Ssl – HTTPS reverse proxy using apache

I am using this apache configuration to set up a reverse proxy to a process running on the same machine, on port 8443,

<Directory "/var/www/html">
   Options +FollowSymLinks
   RewriteEngine On
   RewriteCond %{HTTPS} off 
   RewriteRule ^(.*) https://%{HTTP_HOST}/$1
</Directory>

<IfModule mod_proxy.c>

ProxyRequests Off

<Proxy *>
   Order deny,allow
   Allow from all
</Proxy>

SSLProxyEngine On
ProxyPass / https://127.0.0.1:8443/
ProxyPassReverse / https://127.0.0.1:8443/

</IfModule>

The process running on 8443 already has HTTPS / SSL certificate set up. Is this a valid / good configuration or can I do it better?

I noticed that currently even http:// will proxy to https:// without the rewrite kicking in. I think this might compromise SSL? I'd rather have only 443 proxy to 8443 and just use a URL rewrite to rewrite the http:// requests to https:// requests. Is that possible using apache?

Thanks.

EDIT – Here is the virtual host information as requested,

VirtualHost Configuration: 
wildcard NameVirtualHosts and _default_ servers:
_default_:443       127.0.0.1 (/etc/httpd/conf.d/ssl.conf:74)
Syntax OK

Best Answer

To get the HTTP requests to redirect instead of proxying, you should do two things:

Move your proxying config (SSLProxyEngine through ProxyPassReverse into the SSL virtual host in /etc/httpd/conf.d/ssl.conf, so that it'll only apply there

Create an HTTP virtual host which will redirect - probably in a new .conf file in /etc/httpd/conf.d:

<VirtualHost *:80>
  ServerName redirect
  RewriteEngine On
  RewriteRule ^(.*) https://%{HTTP_HOST}/$1
</VirtualHost>

Best Answer

Related Solutions

Ssl – When Using Reverse Proxy, Backend Server Does 301 Back to The Proxy Server or Changes URL

How to configure apache to basic authentication or allow when ntlm while proxying

Related Topic