2017-01-24 1:07 GMT+03:00 Christopher Schultz <chris@xxxxxxxxxxxxxxxxxxxxxx>: > > I've got an EC2 instance behind a load balancer where TLS is being > terminated. I've arranged for two separate httpd (2.4.25) > VirtualHosts: one for the secure connections (proxied from the lb) and > another for the non-secure connections. > > I have a Redirect directive that isn't behaving as I'd like it to behave > : > > RedirectMatch permanent ^/$ /site/ > > I have the same redirect in both VirtualHosts. The redirect itself > works, but it doesn't preserve the secure-protocol when I'm using the > secure VirtualHost. > [....] > > I'm expecting httpd to redirect a request from > "https://www.example.com/"; to "https://www.example.com/site/"; but > instead I'm getting redirected to "http://www.example.com/site/";. > > Can anyone see anything wrong with my configuration? Or do I have a > misunderstanding of how RedirectMatch will built its relative URLs? If that VirtualHost is accessed only by your lb, you should look at ServerName directive. It can include a scheme. http://httpd.apache.org/docs/2.4/mod/core.html#servername [quote] Sometimes, the server runs behind a device that processes SSL, such as a reverse proxy, load balancer or SSL offload appliance. When this is the case, specify the https:// scheme and the port number to which the clients connect in the ServerName directive to make sure that the server generates the correct self-referential URLs. [/quote] (Source code: mod_alias.c/int fixup_redir(request_rec *r) http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/mappers/mod_alias.c?view=markup#l679 -> calls ap_construct_url(), declared in include/http_core.h, implemented in http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?revision=1772678&view=markup#l1194 -> calls ap_http_scheme(r), declared in include/httpd.h as #define ap_http_scheme(r) ap_run_http_scheme(r) -> It is a hook API, a method that can be implemented in a module. http://marc.info/?t=131165065300001&r=1&w=2 -> Implementation: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http/http_core.c?revision=1757669&view=markup#l113 -> Calls r->server->server_scheme ) Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|