How to use a virtual host to redirect https subfolders to different ports in apache

apache-2.4httpsreverse-proxyvirtualhost

I have a web service running on port 8112 and I can redirect a subdomain eg http://myapp.mydomain.com to 127.0.0.1:8112 using a virtual host by setting the ServerAlias, proxypass and proxypassreverse parameters.

I acheive this with the virtual host outlined below:

<VirtualHost *:80>
  ServerName mydomain.com
  ServerAlias myapp.mydomain.com myapp
  ProxyRequests off
  ProxyPass / http://127.0.0.1:8112/
  ProxyPassReverse / http://127.0.0.1:8112/
  ProxyPassReverseCookieDomain 127.0.0.1 %{HTTP:Host}
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>
</VirtualHost>

However, I would like to use https and set a subfolder to be redirected to it instead. ie I would like to be able to expose
https://secure.mydomain.com/myapp

I dont want to redirect an https subdomain because I want to do this for several different services I'm running at the same ip and I only have certs for one secure subdomain.

I'm guessing some kind of rewrite? but it's too different from a starting point of the proxypass method for me to figure out. I looked at these examples but none seemed to apply.

My ssl certs are all good and my ssl virtual host is happily pointing at a root directory with a hello world in it but I cant figure out what to add to get my subfolders to redirect to services running on different ports the way I can with subdomains over http

Best Answer

This did it:

<VirtualHost *:443>
    ServerName mydomain.com
    ServerAlias secure.mydomain.com
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    SSLEngine on
    SSLProxyEngine On
    SSLCertificateFile    /etc/apache2/ssl/server.crt
    SSLCertificateKeyFile /etc/apache2/ssl/server.key
    SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
    SSLCACertificateFile /etc/apache2/ssl/ca.pem

    ProxyRequests Off
    ProxyPreserveHost On

    ProxyPass /myapp/ http://127.0.0.1:8112/
    <Location /myapp/>
      ProxyPassReverse /
      ProxyPassReverseCookiePath / /myapp/
        #Some web services may or may not require an additional specific header variable
        # or additional internal configuration settings when located at a subfolder
        #In my case for example myapp specifically required a header variable to be set
        # with the new subfolder base as follows
        RequestHeader set X-myapp-Base "/myapp/"
      Order allow,deny
      Allow from all
    </Location>
</VirtualHost>

In this solution the web service will react as though it's responding on http and the apache reverse proxy will handle the ssl so that the service will appear as https to the user.

This may break some services or websites that are http/https aware. Wordpress for example would require the X-forwarded-for variable to be added to the header in a similar way to the example above.

Related Topic