Apache reverse proxy with HTTPS does not redirect to internal website

apache-2.4httpsreverse-proxy

We have installed MyCollab which is a web-based project management system, unfortunately it does not support HTTPS. They say here that the system does not support HTTPS but you can use Apache reverse proxy to redirect https to the internal website.

Now here is my httpd.conf

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ProxyRequests Off

<VirtualHost *:443>
        SSLEngine On
        SSLCertificateFile /root/mysitename.crt
        SSLCertificateKeyFile /root/mysitename.key

        ProxyPreserveHost On
        ProxyPass / http://server-ip:9000/
        ProxyPassReverse / http://server-ip:9000/
        ServerName localhost
        RewriteEngine On
</VirtualHost>

The application is running on port 9000. What happens is, requesting the server IP with HTTPS works fine but it does not redirect me to the internal website, instead it shows the Apache test web page. What am I missing here?

The server has Scientific Linux 7.3 with Apache 2.4.6

Best Answer

If no ServerName or ServerAlias matches the request, the first <VirtualHost *:443> virtual host configuration loaded will be the default. You either have another <VirtualHost *:443> that actually matches the server IP address or one that comes first in the configuration. That might be directly in your httpd.conf or as an include.

On Scientific Linux the configuration file is /etc/httpd/conf/httpd.conf. Additional configurations are stored in the /etc/httpd/conf.d/ directory. Probably this directory is included somewhere before your VirtualHost configuration.

Related Solutions

Ssl – When Using Reverse Proxy, Backend Server Does 301 Back to The Proxy Server or Changes URL

I have done that by the following code. You can try it...

    ProxyPreserveHost On
    <Proxy *>
            AddDefaultCharset off
            Order deny,allow
            Deny from all
          Allow from all
    </Proxy>

            ProxyPass /google http://www.google.com/
            ProxyHTMLURLMap http://www.google.com /google

    <Location /google>
            ProxyPassReverse /
            ProxyHTMLInterp On
            ProxyHTMLURLMap  /      /google
            RequestHeader    unset  Accept-Encoding
    </Location>

Squid reverse proxy redirect / rewrite HTTP to HTTPS

One way is to get the origin server to do the redirect, but it seems more efficient to get Squid to do it. There are a couple of approaches, but using deny_info seems the easiest.

In the squid.conf configuration file:

acl PORT80 myport 80
acl MYSITE dstdomain foo.server.com
http_access deny PORT80 MYSITE
deny_info 301:https://foo.server.com%R MYSITE

At first glance, the http_access statement just denies access to the HTTP version of your site. However due to the deny_info statement Squid will redirect users to an alternative site (in this case the HTTPS version) rather than simply giving an access-denied message.

The %R tag causes the request URL path to be included in the redirect, so that if users try to visit http://foo.server.com/bar then they'll get directed to https://foo.server.com/bar, rather than just https://foo.server.com.

The full list of URL format tags is available in the Squid documentation: http://www.squid-cache.org/Doc/config/deny_info/

The order of the acl statements is important because Squid only remembers the last http_access deny and looks for the deny_info to match that acl.

Best Answer

Related Solutions

Ssl – When Using Reverse Proxy, Backend Server Does 301 Back to The Proxy Server or Changes URL

Squid reverse proxy redirect / rewrite HTTP to HTTPS

Related Topic