SSL ProxyPass for REST API requests


A production server uses a lot of AJAX calls and is on a different domain from the REST API server and so ProxyPass has been used successfully in httpd.conf to enable communication.

There's now a requirement to add secure login to the site. A SSL certificate has been obtained and installed and is working fine for the main site, but any API calls are failing.

ProxyPass directives are in the form:

ProxyPass    /58080/    http://(api server)
ProxyPassReverse    /58080/    http://(api server)

So API calls are being made to 'http://(production server)/58080/api/endpoint'

It seems like httpd.conf is not the place to put https redirects. Is it valid to use something like this in ssl.conf?

ProxyPass    /68080/    http://(api server)
ProxyPassReverse    /68080/    http://(api server)

Or does the API server need to be able to respond to https calls too? Right now, it cannot. If it can't, does this defeat the whole object of what is trying to be achieved -it's not secure?

Thanks for any advice,


Best Answer

After more research:

Yes I can, but it isn't secure between the production server and the API server.

The API server needs to respond on https, so the additional directives would be:

ProxyPass    /68080/    https://(api server)
ProxyPassReverse    /68080/    https://(api server)