0

I'm using Apache on Mac. I'm developing a front-end application which runs over HTTPS, and thanks to our security configuration I'm unable to run the application over HTTP. A back-end developer is using their machine to host an API for me to hook into, but unfortunately they're hosting it over HTTP, this means I'm unable to access it through the application.

The API is hosted at http://testpc:7788.

Is it possible for me to configure Apache to allow me to access it using HTTPS? (It doesn't matter if the domain or port I need to use on my end have to change).

Everything I've tried so far (ProxyReverse, generating an SSL certificate for the domain through Keychain and thinking HTTPSEverywhere would solve my problems) have failed:

SSL doesn't work

James Donnelly
  • 103
  • 1
  • 7

1 Answers1

2

Well, it's pretty much a common scenario. Furthermore, it's exactly what's called SSL Offloding - when you terminate the HTTPS on a reverse proxy, and then pass it to the backend via plain HTTP. mod_proxy plus mod_rewrite (they usually work together and are like two sides of a coin) is the right choice for you.

I'll omit the HTTPS configuration, as it's straightforward, and the specific mod_rewrite/mod_proxy part would look like this:

RewriteRule   ^/(.*)$  http://testpc:7788/$1 [P,L]

P.S. From what I see looks like you're either not terminating HTTPS properly on a frontend or not passing it (not proxying it properly), hard to tell. Practice creating first a dull HTTPS site, then add the section I posted above.

drookie
  • 8,051
  • 1
  • 17
  • 27
  • Sorry, I'm not overly familiar with configuring apache - what else do I need other than this? I've uncommented `LoadModule rewrite_module /usr/local/opt/httpd24/libexec/mod_rewrite.so` and included this, and I'm now getting a different response: https://i.imgur.com/avQfUQw.png – James Donnelly Nov 17 '17 at 21:12
  • 1
    Looks like you’re not familiar with DNS subsystem either. And you really need to be. – drookie Nov 17 '17 at 22:10