0

We have a legacy application with URL https://www2.devDocApp.com/ which is running on Ubuntu8 so and apache2.2 with no TLS 1.2 support, we had hardtime upgrading apache2.2 and openSSL on Ubuntu 8 box, so now we are standing proxy apache server (devapp01 windows 2012 VM with Apache/2.4.29 (Win64)) which redirects all the requests to https://www2.devDocApp.com/

Below is the apache configuration I've used to set up proxy server devapp01

<VirtualHost *:443>
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" 
DocumentRoot "C:/apache/htdocs"
ServerName  devapp01    
#ErrorLog "|bin/rotatelogs.exe -l -f C:/apache/logs/apache_error_log.%m-%d-%y-%I-%M-%S.log 86400"
#TransferLog "|bin/rotatelogs.exe -l -f C:/apache/logs/apache_transfer_log.%m-%d-%y-%I-%M-%S.log 86400"

SSLEngine on

#SSLProtocol -ALL +TLSv1 +TLSv1.1 +TLSv1.2 
#SSLHonorCipherOrder on
#SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
#SSLCompression off

SSLProtocol -ALL TLSv1.2
SSLCertificateFile "C:/apache/conf/server.cer"
SSLCertificateKeyFile "C:/apache/conf/server.key"
#SSLCertificateChainFile "C:/apache/conf/server-ca.cer"
SSLCACertificateFile "C:/apache/conf/ca.cer"
SSLVerifyClient optional
SSLVerifyDepth  3

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "C:/apache/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

#CustomLog "|bin/rotatelogs.exe C:/apache/logs/ssl_request.%m-%d-%Y_%H_%M_%S.log 86400" \
#          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
#ProxyPass should be prior to any other Proxy directives
ProxyPass   /DocApp https://www2.devDocApp.com/ 
SSLProxyEngine on

RewriteEngine On        
RewriteRule  ^/DocApp$  https://www2.devDocApp.com/  [R,L]  

RequestHeader set X_SSL_CLIENT_M_SERIAL "%{SSL_CLIENT_M_SERIAL}s"
RequestHeader set X_FORWARDED_PROTO "https" env=HTTPS
RequestHeader set SslSubject "%{SSL_CLIENT_S_DN}s"

</VirtualHost>

When am hitting the proxy apache URL https://devapp01/DocApp/ it is redirecting to https://www2.devDocApp.com/ in the browser, how do I make it work such a way that URL in browser will always be https://devapp01/DocApp/<Page> for all the nested paths like https://devapp01/DocApp/page1 https://devapp01/DocApp/page2/page1 instead of redirecting to https://www2.devDocApp.com/page1 and https://www2.devDocApp.com/page2 etc.?

OTUser
  • 73
  • 3
  • 11

2 Answers2

1

This does the redirection:

RewriteEngine On        
RewriteRule  ^/DocApp$  https://www2.devDocApp.com/  [R,L]

Remove it. The ProxyPass already does the trick.

Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129
  • You mean I need to remove this? `ProxyPass /DocApp https://www2.devDocApp.com/ ` – OTUser Mar 01 '18 at 15:42
  • Never mind, redirect works fine with just ProxyPass :) , but when I hit `/DocApp` on the `proxy apache(devapp01)` it gets redirected to `authentication/login` and log in doesnt seem to be working which is a `POST` operation, but login works fine on `https://www2.devDocApp.com/` with same user credentials, do I need to do something to make login work on `proxy apache(devapp01)` – OTUser Mar 01 '18 at 16:20
  • can you please help me with this? https://serverfault.com/questions/900111/redirect-ssl-requests-from-proxy-apache-server-to-another-apache-server – OTUser Mar 05 '18 at 19:46
1

you should Try proxy in this way

RewriteEngine  on
RewriteRule    "^DocApp/(.*)$"  "https://www2.devDocApp.com/DocApp/$1"  [P]
ProxyPassReverse "/DocApp/" "http://www2.devDocApp.com/DocApp/"

we add a ProxyPassReverse directive to ensure that any redirects issued by the backend are correctly passed on to the client.

better info here: https://httpd.apache.org/docs/2.4/rewrite/proxy.html

djv
  • 81
  • 5