Reputation: 1598
Spring boot - Spring security behind Apache reverse proxy
I have 3 spring-boot apps :
- front (angular wrapped in springboot) on :8084
- resource (spring boot) on :8082
- authentication (spring-boot spring security) on :8081.
Here my Vhost :
<VirtualHost *:80>
ServerName www.website.com
Redirect / https://www.website.com/
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.website.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine on
ServerName www.website.com
ProxyPass /auth https://127.0.0.1:8081
ProxyPassReverse /auth https://127.0.0.1:8081
ProxyPass /api https://127.0.0.1:8082
ProxyPassReverse /api https://127.0.0.1:8082
ProxyPass / https://127.0.0.1:8084/
ProxyPassReverse / https://127.0.0.1:8084/
SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
This is working and when https://www.website.com/auth/oauth/authorize endpoint is called, I'm redirected on https://www.website.com/auth/login and I see my login form.
Problem is resources like jquery or css are not loaded cause it tries to reach them through URL https://www.website.com/resources/jquery.min.js (although it should be https://www.website.com/auth/resources/jquery.min.js).
I tried solution here : Spring-boot with embedded Tomcat behind Apache proxy So I have Vhost :
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine on
ProxyPreserveHost On
ServerName www.website.com
ProxyPass /auth https://127.0.0.1:8081
ProxyPassReverse /auth https://127.0.0.1:8081
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Port 443
ProxyPass /api https://127.0.0.1:8082
ProxyPassReverse /api https://127.0.0.1:8082
ProxyPass / https://127.0.0.1:8084/
ProxyPassReverse / https://127.0.0.1:8084/
SSLCertificateFile /etc/letsencrypt/live/www.website.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.website.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
And I've added
server.use-forward-headers=true
in the application.properties.
But then when https://www.website.com/auth/oauth/authorize is called I'm redirected on https://www.website.com/login -> /auth part is missing so I get a 404.
Not sure about what I should set and where to make this works?
Upvotes: 2
Views: 6066
Answers (1)
Reputation: 1598
Actually I found the solution, if it can help someone :
Vhost must be :
ProxyPreserveHost On
...
ProxyPass /auth https://127.0.0.1:8081/auth
ProxyPassReverse /auth https://127.0.0.1:8081/auth
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Port 443
...
And in application.properties :
server.servlet.context-path=/auth
server.use-forward-headers=true
Upvotes: 1
Related Questions
- Require HTTPS with Spring Security behind a reverse proxy
- Spring Boot with embedded Tomcat behind Apache proxy
- Spring Boot + Apache Reverse Proxy: This combination of host and port requires TLS
- How to make Spring Security application to run behind a proxy?
- Behind a Reverse Proxy, Spring Security Login Redirects to Wrong Port
- Spring Boot certificate authentication via Apache reverse proxy
- Spring Boot and OAuth2: redirect url over reverse proxy
- Spring security proxy issues
- Proxy pass fails with Spring secuity
- Spring Security and AJP proxy