[users@httpd] Apache 2.2.11 with Reverse Proxy(HTTPS not consistent)

Fri, 28 Aug 2009 00:16:46 -0700 

Dear All,

 

I have a web-server installed with Apache 2.2.11 (with reverse proxy
enabled) and a back-end server that is running Tomcat and hosting some JSP
web applications. 

 

The external users are supposed to communicate with the JSP web applications
in HTTPS via the Apache reverse proxy, which establishes a HTTP session to
Tomcat.

 

The flow is as below:

 

External users --> HTTPS --> Apache Reverse proxy --> HTTP --> Tomcat (jsp
web apps)

 

 

My IE browser is able to establish a HTTPS session to the web application
without a problem. There is a username/password authentication form and I am
able to login as well. Here's the problem. Whenever after I logged in, the
HTTPS session breaks and becomes HTTP. I can still browse around the site
and do functions on HTTP session. 

 

Is there anybody who experiences this as well? How do I keep the HTTPS going
and consistent?

 

I have checked the processes of the authentication and logging in, where the
web application will parse an action-servlet.xml file to determine the
redirection URL. Is there any issue with reverse proxy doing rewrites on XML
files?

 

Thank you.

 

 

Here is my SSL + Reverse Proxy config for Apache2:

 

 

# =================================================

# SSL/TLS settings

# =================================================

 

NameVirtualHost 192.168.0.20:443

Listen 443

 

SSLProtocol -all +TLSv1 +SSLv3

SSLMutex  file:/usr/local/apache2/logs/ssl_mutex

 

SSLRandomSeed startup file:/dev/urandom  1024

SSLRandomSeed connect file:/dev/urandom  1024

 

SSLSessionCache         shmcb:/usr/local/apache2/logs/ssl_scache(512000)

SSLSessionCache         shm:/usr/local/apache2/logs/ssl_cache_shm

SSLSessionCacheTimeout 600

SSLPassPhraseDialog builtin

SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM

SSLCryptoDevice pkcs11

SSLOptions +StrictRequire

 

# ================================================

# HOSTED SITES

# ================================================

 

<VirtualHost 192.168.0.20:443>

        ServerAdmin ad...@test.com

        DocumentRoot /www/

        ServerName abc.test.com

        ServerAlias abc.test.com

        Userdir disabled

 

        SSLEngine On

        SSLProxyEngine On

        SSLCertificateFile /usr/local/apache2/conf/certs/abc.test.com.crt

        SSLCertificateKeyFile /usr/local/apache2/conf/certs/abc.test.com.pem

 

        ProxyHTMLLogVerbose On

        LogLevel Debug

        ProxyRequests Off

        ProxyPreserveHost On

        ProxyHTMLExtended On

 

        RewriteEngine on

        RewriteRule ^/sg/test/project$ $1/sg/test/project/ [R]

 

        ProxyPass /sg/test/project/
http://192.168.1.60:8080/sg/test/project/

        ProxyHTMLURLmap http://192.168.1.60:8080/sg/test/project/
/sg/test/project/

 

        <Proxy *>

          Order Deny,Allow

          Allow from all

        </Proxy>

 

        <Location /sg/test/project/>

         ProxyPassReverse /

         AddOutputFilter xmlns .xhtml

         Include /usr/local/apache2/conf/proxy_html.conf

         SetOutputFilter  proxy-html

         SetEnv force-proxy-request-1.0 1

         SetEnv proxy-nokeepalive 1

         RequestHeader  unset  Accept-Encoding

        </Location>

 

        BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0

 

        ErrorLog logs/sg_test-error_log

        CustomLog logs/sg_test-access_log combined

</VirtualHost>

 

 

 

Best Regards,
Andy Ee

Reply via email to