Redirect url da HTTP verso HTTPS e viceversa con Apache mod_proxy

In questo articolo utilizzo la direttiva ProxyPass di Apache mod_proxy per configurare una redirection url HTTP verso un Tomcat server su cui è in esecuzione un servizio HTTPS (caso1). Nel caso di redirection inversa invece è necessario installare su Apache un certificato SSL (caso 2).

Caso 1. HTTP su Apache, HTTPS su Tomcat

$ yum install mod_ssl
$ vi /etc/httpd/conf.d/virtual_hosts.conf

NameVirtualHost *:80
<VirtualHost *:80>
        ServerName mysite.com
        SSLProxyEngine On
        RequestHeader set Front-End-Https "On"
        CacheDisable *
        ProxyPass /myapp https://tomcat-host:8443/myapp
        ProxyPassReverse /myapp https://tomcat-host:8443/myapp
        RedirectMatch ^/$ http://mysite.com/myapp
</VirtualHost>

Caso 2. HTTPS su Apache, HTTP su Tomcat

$ yum install mod_ssl openssl

$ mkdir /etc/httpd/certs
$ cd /etc/httpd/certs
$ openssl genrsa -out mysite.com.key 1024
$ openssl req -new -key mysite.com.key -out mysite.com.csr
$ openssl x509 -req -days 100000 -in mysite.com.csr -signkey mysite.com.key -out mysite.com.crt

$ vi  /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/httpd/certs/mysite.com.crt
SSLCertificateKeyFile /etc/httpd/certs/mysite.com.key

$ vi /etc/httpd/conf.d/virtual_hosts.conf

NameVirtualHost *:443
<VirtualHost *:443>
        ServerName mysite.com
        ProxyPass /myapp http://tomcat-host:8080/myapp
        ProxyPassReverse /myapp http://tomcat-host:8080/myapp
        RedirectMatch ^/$ https://mysite.com/myapp
        SSLEngine on
        SSLCertificateFile /etc/httpd/certs/mysite.com.crt
        SSLCertificateKeyFile /etc/httpd/certs/mysite.com.key
</VirtualHost>