Apache ReverseProxyPass redrects to http rather than https

apache-2.2httpsmod-proxyreverse-proxy

I have a reverse proxy setup using apache mod_proxy:

<VirtualHost *:443>
   ServerName reverse.server.com  
   ProxyPass / http://10.1.9.11:3000/
   ProxyPassReverse / http://10.1.9.11:3000/
   ProxyPreserveHost on
   ...snip ssl stuff...
</VirtualHost>

This works fine most of the time. The problem is when the internal server does a redirect. While the proxypassreverse should catch the location, and it seems to, it redirects to http://reverse.server.com rather than to https://reverse.server.com. So it is half working, the address changes correctly, but the protocol stays as the internal server.

I am not clear on why it is doing this, as the proxied connection is SSL – any ideas?

Best Answer

ProxyPassReverse can not fix this kind of redirections. There are 2 ways to solve the problem:

Use HTTPS for the internal site. e.g. ProxyPass / https:... and ProxyPassReverse / https: (actually the last one is not required in your case).
Use mod_headers in the reverse proxy: Header edit Location ^http: https:
Use mod_rewrite in the reverse proxy to change the redirection.

Related Solutions

How to configure Apache to use HTTPS for external access but HTTP for internal access

I'm going to make the assumption that you do accept HTTP connections for the public, but you do a standard HTTP redirect to force them to HTTPS.

If this is the case, then you can alter your HTTP directives to not redirect if you are part of the internal network.

To do this, you want to use Apache's mod_rewrite and filter on REMOTE_ADDR. Essentially, you want to redirect everything that does not match your network.

The other option, and probably the safer one, is to just have your internal users use a different service address than the public one. Have them connect to myservice.mydomain.local instead of myservice.mydomain.com.

Apache ProxyPassReverse and https

This used to work for me

<VirtualHost *:443>                                                                                                                                                                        
 ServerName domaine.com
 SSLProxyEngine on                                                                                                                                                                          
 <Location />                                                                                                                                                                               
 ProxyPass https://www.something.com/                                                                                                                                                           
 ProxyPassReverse https://www.something.com/                                                                                                                                                    
 </Location>                                                                                                                                                                                
</VirtualHost>

Best Answer

Related Solutions

How to configure Apache to use HTTPS for external access but HTTP for internal access

Apache ProxyPassReverse and https

Related Topic