I have an Apache 2.4 server on Windows 2008 that has been working great as a reverse proxy. It is serving content from a LifeRay 6.0 installation running on Glassfish 3.0. Originally, when we implemented an https permanent redirect we could no longer log into LifeRay but that has been solved, I think, at this point. Once we log into Liferay, the connection is secure, but it is still possible to change the https to http and the page will display as an http connection without reverting back to https. Also, the initial connection to the site can use http and the if the user doesn't log in, the site will continue to use an http connection. Again, I though the redirect permanent would force all http traffic to be https.
Apache is providing the SSL connection to users and the proxypass directives connect to LifeRay on an insecure port, which isn't an issue because the internal connection is virtual and not accessible from the Internet. So, I though I had the configuration nailed down on this but I must be missing something because I seem to be able to access the site with http when I thought the permanent redirect would prevent that. Should ProxyPassReverse be https rather than http? Here is the configuration:
TEST SERVER
<VirtualHost *:443>
ServerName test.myexternalserver.org
#
ProxyPreserveHost On
SetEnv proxy-sendchunked
SSLEngine on
ProxyPass / http://192.168.80.196:8080/
ProxyPassReverse / http://192.168.80.196:8080/
</VirtualHost>
<VirtualHost *:80>
ServerName test.myexternalserver.org
ProxyPreserveHost On
SetEnv proxy-sendchunked
Redirect permanent / https://test.myexternalserver.org/
ProxyPass / http://192.168.80.196:8080/
ProxyPassReverse / http://192.168.80.196:8080/
</VirtualHost>
Best Answer
From what I've read this morning, the modules are executed in a set order. (The order seems to be determined by the module's code at compile-time.) Based on your question here, it sounds like
mod_proxy(forProxyPass& co.) is executed beforemod_alias(forRedirect).To get the expected behaviour, you can remove all the references to the proxy from your port-80 virtual host. We have may VHosts that look very much like this in production, and they work just fine.