I have an odd setup. It looks like this:
Browser ----------> HTTPs Proxy ------> Apache HTTP -----> Tomcat AJP
HTTPS HTTP AJP
On the HTTPS proxy (a very dumb proxy), a URL comes in looking like https: //proxy.domain.com/app. It is then tunneled to Apache using HTTP as is http: //apache.domain.com/app (passing in the host proxy.domain.com). Apache then tunnels the request locally using the AJP protocol to ajp: //localhost:8009/app/.
Sometimes the app server wants to redirect the requested path. For example, redirect /app/ to /app/webapp. So, it sends a 302 back to apache redirecting the path – probably something like ajp: //localhost:8009/app/webapp. Apache then rewrites the redirect URL to http: //proxy.domain.com/app/webapp. The HTTPS proxy is dumb, so it does not analyze the redirect and change the http to https.
So, I would like to figure out if I can configure Apache to re-write the 302 redirect URL to send the user to https.
Here is the config I have so far in Apache's https.conf:
ProxyPreserveHost on
RewriteEngine on
RewriteRule ^/app$ /app/ [PT]
ProxyPass /app ajp://localhost:8009/app
I tried using ProxyPassReverse, but haven't been able to figure out how to force it to rewrite the 302 redirect URL with https instead of http.
Any thoughts?
Best Answer
I always wrestle with a problem for hours before giving up and posting a question - only to solve my own problem minutes after posting ...
For those interested, the solution is not to use ProxyPassReverse, but rather to use the Header directive - it' let's you mess with outbound headers. In this case, I can capture the Location response header and run a regex on it to fix the URL's protocol:
Voila!
If apache complains, it might be that mod_headers is not yet enabled:
a2enmod headers