Reputation: 5662
Apache, Tomcat & SSL: ProxyPass and ProxyPassReverse
I'am having troubles configuring Apache, Tomcat and SSL, this is the scenario:
I have an Apache Web Server, running and working normally (but , I can access to this one just typing:
https://example.com
Also, in this host, I have a Tomcat running and working fine in port 8080 (HTTP); I've created a mini web-app which files are inside "test" directory, I can access typing:
http://example.com:8080/test
(I know that Apache is running in 80 port and Tomcat in 8080)
What I want to do is that througt Apache an user can access to 'test' (running on Tomcat) using HTTPS, I mean:
https://example.com/test
But when I access this link appers this:
When I access using HTTP http://example/test works, but I need that be HTTPS.
I also create a file config in /etc/httpd/conf.d/vhost.conf, this is the content:
<VirtualHost *:80>
ServerName www.example.com
DocumentRoot /var/www/html
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLProxyEngine on
ProxyPass /test http://xxx.xxx.xxx.xxx:8080/test
ProxyPassReverse /test http://xxx.xxx.xxx.xxx:8080/test
</VirtualHost>
xxx.xxx.xxx.xxx is the IP of website.
When I access the website https://example.com/ (with HTTPS) I got this issue (I use the web-app in the website):
I use certificate Let's Encrypt (in the photo above).
I'm working with Apache/2.4.33 (Amazon) and Tomcat 8.5.29
Has anyone knows why or how solve this? Thanks in advance guys.
Log files:
access_log
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:29 +0000] "GET /test HTTP/1.1" 301 245 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
::1 - - [01/Jul/2018:06:42:51 +0000] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.33 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.30 (internal dummy connection)"
error_log - empty
ssl_access_log
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:29 +0000] "GET /test HTTP/1.1" 404 206
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:29 +0000] "GET /test HTTP/1.1" 404 206
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:49 +0000] "-" 408 -
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:49 +0000] "-" 408 -
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:49 +0000] "-" 408 -
yyy.yyy.yyy.yyy - - [01/Jul/2018:06:42:49 +0000] "-" 408 -
ssl_request_log
[01/Jul/2018:06:42:29 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /test HTTP/1.1" 206
[01/Jul/2018:06:42:29 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /test HTTP/1.1" 206
[01/Jul/2018:06:42:49 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "-" -
[01/Jul/2018:06:42:49 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "-" -
[01/Jul/2018:06:42:49 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "-" -
[01/Jul/2018:06:42:49 +0000] yyy.yyy.yyy.yyy TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "-" -
ssl_error_log - empty
yyy.yyy.yyy.yyy = IP of my machine
Upvotes: 1
Views: 9152
Answers (2)
Reputation: 5662
The result file /etc/httpd/conf.d/vhost.conf:
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
DocumentRoot /var/www/html
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
ServerAlias example.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLProxyEngine on
ProxyPass /test http://xxx.xxx.xxx.xxx:8080/test
ProxyPassReverse /test http://xxx.xxx.xxx.xxx:8080/test
</VirtualHost>
Upvotes: 1
Reputation: 665
There are 4 problem with the code
First: Problem with the port.Https works on port 443 and http on port 80
<VirtualHost *:443>
ServerName www.example.com
DocumentRoot /var/www/html
###Remove this redirection line to move it in separate virtual host listening to port 80
Redirect permanent / https://example.com/
SSLProxyEngine on
ProxyPass /test http://xxx.xxx.xxx.xxx:8080/test
ProxyPassReverse /test http://xxx.xxx.xxx.xxx:8080/test
</VirtualHost>
Second: Not having SSLProxyEngine on so that proxy pass and proxy reverse pass works for https connection.
Third: Remove the redirection rule of https from this virtual host to a new one.You need to create a new virtual host for port 80 in which there should be a redirect rule in which all http connections redirect to https permanently.
Redirect permanent / https://example.com/
Fourth: Also add below to all virtual host
ServerName example.com
ServerAlias www.example.com
Upvotes: 2
Related Questions
- Setup Apache2 for Tomcat
- Configure Tomcat8 behind Apache with HTTPS
- Apache & Tomcat: ProxyPass and ProxyPassReverse
- how to configure on Apache proxy (SSL conection) to Tomcat
- How to configure Apache tomcat to handle ProxyPass and ProxyPassReverse without Apache Server
- Apache https reverse proxy with Tomcat
- Configuring Apache as reverse proxy to Tomcat using https
- Configure Apache as reverse proxy and tomcat over https
- ProxyPass for https not working
- Apache ProxyPass Tomcat