How to configure Apache to act as an SSL proxy to an application server?

Question

I have one physical server that runs:

• an Apache (httpd) server
• another web server (let's say Tomcat for sake of argument) on port 1234

Can I configure the Apache server to act as a proxy for SSL traffic, while keeping the application server blissfully unaware of SSL?

What I imagine is:

• Traffic to http://myserevr.com/app is redirected to https://myserver.com/app
• Traffic to https://myserver.com/app is proxied to the application server.
• My SSL certificate is only installed on the Apache server, not on the Application server
• Other traffic to the Apache server (http://myserver.com/anotherapp) is served directly from the Apache server

What's the best setup to achieve this? (On Ubuntu, if that matters)

Answer 1

If Tomcat runs on the standart ports (8080 - HTTP, 8009 - AJP) add this to yours Apache configuration:

<VirtualHost _default_:443>
    .......
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyVia On

    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    <Location /app>
        ProxyPass        ajp://localhost:8009/app
        ProxyPassReverse ajp://localhost:8009/app
    </Location>

    #<Location /app>
    #    ProxyPass        http://localhost:8080/app
    #    ProxyPassReverse http://localhost:8080/app
    #</Location>

    <Location "/app/WEB-INF/">
        deny from all
    </Location>    
   ..........
</VirtualHost>

<VirtualHost *:80>
   ...........
    RewriteEngine On
    RewriteRule ^/app$  https://%{HTTP_HOST}%{REQUEST_URI} [R]
   ...........
</VirtualHost>

Answer 2

Have a look at mod_proxy for Apache, and how to use it in 'reverse proxy' mode.