Apache SSLProxyEngine

mod-proxy

I have to configure a reverse proxy to redirect the HTTPs Request to another host which is also running HTTPs,,,But I get stuck

Here is the virtualhost configuration on my Apache as the reverse Proxy

<VirtualHost *:80>
        ServerAdmin admin@mydomain.com
        ServerName mail.mydomain.com

RewriteEngine   on
RewriteCond     %{SERVER_PORT} ^80$
RewriteRule     ^(.*)$ https://%{SERVER_NAME}$1 [L,R]

SSLProxyEngine on

<Proxy "*">
        Order allow,deny
        Allow from all
</Proxy>

   ProxyPass / https://192.168.1.6/webmail/
   ProxyPassReverse / https://192.168.1.6/webmail/

    ErrorLog /var/log/apache2/webmail_log
    CustomLog /var/log/apache2/webmail-access_log combined
</VirtualHost>

On my browser I use this address http://mail.mydomain.com

But it only redirect the request to the HTTPs at the reverse proxy server not the HTTPs at the mail host.

Thanks folks

Best Answer

I haven't set up a https reverse proxy yet but I'm about to do it right now

as far as I can tell your proxy definition is in the wrong place.

Your RewriteRule redirects you away from your http virtual host to your https virtual host, so there's the place where the proxy config has to go.

EDIT: basically I meant this:

remove the proxy from the vhost on port 80

<VirtualHost *:80>
        ServerAdmin admin@mydomain.com
        ServerName mail.mydomain.com

        RewriteEngine   on
        RewriteCond     %{SERVER_PORT} ^80$
        RewriteRule     ^(.*)$ https://%{SERVER_NAME}$1 [L,R]



        ErrorLog /var/log/apache2/webmail_log
        CustomLog /var/log/apache2/webmail-access_log combined
</VirtualHost>

and add it to the vhost listening on port 443 (https)

<VirtualHost *:443>

... other vhost config ....

        SSLProxyEngine on

        <Proxy "*">
                Order allow,deny
                Allow from all
        </Proxy>

        ProxyPass / https://192.168.1.6/webmail/
        ProxyPassReverse / https://192.168.1.6/webmail/
</VirtualHost>

I haven't tested this exact setup but I think it should work like this...

Related Solutions

Mod_Rewrite Apache ProxyPass

If Apache can't find a VirtualHost with a matching ServerName or ServerAlias, it uses the first VirtualHost found in the config file as a default. With the configuration above, I think that for example "www.newsite.com" would end up being handled by the oldsite.com VirtualHost.

Have you tried adding a ServerAlias line to each of the two main VirtualHosts - i.e.

<VirtualHost *>
    ServerName oldsite.com
    ServerAlias *.oldsite.com
    ...
</VirtualHost>
<VirtualHost *>
    ServerName newsite.com
    ServerAlias *.newsite.com
    ...
</VirtualHost>

Tomcat – mod_proxy incorrect redirect behaviour

Switching from mod_proxy_ajp to mod_proxy_http seems to resolve this problem.

ProxyPass /servlet/ http://localhost:8080/
ProxyPassReverse /servlet/ http://localhost:8080/

Unfortunately this has the side effect of not passing along the ip address of the remote connection. Another alternative is to add a rewrite rule to match the url with the missing slash at the end:

RewriteCond %{REQUEST_URI} ^/servlet/[^/]+$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}/ [R=301,L]

Best Answer

Related Solutions

Mod_Rewrite Apache ProxyPass

Tomcat – mod_proxy incorrect redirect behaviour

Related Topic