Settembre 18, 2019

Redirect url da HTTP verso HTTPS e viceversa con Apache mod_proxy

In questo articolo utilizzo la direttiva ProxyPass di Apache mod_proxy per configurare una redirection url HTTP verso un Tomcat server su cui è in esecuzione un servizio HTTPS (caso1). Nel caso di redirection inversa invece è necessario installare su Apache un certificato SSL (caso 2).

Caso 1. HTTP su Apache, HTTPS su Tomcat

giuseppe-urso-redirect-http-https-01

$ yum install mod_ssl
$ vi /etc/httpd/conf.d/virtual_hosts.conf
NameVirtualHost *:80
<VirtualHost *:80>
        ServerName mysite.com
        SSLProxyEngine On
        RequestHeader set Front-End-Https "On"
        CacheDisable *
        ProxyPass /myapp https://tomcat-host:8443/myapp
        ProxyPassReverse /myapp https://tomcat-host:8443/myapp
        RedirectMatch ^/$ http://mysite.com/myapp
</VirtualHost>

 

Caso 2. HTTPS su Apache, HTTP su Tomcat

giuseppe-urso-redirect-http-https-02

$ yum install mod_ssl openssl

$ mkdir /etc/httpd/certs
$ cd /etc/httpd/certs
$ openssl genrsa -out mysite.com.key 1024
$ openssl req -new -key mysite.com.key -out mysite.com.csr
$ openssl x509 -req -days 100000 -in mysite.com.csr -signkey mysite.com.key -out mysite.com.crt
$ vi  /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/certs/mysite.com.crt
SSLCertificateKeyFile /etc/httpd/certs/mysite.com.key

$ vi /etc/httpd/conf.d/virtual_hosts.conf
NameVirtualHost *:443
<VirtualHost *:443>
        ServerName mysite.com
        ProxyPass /myapp http://tomcat-host:8080/myapp
        ProxyPassReverse /myapp http://tomcat-host:8080/myapp
        RedirectMatch ^/$ https://mysite.com/myapp
        SSLEngine on
        SSLCertificateFile /etc/httpd/certs/mysite.com.crt
        SSLCertificateKeyFile /etc/httpd/certs/mysite.com.key
</VirtualHost>

 

Related posts

2 Comments

  1. luca

    Se si usa CacheDisable *, Apache non riparte, se lo commenti ottieni solo un’errore 500

    Proxy Error
    The proxy server could not handle the request GET /.
    Reason: Error during SSL Handshake with remote server

    Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
    Apache/2.4.29 (Win32) OpenSSL/1.0.2n PHP/7.2.11 Server at dropfile.develope Port 80

    Reply

Leave a Reply

Your email address will not be published.