how to handle multiple apps via port 443

Question

I am not an expert by any means in regard to apache (in our case Oracle's version of apache, OHS) and redirecting input within httpd.conf. We have multiple applications deployed on WLS 10.3.5 on the same server and would like to have them all accessed via port 443.

Of course, not all the apps can be deployed on 443 we would then receive an error that the port is in use.

For example, we have app1 deployed on 3443, app2 deployed on 4443, and app3 on 5443. Our client, would like to be able to simply enter https:///app1 (or app2 or app3) and not https://:3443/app1 (or :4443/app2 or :5443/app3).

Is it possible to do this within the httpd.conf (or ssl.conf)? Is it possible to have the URLs only use 443 and then within the conf files redirect to where the apps are actually deployed (3443, 4443, and 5443)?

Yes, this is possible. Google for `Apache reverse proxy` and you will find help. — Tero Kilkanen, Dec 18 '14 at 17:01
Either reverse proxy, or using virtual hosts, or mod_rewrite, or any combination thereof. — Jenny D, Dec 18 '14 at 17:02
It's significantly more constructive to post an answer rather than commenting your 'answer' below the question, you two! — BE77Y, Dec 18 '14 at 17:17

score 1 · Answer 1 · answered Dec 18 '14 at 17:14

This can certainly be achieved, and the way you would do it depends upon how your apps run; if they are served by your web server simply listening on certain ports, then you would need to amend your configurations to use VirtualHosts similar to the following:

<VirtualHost *:443>
    ServerAlias app1.com
    DocumentRoot /var/www/html/app1    #or however this app is configured   
    [the rest of your configuration directives for the app]
</VirtualHost>

<VirtualHost *:443>
    ServerAlias app2.com
    [As above but for app2]
</VirtualHost>

Whereas, if your apps are being served by other processes listening on the ports you have noted, then you could set it up using a structure similar to the above, but utilising reverse proxies to serve the apps via port 443, for example:

<VirtualHost *:443>
    ServerAlias app1.com
    ProxyPreserveHost on

    SSLProxyEngine On
    ProxyPass / http://localhost:5443/ #change the port here for the app in question
    ProxyPassReverse / http://localhost:5443/ # change the port here for the app in question

  SSLEngine on
  [SSL directives as appropriate for your requirements]
</VirtualHost>

<VirtualHost *:443>
    ServerAlias app2.com
    ProxyPreserveHost on


    SSLProxyEngine On
    ProxyPass / http://localhost:5443/ #change the port here for the app in question
    ProxyPassReverse / http://localhost:5443/ # change the port here for the app in question

  SSLEngine on
  [SSL directives as appropriate for your requirements]
</VirtualHost>

This way, the SSL is handled by the web server, with the http requests passed back to whichever app is listening on the ports listed - and the apps are differentiated via host name requested. It is worth noting that if the apps are listening on these ports and replying only over SSL, it will be advisable to disable SSL from them (and run it via Apache as instructed above - once configured, also of course close those ports in your firewall if they are currently opened externally).

Man-I-n-MiddLeWare · Answer 2 · 2015-06-04T09:33:50.010

1

If you are using OHS then better to use proxy plugin mod_wl_ohs.conf file to do reverse proxy. In mod_wl_ohs.conf you can add below lines

enter image description here

Check http://docs.oracle.com/cd/E28280_01/web.1111/e37889/oracle.htm#PLGWL510 for further info

By this you no more need extra virtual hosts and use OHS 443 to route to multiple weblogic instances

edited Jun 04 '15 at 09:33

answered Jun 02 '15 at 19:55

Man-I-n-MiddLeWare

64
4

grag42 · Answer 3 · 2014-12-19T17:15:49.100

0

From the way you have described your situation, this can be done with ProxyPass. it is a module in apache that allows for redirection of url requests. Here is the apache.org info

For each vhost ie: https://app1 you will add to vhost settings

ProxyPass / https://app1:3443
ProxyPassReverse / https://app1:3443

there are several good HowTo sites out there. But this should get you in the right direction

IF they are not concerned with how the url ends up looking you can also use mod_rewrite to redirect them to the correct url. I am not good with that syntax to give you an example.

EDIT:

For 1 server host aliase. will can redirect based on the site with

<VirtualHost *:443>
    ServerAlias myserver.com
    ProxyPreserveHost on

    SSLProxyEngine On
    ProxyPass /app1 http://localhost:3443/app1 #change the port here for the app in question
    ProxyPassReverse /app1 https://localhost:5443/app1 # change the port here for the app 

    ProxyPass /app2 https://localhost:4443/app2
    ProxyPassReverse /app2 https://localhost:4443/app2

    ProxyPass /app3 https://localhost:5443/app3
    ProxyPass /app3 https://localhost:5443/app3

  SSLEngine on
  [SSL directives as appropriate for your requirements]
</VirtualHost>

edited Dec 19 '14 at 17:15

answered Dec 18 '14 at 17:13

grag42

431
2
5

In the above example (and the prior one) I see the ServerAlias as app1.com and app2.com. Forgive my ignorance, but our server names for our examples are all the same... not on app1.com or app2.com. In the ProxyPass example, since the only difference with the URLs is the app name would the first "/" in ProxyPass and ProxyPassReverse be the "/app1" or "/app2"? – tcarlson Dec 18 '14 at 21:03
BE77Y's answer is more detailed. will use for reference. – grag42 Dec 18 '14 at 21:41
The `ServerAlias` in line 2 is the URL the server is listening for. The / in `proxypass` line 6 says everything after the url including the base url will be passed to the new URL . SO on one system you can have all three urls hosted on the same site. `https://apps1` and the others all on 443. users will go the the url they want and be redirected appropriately to the actual site `https://yoursite:3443/` . – grag42 Dec 18 '14 at 21:48
IF the destination site needs to be `https://yoursite:3443/app1` then change the `proxypass` to be `ProxyPass / https://yoursite:3443/app1` and the `ProxyPassReverse` to match – grag42 Dec 18 '14 at 21:52
I see the confusion. it was hard to see the 3 slashes in your original post. the proxypass would be `ProxyPass /app1 https://yourserver:3443/app1` with matching `ProxyPassReverse` and duplicated and updated for the other 2 instances – grag42 Dec 18 '14 at 21:57
Sorry for the shorthand /// was running tight on characters. Therefore, if the URL is https://yourserver.com/app1, the ServerAlias would be yourserver.com and the ProxyPass would be / https://yourserver.com:3443/app1 with ProxyPassReverse matching, correct? And then of course the same for the other 2. – tcarlson Dec 19 '14 at 11:38
I have edited my post to show what you will need. in your conf file – grag42 Dec 19 '14 at 17:16
It does seem to be a little more than coincidental that your original post seems to have been edited after the fact to include the extra information you require, directly pulled from my answer below! I should note however, that there are some configuration errors in the above which will prevent it from working - and inconsistencies, for example; your app1 has the forward proxy going via http and the reverse via https - etc. – BE77Y Dec 19 '14 at 17:34

how to handle multiple apps via port 443

3 Answers3