|
Dear All,
I have a web-server installed with Apache 2.2.11 (with reverse proxy enabled) and a back-end server that is running Tomcat and hosting some JSP web applications.
The external users are supposed to communicate with the JSP web applications in HTTPS via the Apache reverse proxy, which establishes a HTTP session to Tomcat.
The flow is as below:
External users à HTTPS à Apache Reverse proxy à HTTP à Tomcat (jsp web apps)
My IE browser is able to establish a HTTPS session to the web application without a problem. There is a username/password authentication form and I am able to login as well. Here’s the problem. Whenever after I logged in, the HTTPS session breaks and becomes HTTP. I can still browse around the site and do functions on HTTP session.
Is there anybody who experiences this as well? How do I keep the HTTPS going and consistent?
I have checked the processes of the authentication and logging in, where the web application will parse an action-servlet.xml file to determine the redirection URL. Is there any issue with reverse proxy doing rewrites on XML files?
Thank you.
Here is my SSL + Reverse Proxy config for Apache2:
# ================================================= # SSL/TLS settings # =================================================
NameVirtualHost 192.168.0.20:443 Listen 443
SSLProtocol -all +TLSv1 +SSLv3 SSLMutex file:/usr/local/apache2/logs/ssl_mutex
SSLRandomSeed startup file:/dev/urandom 1024 SSLRandomSeed connect file:/dev/urandom 1024
SSLSessionCache shmcb:/usr/local/apache2/logs/ssl_scache(512000) SSLSessionCache shm:/usr/local/apache2/logs/ssl_cache_shm SSLSessionCacheTimeout 600 SSLPassPhraseDialog builtin SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM SSLCryptoDevice pkcs11 SSLOptions +StrictRequire
# ================================================ # HOSTED SITES # ================================================
<VirtualHost 192.168.0.20:443> ServerAdmin admin@xxxxxxxx DocumentRoot /www/ ServerName abc.test.com ServerAlias abc.test.com Userdir disabled
SSLEngine On SSLProxyEngine On SSLCertificateFile /usr/local/apache2/conf/certs/abc.test.com.crt SSLCertificateKeyFile /usr/local/apache2/conf/certs/abc.test.com.pem
ProxyHTMLLogVerbose On LogLevel Debug ProxyRequests Off ProxyPreserveHost On ProxyHTMLExtended On
RewriteEngine on RewriteRule ^/sg/test/project$ $1/sg/test/project/ [R]
ProxyPass /sg/test/project/ http://192.168.1.60:8080/sg/test/project/ ProxyHTMLURLmap http://192.168.1.60:8080/sg/test/project/ /sg/test/project/
<Proxy *> Order Deny,Allow Allow from all </Proxy>
<Location /sg/test/project/> ProxyPassReverse / AddOutputFilter xmlns .xhtml Include /usr/local/apache2/conf/proxy_html.conf SetOutputFilter proxy-html SetEnv force-proxy-request-1.0 1 SetEnv proxy-nokeepalive 1 RequestHeader unset Accept-Encoding </Location>
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
ErrorLog logs/sg_test-error_log CustomLog logs/sg_test-access_log combined </VirtualHost>
Best Regards,
|
|