Skip to end of metadataGo to start of metadata
Aug 08, 2017 Whereas HTTPS is the secure version of HTTP, where the ‘S‘ at the end stands for ‘Secure‘. Using HTTPS, all data between your browser and the web server are encrypted thus secure. This tutorial will show you how to redirect HTTP to HTTPS on Apache HTTP server in Linux. But if you goal is to run multiple ssl enabled web applications on the same server. Adding apache in front isnt going to balance them using your above config, you would still need a load balancer or you could use apache's proxy balancer module with something like the following.
So I switched ports and below is the configuration that eventually got my reverse proxy to https into apache and http to my Nexus repo. Nexus returns a webpage with http links that break getting the content for that page but I only need the SSL for a docker daemon which won't be asking for webpages. Ports 80 (http) and 443 (https) have been forwarded from your external ip to an internal server at 10.1.1.2 which will handle the reverse proxy and SSL/TLS work using letsencrypt You have other application web servers listening on port 80 on your internal LAN at 10.1.1.11 and 10.1.1.12 but these are not accessible from outside your network.
HTTP to HTTPS
Scenario :
You want to force people coming to your site to use HTTPS. Either for the entire site or a small sub-section of it.
- Note*
Using mod_rewrite to do this isn't the recommended behavior. See RedirectSSL
Fix :
Entire site (.htaccess) :
Note: While the rules you need are the same as above (because the rule above doesn't depend on any of the quirks of rewrite in .htaccess), you will need to ensure that you place this in a .htaccess file in the root of the site you want to apply it against, and to make sure you have the appropriate AllowOverride configuration in your httpd.conf
Specific Directory
Either put the above solution in a .htaccess file in the directory to be affected, or put the URI prefix in the regex itself.
Proxy Support How-To
Table of Contents
Introduction
Using standard configurations of Tomcat, web applications can ask forthe server name and port number to which the request was directed forprocessing. When Tomcat is running standalone with theHTTP/1.1 Connector, it will generallyreport the server name specified in the request, and the port number onwhich the Connector is listening. The servlet APIcalls of interest, for this purpose, are:
Apache Http To Https Proxy Server
ServletRequest.getServerName()
: Returns the host name of the server to which the request was sent.ServletRequest.getServerPort()
: Returns the port number of the server to which the request was sent.ServletRequest.getLocalName()
: Returns the host name of the Internet Protocol (IP) interface on which the request was received.ServletRequest.getLocalPort()
: Returns the Internet Protocol (IP) port number of the interface on which the request was received.
When you are running behind a proxy server (or a web server that isconfigured to behave like a proxy server), you will sometimes prefer tomanage the values returned by these calls. In particular, you willgenerally want the port number to reflect that specified in the originalrequest, not the one on which the Connector itself islistening. You can use the proxyName
and proxyPort
attributes on the <Connector>
element to configurethese values.
Proxy support can take many forms. The following sections describeproxy configurations for several common cases.
Apache httpd Proxy Support
Apache Http To Https Proxy List
Apache httpd 1.3 and later versions support an optional module(mod_proxy
) that configures the web server to act as a proxyserver. This can be used to forward requests for a particular web applicationto a Tomcat instance, without having to configure a web connector such asmod_jk
. To accomplish this, you need to perform the followingtasks:
Configure your copy of Apache so that it includes the
mod_proxy
module. If you are building from source, the easiest way to do this is to include the--enable-module=proxy
directive on the./configure
command line.If not already added for you, make sure that you are loading the
mod_proxy
module at Apache startup time, by using the following directives in yourhttpd.conf
file:Include two directives in your
httpd.conf
file for each web application that you wish to forward to Tomcat. For example, to forward an application at context path/myapp
:which tells Apache to forward URLs of the form
http://localhost/myapp/*
to the Tomcat connector listening on port 8081.Configure your copy of Tomcat to include a special
<Connector>
element, with appropriate proxy settings, for example:which will cause servlets inside this web application to think that all proxied requests were directed to
www.mycompany.com
on port 80.It is legal to omit the
proxyName
attribute from the<Connector>
element. If you do so, the value returned byrequest.getServerName()
will by the host name on which Tomcat is running. In the example above, it would belocalhost
.If you also have a
<Connector>
listening on port 8080 (nested within the same Service element), the requests to either port will share the same set of virtual hosts and web applications.You might wish to use the IP filtering features of your operating system to restrict connections to port 8081 (in this example) to be allowed only from the server that is running Apache.
Alternatively, you can set up a series of web applications that are only available via proxying, as follows:
- Configure another
<Service>
that contains only a<Connector>
for the proxy port. - Configure appropriate Engine, Host, and Context elements for the virtual hosts and web applications accessible via proxying.
- Optionally, protect port 8081 with IP filters as described earlier.
- Configure another
When requests are proxied by Apache, the web server will be recording these requests in its access log. Therefore, you will generally want to disable any access logging performed by Tomcat itself.
Apache Http Client Https Proxy
When requests are proxied in this manner, all requestsfor the configured web applications will be processed by Tomcat (includingrequests for static content). You can improve performance by using themod_jk
web connector instead of mod_proxy
.mod_jk
can be configured so that the web server serves staticcontent that is not processed by filters or security constraints definedwithin the web application's deployment descriptor(/WEB-INF/web.xml
).