Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache SSL redirect problem. |
|
| Author |
|
pete.jibe
Joined: 19 Jun 2013
Posts: 2
Location: US, P-town
|
 Posted: Wed 19 Jun '13 23:23 Post subject: Apache SSL redirect problem. |
 |
|
Hi there,
I'm currently struggling with an issue on our Apache 2.2.24 home-rolled installation on an OEL 6.2 x64 linux server that front-ends for a Glassfish cluster via proxypass.
The httpd.conf manages 4 virtual hosts with each virtual host entry rewriting to HTTPS.
Anyone trying to access the HTTP address redirects to HTTPS just fine.
The issue is that anyone using the HTTPS address gets redirected to the DocumentRoot defined in Apache instead of being proxypassed to Glassfish.
I had set up a dummy DocumentRoot with a simple index.html meta redirect and what happens is that anyone directly accessing HTTPS will hit the index.html file which redirects to the the https site. At this point it simply loops to infinity.
Sample code is a follows:
httpd-vhosts.conf:
| Code: | NameVirtualHost 1.1.4.4:80
<VirtualHost 1.1.4.4:80>
ServerName www.mysite.com
ServerAdmin hostadmin@myCompany.com
DocumentRoot /servers/apache/htdocs/mysite
Options Includes FollowSymLinks MultiViews
ScriptAlias /cgi-bin/ /servers/apache/htdocs/mysite/cgi-bin/
ErrorLog logs/mysite/mysite_error_log
CustomLog logs/mysite/mysite_access_log combined
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)$ https://www.mysite.com/mySite$1 [L,R]
</VirtualHost> |
httpd-ssl.conf:
| Code: | NamevirtualHost 1.1.4.4:443
<VirtualHost 1.1.4.4:443>
DocumentRoot "/servers/apache/htdocs/mysite"
ServerName www.mysite.com
DirectoryIndex index.html
ErrorLog logs/mysite/mysite_ssl_error_log
TransferLog logs/mysite/mysite_ssl_access_log
LogLevel warn
<Directory />
Options FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/STAR_mysite_com.crt
SSLCertificateKeyFile /etc/pki/tls/private/wild.mysite.com.key
SSLCertificateChainFile /etc/pki/tls/certs/wild_mysite_com.ca-bundle
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/servers/apache/htdocs/mysite/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/mysite/mysite_ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<Proxy balancer://clacc-backoffice>
BalancerMember http://1.1.2.2:28080/
BalancerMember http://1.1.3.3:28080/
</Proxy>
ProxyPass /mySite balancer://clacc-backoffice/mySite stickysession=JSESSIONID
ProxyPassReverse /mySiteR/ http://1.1.2.2:28080/mySite/
ProxyPassReverse /mySite/ http://1.1.3.3:28080/mySite/
</VirtualHost> |
Any suggestions on how resolve this is greatly appreciated. The goal is to get the end-user to the Glassfish site regardless of whether they use HTTP or HTTPS.
Thanks in advance,
Pete |
|
| Back to top |
|
pete.jibe
Joined: 19 Jun 2013
Posts: 2
Location: US, P-town
|
| Posted: Tue 25 Jun '13 23:33 Post subject: Located the problem, looking for a suggested solution |
|
|
Hi there,
After looking this over I've located the issue but haven't determined how to best implement the resolution.
The problem is that when folks access HTTP (via httpd-vhosts.conf) the configuration Rewrites the URL as https://www.mysite.com/mySite$1
When end-users bypass the HTTP configuration and go directly to HTTPS the httpd-ssl.conf file has been configured to expect that the Rewrite has already occurred and that the /mySite$1 suffix already exists.
Because the original httpd-vhosts.conf Rewrite command is bypassed, the httpd-ssl.conf configuration tries to proxypass the incorrect URL string to the back-end Glassfish server resulting in the original error.
Now I'm trying to determine how/where to best place the Rewrite command (I'm assuming within the httpd-ssl.conf virtual hosts section) while still maintaining the redirect from HTTP to HTTPS.
As before, any input that would get me on the write path to resolution is highly appreciated.
~Pete |
|
| Back to top |
|
|
|
|
|
|
