Apache2 proxy to spring-boot app, problem with Oauth2

Question

I'm running the Tomcat on 8080 port. I have an apache2 proxy, it has SSL certificates, and it passes all encrypted traffic from 443 to 8080 port. All works fine, except facebook authentication.

If apache2 turned off, and SSL is on in tomcat - it is working. I believe the problem in traffic encryption, maybe the facebook retrieves the request from my not SSL tomcat server?

My apache config:

ServerName thing-tracker.ga SSLEngine On SSLCertificateFile /opt/cert/cert.pem SSLCertificateKeyFile /opt/cert/privkey.pem SSLCertificateChainFile /opt/cert/chain.pem

    DefaultType text/html
    ProxyRequests off
    ProxyPreserveHost On

    RewriteEngine On
    RewriteCond %{HTTP:Upgrade} =websocket
    RewriteRule /(.*)           ws://localhost:8080/$1 [P,L]
    RewriteCond %{HTTP:Upgrade} !=websocket
    RewriteRule /(.*)           http://localhost:8080/$1 [P,L]

   # ProxyPass / http://localhost:8080/
   # ProxyPassReverse / https://localhost/

The error:

Forwarding to error page from request [/login/oauth2/code/facebook] due to exception

[An error occurred reading the OAuth 2.0 Error: JSON parse error: Cannot deserialize instance of java.lang.String out of START_OBJECT token;

nested exception is com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize instance of java.lang.String out of START_OBJECT token at [Source: (sun.net.www.protocol.http.HttpURLConnection$HttpInputStream); line: 1, column: 10] (through reference chain: java.util.LinkedHashMap["error"]);

Answer 1

Try to force https on apache:

RequestHeader set X-Forwarded-Proto https

And on your spring boot properties add:

server.use-forward-headers=true
server.tomcat.remote_ip_header=x-forwarded-for
server.tomcat.protocol_header=x-forwarded-proto

I was with the same problem, but this solved.