0
votes

Had hit a roadblock with the apache configuration trying to redirect or proxy to other webservers. Have google for quite a while but am stuck as mentioned in the scenario below. Apart from using apache for some out of the box web applications like Plone, cmdbuild, etc., I don’t have much experience with apache. Leaving security aside for the configuration for Apache, am I trying to achieve something the wrong way. Do give me your views and other possible ways to achieve what I am trying to do. Am planning to run all the sites under https.

Scenario:

Server 1 – 10.0.0.1 (CentOS 6.5) Apache (version 2.2.5) running on port 80 (SSL enabled) – Main Web Server Zope (Plone) running on port 8080 Sites:

http://10.0.0.1:8080/site1

http://10.0.0.1:8080/site2

Server 2 – 10.0.0.2 (CentOS 6.5) Tomcat running on port 8080 Sites: http://10.0.0.3:8080/site3 Server 3 – 10.0.0.3 (Windows Server 2008) IIS running on port 80 Sites: http://10.0.0.4/site4

If ProxyPass and Proxy PassReverse is used on the apache ssl.conf like below:

ProxyPass /site1 http://10.0.0.1:8080/site1
ProxyPassReverse /site1 http://10.0.0.1:8080/site1

ProxyPass /site2 http://10.0.0.1:8080/site2 
ProxyPassReverse /site2 http://10.0.0.1:8080/site2 

ProxyPass /site3 http://10.0.0.2:8080/site3 
ProxyPassReverse /site3 http://10.0.0.2:8080/site3 

ProxyPass /site4 http://10.0.0.1:8080/site4 
ProxyPassReverse /site4 http://10.0.0.1:8080/site4

Site 3 and Site 4 are working properly fine with the ssl enabled but site 1 and site 2 (running under localhost zope) are working too but the contents are not showing properly because

“Connection Partially Encrypted Parts of the page you are viewing were not encrypted …..”

If RewriteEngine is used instead of ProxyPass as shown below, both site1 and site2 runs perfectly under ssl.

RewriteEngine On
RewriteRule ^/(.*) http://10.0.0.1:8080/VirtualHostBase/https/%{SERVER_NAME}:443/site1/VirtualHostRoot/$1 [L,P]

But the other sites site3 and site4 are not reachable.

Apache httpd.conf just had a permanent redirect to https

<VirtualHost *:80>

    Redirect permanent / https://10.0.0.1/

</VirtualHost>
1

1 Answers

0
votes

If your rewrite rule is working for anything other than site1, it's because acquisition is making other sites appear inside site1. You don't want to depend on that.

Instead, have a separate rewrite rule for each site:

    RewriteEngine On
    RewriteRule ^/site1(.*) http://10.0.0.1:8080/VirtualHostBase/https/{SERVER_NAME}:443/site1/VirtualHostRoot/$1 [L,P]
    RewriteRule ^/site2(.*) http://10.0.0.1:8080/VirtualHostBase/https/{SERVER_NAME}:443/site2/VirtualHostRoot/$1 [L,P]   
    RewriteRule ^/site3(.*) http://10.0.0.2:8080/VirtualHostBase/https/{SERVER_NAME}:443/site3/VirtualHostRoot/$1 [L,P]    
    RewriteRule ^/site4(.*) http://10.0.0.1:8080/VirtualHostBase/https/{SERVER_NAME}:443/site4/VirtualHostRoot/$1 [L,P]

Don't try to do this with one rewrite rule, or you'll expose your Zope root via proxy. A bad idea.