6

I have a reverse proxy setup using apache mod_proxy:

<VirtualHost *:443>
   ServerName reverse.server.com  
   ProxyPass / http://10.1.9.11:3000/
   ProxyPassReverse / http://10.1.9.11:3000/
   ProxyPreserveHost on
   ...snip ssl stuff...
</VirtualHost>

This works fine most of the time. The problem is when the internal server does a redirect. While the proxypassreverse should catch the location, and it seems to, it redirects to http://reverse.server.com rather than to https://reverse.server.com. So it is half working, the address changes correctly, but the protocol stays as the internal server.

I am not clear on why it is doing this, as the proxied connection is SSL - any ideas?

Paul
  • 1,288
  • 13
  • 25

2 Answers2

8

ProxyPassReverse can not fix this kind of redirections. There are 2 ways to solve the problem:

  • Use HTTPS for the internal site. e.g. ProxyPass / https:... and ProxyPassReverse / https: (actually the last one is not required in your case).
  • Use mod_headers in the reverse proxy: Header edit Location ^http: https:
  • Use mod_rewrite in the reverse proxy to change the redirection.
Mircea Vutcovici
  • 17,619
  • 4
  • 56
  • 83
0

I'm just experiencing the same issue. We found 2 ideas to try, dont know if it really works: 1/ use the RequestHeader set X-Forwarded-Protocol "https" => http://toroid.org/ams/etc/mixing-http-and-https

2/ use the variable httpsindicatorheader (it's a websphere) to indicate through the application server that the initial request was https. Then every redirection will be on https

Rod
  • 1
  • fwiw, `httpsIndicatorHeader` is documented here: https://www.ibm.com/support/knowledgecenter/en/SSKTXQ_9.0.0/admin/config/config_was_web_container.html – myrdd Sep 17 '19 at 13:57