.example.com:<ajp_port>/ ProxyPassReverse / ajp://int-service.example.com:<ajp_port>/ 

Answer 2

You will have to adapt the tomcat config, there is no way around it. Your apache config looks okay so far, just two things that are off when I compare it with a setup of mine:

• DocumentRoot is useless there, you can remove it since you proxy everything.
• ProxyPreserveHost should be On

The Tomcat on the other hand has to be told that there is a proxy in front of it and that it uses https instead of http.

There should be a configuration file where the connector is specified.

<Connector port="80" <!-- add these lines --> scheme="https" proxyName="ext-service.example.com" proxyPort="443" <!-- other options --> /> 

After adding these lines the Tomcat knows how the URLs should be generated.