Spring Boot + Apache Reverse Proxy: This combination of host and port requires TLS

Question

What I have:

• I have a Spring Boot app as a docker image in a private registry
• SSL Certificate from Let's Encrypt

I ran this commands:

• wget https://dl.eff.org/certbot-auto(get certbot)
• chmod a+x certbot-auto (make it exec)
• ./certbot-auto (run it)
• openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out keystore.p12 -name tomcat -CAfile chain.pem -caname root (convert to Spring boot compatible keys)

In my Spring Boot app, I added this entries to the properties:

security.require-ssl=true
server.ssl.key-store={key_store_location}
server.ssl.key-store-password={key_store_password}
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=tomcat

At this point I can access my app through: https://example.com:8080/ and the certificate is valid.

Then I do this: My /etc/apache2/sites-enabled/000-default.conf file looks like this:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


ServerAdmin webmaster@localhost
ServerName {domain}

SSLEngine on
SSLProxyEngine On
SSLProtocol All -SSLv2 -SSLv3 # Disable SSL versions with POODLE vulnerability

SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem

ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8080/
ProxyPassReverse / https://localhost:8080/

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

After I start apache2 and open https://example.com/ I get

Bad Request
This combination of host and port requires TLS.

But, if I enter https://example.com:80/ everything works.

So my question is: what do I need to do to get rid of the port and just get https://example.com/ to work?

Thank you.

EDIT: After I added 443 as suggested, the issue remains with the same error.

Full configuration file:

<VirtualHost *:80>
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

        ServerAdmin webmaster@localhost
        ServerName example.com

        SSLEngine on
        SSLProxyEngine On
        SSLProtocol All -SSLv2 -SSLv3

        SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
        SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem

        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass / https://localhost:8080/
        ProxyPassReverse / https://localhost:8080/


        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

<VirtualHost *:443>
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

        ServerAdmin webmaster@localhost
        ServerName example.com

        SSLEngine on
        SSLProxyEngine On
        SSLProtocol All -SSLv2 -SSLv3

        SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
        SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem

        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass / https://localhost:8080/
        ProxyPassReverse / https://localhost:8080/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Answer 1

Default Https port is 443. Could you please created SSL VirtualHost for 443 and add all entry inside VirtualHost and test.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Listen 443 https
<VirtualHost Apache-IP:443>
ServerAdmin webmaster@localhost
ServerName {domain}

SSLEngine on
SSLProxyEngine On
SSLProtocol All -SSLv2 -SSLv3 # Disable SSL versions with POODLE vulnerability

SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem

ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://localhost:8080/
ProxyPassReverse / https://localhost:8080/

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>