Thanks Andre and Jorge. I combined your suggestions to
arrive at the following:
ProxyRequests Off
<Proxy balancer://clusterx>
BalancerMember http://server:8080/
</Proxy>
<VirtualHost *:80>
Redirect /securehttps://server/secure
</VirtualHost>
<VirtualHost *:443>
ProxyPass /secure balancer://clusterx/
ProxyPassReverse /secure balancer://clusterx/
ProxyPreserveHost On
</VirtualHost>
What happens is that the first mapping works fine:
http://server/seure/index.html ==> https://server/secure/index.html
But the mapping
https://server/secure/index.html ==> http://server:8080
does not work and I get a 404:
logs# cat ssl_access_log
10.xx.xx.xx - - [01/Aug/2009:12:43:43 -0700] "GET /secure/index.html
HTTP/1.1" 404 294
Why does the ProxyPass in the 443 VirtualHost not work?
How can I trace the operation of Proxypass?
Thanks for all your assistance.
/U
Jorge Schrauwen-3 wrote:
>
> If you want to go SSL here is an easier way to check for SSL
>
> RewriteEngine On
> RewriteCond %{HTTPS} !=on [NC]
> RewriteRule ^/secure(.*) https://%{SERVER_NAME}/secure$1 [R,L]
>
> You way also want to look at the P flag to proxy the request.
> http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewriteflags
> 'proxy|P' (force proxy) This flag forces the substitution part to be
> internally sent as a proxy request and immediately (rewrite processing
> stops
> here) put through the proxy
> module<http://httpd.apache.org/docs/2.2/mod/mod_proxy.html>.
> You must make sure that the substitution string is a valid URI (typically
> starting with http://*hostname*) which can be handled by the Apache proxy
> module. If not, you will get an error from the proxy module. Use this flag
> to achieve a more powerful implementation of the
> ProxyPass<http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass>directive,
> to map remote content into the namespace of the local server.
>
> Note: mod_proxy <http://httpd.apache.org/docs/2.2/mod/mod_proxy.html> must
> be enabled in order to use this flag.
> Whic is probably what you wanted from the beginning.
>
>
> Also if you go André's way, you can do a
> Redirect /secure https://yourdomain/secure
>
> that should be faster than rewrite.
>
> ~Jorge
>
>
> On Sat, Aug 1, 2009 at 12:24 PM, André Warnier <aw@xxxxxxxxxx> wrote:
>
>> /U wrote:
>>
>>> Apache: 2.2.0
>>>
>>> I need to
>>> a) require SSL on requests to /secure (i.e., http://server/secure ->
>>> https://server/secure)
>>> b) and as the second step, offload (proxy) https://server/secure to
>>> http://server:8080/secure
>>>
>>> I don't know the details, but the following may work :
>>
>> You may need is 2 <VirtualHost> sections, as follows :
>>
>> main config :
>> Listen *:80
>> Listen *:443
>>
>> ...
>> <VirtualHost *:80>
>> ...
>>
>> RewriteEngine On
>>> RewriteLog "/tmp/http.log"
>>> RewriteLogLevel 9
>>> RewriteCond %{SERVER_PORT}!443$
>>> RewriteRule ^/secure(.*) https://%{HTTP_HOST}:443/secure$1 [R=301,L]
>>>
>>> ...
>> </VirtualHost>
>>
>> <VirtualHost *:443>
>> .. your proxy stuff ..
>> </VirtualHost>
>>
>> The general idea being :
>> - the first VirtualHost acts as the default (and only) host for all
>> requests to port 80. If there is a request to /secure, it sends an
>> external
>> re-direct to the browser, re-directing it to HTTPS on port 443
>> - the second VirtualHost acts as the default (and only) host on port 443.
>> It terminates SSL and proxies the requests to your Tomcat (I suppose)
>> via
>> HTTP.
>> (Note that you could also use mod_jk or mod_proxy_ajp there, probably
>> more
>> efficiently.)
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>>
>
>
--
View this message in context: http://www.nabble.com/Forcing-URL-Rewrite-before-Proxy-pass-tp24764763p24772107.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|