Switching SSL with Apache 2 Proxy
I use Apache 2 as a reverse proxy in front of my JBoss application server. I let Apache handle the SSL connections, so my JBoss server doesn't need to know anything about it.
I've now figured out how to use Apache alone to enforce switching between http and https for the login page versus the rest of the site. Now I can hit the site normally with http, and upon clicking the login link (which shows both the login form and accepts the POST), Apache redirects me up to the https port. When login is done and returns me to any other URL, it redirects me once again back down to the http port. It's all done in the proxy, so no application code must be changed.
The only thing that I've found to not quite work is the occassion where the login url comes in with a the ';jsessionid=...' appended. Apache doesn't seem to be recognizing that one to be redirected to https. I may need the more featureful mod_rewrite to accomodate that.
Here are the relevant bits of the Apache 2 config:
<VirtualHost *:80> # redirect only login action over to https ProxyPass /blog/login.java ! Redirect /blog/login.java https://www.hjsoft.com/blog/login.java # reverse proxy everything else ProxyPass /blog/ http://localhost:8080/blog/ ProxyPassReverse /blog/ http://localhost:8080/blog/ ProxyPreserveHost On <Proxy http://localhost:8080/blog/> Order allow,deny Allow from all </Proxy> </VirtualHost> <VirtualHost *:443> # proxy only the login action ProxyPass /blog/login.java http://localhost:8080/blog/login.java # redirect anything else over to http ProxyPass /blog/ ! Redirect /blog/ http://www.hjsoft.com/blog/ ProxyPassReverse /blog/ http://localhost:8080/blog/ ProxyPreserveHost On <Proxy http://localhost:8080/blog/> Order allow,deny Allow from all </Proxy> </VirtualHost>
Update (9 Feb 2005): I figured out mod_rewrite to implement a more complete solution. I replace my ProxyPass and Redirect directives with this:
RewriteEngine on RewriteRule ^/blog$ http://www.hjsoft.com/blog/ RewriteRule ^/blog/(login\.java.*)$ https://www.hjsoft.com/blog/$1 [L] RewriteRule ^/blog/(.*)$ http://localhost:8080/blog/$1 [P,L]
and for the SSL virtual host config:
RewriteEngine on RewriteRule ^/blog/(login\.java.*) http://localhost:8080/blog/$1 [P,L] RewriteRule ^/blog$ http://www.hjsoft.com/blog/ RewriteRule ^/blog/(.*) http://www.hjsoft.com/blog/$1 [L]
These more powerful rules and their regular expressions allow me to more completely match and preserve parts of the URL, including the jsessionid
.