2

So, I have an app on one server that I've configured to have SSL. However, it makes a bunch of API calls to another one of my servers, but that server has more than one service and no SSL. I know for a fact that if I add SSL to the second server, a lot of the apps on it will break and I don't want to have the downtime of those apps/webpages. The first server isn't in production yet, but the second one is and has multiple pages/apps.

My setup is basically this:

First server:

superwebpage.coolexample.com

and this ^ server (with SSL) makes API calls to api from the server (without SSL) below:

myweb.example.com/api
myweb.example.com/app2
myweb.example.com/anotherimportantwebpage
myweb.example.com/importantwebpage

However, my application from the first server is obviously breaking because all of the API calls aren't secure and I just get a bunch of mixed content warnings.

The reason server 2 doesn't have SSL is because I just didn't need it because no important information is being transferred until now.

My question, broadly, is what are my options? I want to avoid taking the second server down for however long it's going to take to fix all the errors that'll occur from each app/webpage that I have up on the server. I also want to have SSL on the first server because users will be logging in with passwords.

More specifically, can I make just that one folder serve https without affecting the other folders? I think that'd fix the problem, but I'm not sure it's possible.

DJSweetness
  • 35
  • 7
  • 2
    Why you cannot add SSL? It will run on another port, the legacy non-SSL ports will stay the same. You can have the same folder served both by SSL and non-SSL ports at the same time. – ThoriumBR Sep 29 '17 at 17:41
  • 2
    You could proxy. The front web server is HTTPS, and it calls the "backend" web server using HTTP. Added bonus, your clients only see the front web server's URL. Look at Apache mod_proxy, with RewriteRule [P] options. – Nic3500 Sep 29 '17 at 18:31
  • 1
    @ThoriumBR So I can add to my apache virtual host file the 443 port for https and then add the route for the folder inside that? – DJSweetness Oct 02 '17 at 16:39

1 Answers1

1

You don't have to change the HTTP site to add HTTPS. Just add a VirtualHost for port 443, point the DocumentRoot to the same directory and you are all set:

<VirtualHost *:80>
    ServerName yourserver.com
    DocumentRoot /var/www/yourserver.com
</VirtualHost>

<VirtualHost *:443>
    DocumentRoot /var/www/yourserver.com
    ServerName your-domain.com
    SSLEngine On
    SSLOptions +StrictRequire
    SSLCertificateFile /some/directory/server.crt
    SSLCertificateKeyFile /some/directory/server.key
    SSLProtocol TLSv1
</VirtualHost>

Restart Apache and you will have HTTPS and HTTP running at the same time.

ThoriumBR
  • 5,272
  • 2
  • 23
  • 34