Apache, Tomcat & SSL: ProxyPass and ProxyPassReverse
Multi tool use
Apache, Tomcat & SSL: ProxyPass and ProxyPassReverse
I'am having troubles configuring Apache, Tomcat and SSL, this is the scenario:
I have an Apache Web Server, running and working normally (but , I can access to this one just typing:
https://example.com
Also, in this host, I have a Tomcat running and working fine in port 8080 (HTTP); I've created a mini web-app which files are inside "test" directory, I can access typing:
http://example.com:8080/test
(I know that Apache is running in 80 port and Tomcat in 8080)
What I want to do is that througt Apache an user can access to 'test' (running on Tomcat) using HTTPS, I mean:
https://example.com/test
But when I access this link appers this:
When I access using HTTP http://example/test works, but I need that be HTTPS.
http://example/test
I also create a file config in /etc/httpd/conf.d/vhost.conf, this is the content:
/etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
ServerName www.example.com
DocumentRoot /var/www/html
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLProxyEngine on
ProxyPass /test http://xxx.xxx.xxx.xxx:8080/test
ProxyPassReverse /test http://xxx.xxx.xxx.xxx:8080/test
</VirtualHost>
xxx.xxx.xxx.xxx is the IP of website.
When I access the website https://example.com/ (with HTTPS) I got this issue (I use the web-app in the website):
https://example.com/
I use certificate Let's Encrypt (in the photo above).
I'm working with Apache/2.4.33 (Amazon) and Tomcat 8.5.29
Has anyone knows why or how solve this? Thanks in advance guys.
Log files:
access_log
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:29 +0000] "GET /test HTTP/1.1" 301 245 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
::1 - - [01/Jul/2018:06:42:51 +0000] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.33 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.30 (internal dummy connection)"
error_log - empty
ssl_access_log
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:29 +0000] "GET /test HTTP/1.1" 404 206
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:29 +0000] "GET /test HTTP/1.1" 404 206
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:49 +0000] "-" 408 -
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:49 +0000] "-" 408 -
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:49 +0000] "-" 408 -
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:49 +0000] "-" 408 -
ssl_request_log
[01/Jul/2018:06:42:29 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /test HTTP/1.1" 206
[01/Jul/2018:06:42:29 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /test HTTP/1.1" 206
[01/Jul/2018:06:42:49 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "-" -
[01/Jul/2018:06:42:49 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "-" -
[01/Jul/2018:06:42:49 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "-" -
[01/Jul/2018:06:42:49 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "-" -
ssl_error_log - empty
yyy.yyy.yyy.yyy = IP of my machine
Add
ServerAlias example.com to both Virtual Host.– Dusan Bajic
Jul 1 at 6:42
ServerAlias example.com
2 Answers
2
There are 4 problem with the code
First: Problem with the port.Https works on port 443 and http on port 80
port 443
port 80
<VirtualHost *:443>
ServerName www.example.com
DocumentRoot /var/www/html
###Remove this redirection line to move it in separate virtual host listening to port 80
Redirect permanent / https://example.com/
SSLProxyEngine on
ProxyPass /test http://xxx.xxx.xxx.xxx:8080/test
ProxyPassReverse /test http://xxx.xxx.xxx.xxx:8080/test
</VirtualHost>
Second: Not having SSLProxyEngine on so that proxy pass and proxy reverse pass works for https connection.
SSLProxyEngine on
Third: Remove the redirection rule of https from this virtual host to a new one.You need to create a new virtual host for port 80 in which there should be a redirect rule in which all http connections redirect to https permanently.
Redirect permanent / https://example.com/
Fourth: Also add below to all virtual host
ServerName example.com
ServerAlias www.example.com
First of all thank you very much for the answer. However it worked partially, I changed the file:
/etc/httpd/conf.d/vhost.conf as you commented (I updated it in my question) I solved the HTTPS problem on page: https://example.com/ but the site https://example.com/test continues with the 'Not Found'– Cava
Jul 1 at 6:11
/etc/httpd/conf.d/vhost.conf
https://example.com/
https://example.com/test
Did you removed the redirect permanent line from 443 port virtual host?
– Ankit Rastogi
Jul 1 at 6:20
Yes, I did. See my
vhost.conf on my question, maybe help you.– Cava
Jul 1 at 6:25
vhost.conf
From the access log of Apache you can identify from where "not found" is coming.Is it from the tomcat or Apache?Also check error.log too
– Ankit Rastogi
Jul 1 at 6:31
The result file /etc/httpd/conf.d/vhost.conf:
/etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
DocumentRoot /var/www/html
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
ServerAlias example.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLProxyEngine on
ProxyPass /test http://xxx.xxx.xxx.xxx:8080/test
ProxyPassReverse /test http://xxx.xxx.xxx.xxx:8080/test
</VirtualHost>
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.
there are three issues with the code which I have answered below.Have a look over them.
– Ankit Rastogi
Jul 1 at 4:47