So how do I get the https on my registration page?
Assuming that you can't update all the links (which would be the prefered method) replace the existing page with one which redirects to the https url (or change the webserver config). Obviously this won't work for anything which POSTs to the URL - you'll need to switch to https earlier.
Does https need to be used on both pages?
Technically, you don't need the page with the form to be secure to ensure that the submitted data is sent over SSL - but:
1) the redirect method above won't work - the redirect is a GET operation - and you've already sent the data over http
2) as a user I'd be rather concerned about entering my details on a non-secure page
The Apache ProxyPassRewrite does not rewrite the response bodies received from http://test.example.com, only headers (like redirects to a 404 page and such).
A number of alternatives:
One) Rewrite the internal app to use relative paths instead of absolute. i.e. ../css/style.css
instead of /css/style.css
Two) Redeploy the internal app in a the same subdirectory /folder
rather than in the root of test.example.com.
Three) One and two are often unlikely to happen... If you're lucky the internal app only uses two or three subdirectories and those are unused on your main site, simply write a bunch of ProxyPass lines:
# Expose Internal App to the internet.
ProxyPass /externalpath/ http://test.example.com/
ProxyPassReverse /externalpath/ http://test.example.com/
# Internal app uses a bunch of absolute paths.
ProxyPass /css/ http://test.example.com/css/
ProxyPassReverse /css/ http://test.example.com/css/
ProxyPass /icons/ http://test.example.com/icons/
ProxyPassReverse /icons/ http://test.example.com/icons/
Four) Create a separate subdomain for the internal app and simply reverse proxy everything:
<VirtualHost *:80>
ServerName app.example.com/
# Expose Internal App to the internet.
ProxyPass / http://test.internal.example.com/
ProxyPassReverse / http://test.internal.example.com/
</VirtualHost>
Five) Sometimes developers are completely clueless and have their applications not only generate absolute URL's but even include the hostname part in their URL's and the resulting HTML code looks like this: <img src=http://test.example.com/icons/logo.png>
.
A) You can use combo solution of a split horizon DNS and scenario 4. Both internal and external users use the test.example.com, but your internal DNS points directly to the ip-address of test.example.com's server. For external users the public record for test.example.com points to the ip-address of your public webserver www.example.com and you can then use solution 4.
B) You can actually get apache to to not only proxy requests to test.example.com, but also rewrite the response body before it will be transmitted to your users. (Normally a proxy only rewrites HTTP headers/responses). mod_substitute in apache 2.2. I haven't tested if it stacks well with mod_proxy, but maybe the following works:
<Location /folder/>
ProxyPass http://test.example.com/
ProxyPassReverse http://test.example.com/
AddOutputFilterByType SUBSTITUTE text/html
Substitute "s|test.example.com/|www.example.com/folder/|i"
</Location>
Best Answer
All content needs to be served through HTTPS to avoid warnings. What good would SSL do if an attacker could still do a MITM attack and alter say, the jquery js you are loading? They could still change everything through javascript.
So your options are:
Move/copy everything to the same domain. By moving the files, or reverse proxy, or other tricks.
Get seperate SSL certs for each domain (which also often means seperate IP addresses if they are on the same server)
Get a SAN (Subject Alternate Name) certificate. This allows you to have one cert that covers several specified domains and/or subdomains. How many domains depends on the provider and how much you pay. They can often be combined with wildcards to cover all subdomains.