The requirement: We recently upgraded our site(internal to company) to https. However, many teams have asked for us to extend http support, for 30 more days. This is to enable non tech users to update their bookmarks,information to percolate, etc.
The setup: Apache 2.x Webserver reverse proxying request to Apache Tomcat 8 server.
Apache configuration: To support http, the config below was used.
<VirtualHost *:80>
ServerName localhost:80
ProxyPass /appName http://localhost:8080/appName
ProxyPassReverse /appName http://localhost:8080/appName
</VirtualHost>
To support https,
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine on
ServerName domainname.com:443
SSLCertificateFile "${SRVROOT}/conf/ssl/cerSan.pem"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/certSan.key"
DocumentRoot "${SRVROOT}/htdocs"
# DocumentRoot access handled globally in httpd.conf
CustomLog "${SRVROOT}/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<Directory "${SRVROOT}/htdocs">
Options Indexes Includes FollowSymLinks
AllowOverride AuthConfig Limit FileInfo
Require all granted
</Directory>
ProxyPass /appName http://localhost:8080/appName
ProxyPassReverse /appName http://localhost:8080/appName
</virtualhost>
Tomcat configuration:
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000" address="127.0.0.1"
redirectPort="8443" />
The problem: Whenever application does a
((HttpServletResponse) response).sendRedirect("/appName/pages/login.jsp");
during login,etc the application switches back to http. I understand this works as per the spec.
What happens :
http://domainname.com ==> http://domainname.com/appName
https://domainname.com ==> http://domainname.com/appName
https://domainname.com/appName ==> https://domainname.com/appName
I tried an approach given in this answer by adding a additional tomcat connector and reverse proxying to that port. In this case an additional context gets added and a 404 request is returned.
https:domainname.com/appName ==> https:domainname.com/appName/appName.
I then tried removing the context in apache config.
ProxyPass / http://localhost:8080/appName
ProxyPassReverse / http://localhost:8080/appName
This resulted in
https://domainname.com ==> tomcat default landing page
I also read a few other blog posts and they suggest to rewrite the code.The application team needs a week to fix this in code, due to other priorities.
Is there a way to handle this with server level config in the meantime ? What additional/different config can help us to achieve the requirement