Apache web server configuration - HTTP to HTTPS not working

Question

I've been at this for two weeks now and still nothing. What's even odd is I've done this on a different server and it worked so I don't understand why this isn't working. Really frustrated here.

I'm trying to configure my apache web server on my RHEL so that HTTP requests are redirected to HTTPS when then points to my tomcat.

This is my configuration:

<VirtualHost *:80>
  ServerName server.com
  Redirect / https://server.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName server.com
  ServerAlias www.server.com

  ProxyPass / http://localhost:8080/
  ProxyPassReverse / http://localhost:8080

  SSLEngine on
  SSLProxyEngine on
  SSLCertificateFile /etc/pki/tls/certs/cert.cert.pem
  SSLCertificateKeyFile /etc/pki/tls/private/key.key.pem
  #SSLCACertificateFile /etc/pki/tls/certs/ca-chain.cert.pem
</VirtualHost>

Believe me when I say I have tried so many different combinations yet nothing. I have commented and un-commented the Include conf.d/ssl.conf, still no effect.

Please, what am I doing wrong here?

It looks like the same problem , Hope [this](https://stackoverflow.com/questions/16200501/http-to-https-apache-redirection) will help — PrabhatSE, Jan 28 '18 at 06:50
Your redirect works fine, but your https site is not responding — Dusan Bajic, Jan 28 '18 at 07:28
There is a missing trailing slash in the ProxyPassReverse directive. — Ortomala Lokni, Jan 28 '18 at 08:26
What answer do you get when you try to connect to localhost:8080 from your server? — Ortomala Lokni, Jan 28 '18 at 08:31

score 0 · Answer 1 · answered Jan 29 '18 at 07:32

First of all: "isn't working" is quite a weak description. I might or might not hit what your problem is, but I see several options:

First: Test if the forward works

Second: What's the result when you're connecting to the https server? You can try this without the forward - just type the https protocol yourself and figure out if you can rule out the forward configuration completely.

I've done this on a different server and it worked

You're forwarding to localhost:8080. If that other server had tomcat installed (and running) on port 8080, but the one that you're trying now doesn't - well, here's your solution. localhost is always "the same" computer.

As Ortomala Lokni mentions in a comment: Your ProxyPassReverse directive is lacking a /:

ProxyPassReverse / http://localhost:8080/

Note that with this configuration, tomcat will not know that the original request has been sent through https - thus any CONFIDENTIAL declaration on tomcat assumes that the request has been sent in the clear - and it will try to redirect to https. As the ProxyPass still forwards through http, Tomcat will never know that the request actually was encrypted. There are hacks to work around this (e.g. secure="true" on the connector configuration) or more proper solution (like forwarding through AJP instead of http)

ProxyPass / ajp://localhost:8009/

(notice the changed port)

There's potential for more going wrong - in case these hints don't help, please specify "isn't working" more.

Akin_Glen · Accepted Answer · 2018-01-31T10:13:22.037

thanks ever so much! Especially you, Olaf Kock. Your suggestion was golden! Just like you suggested, I decided to forget about the forwarding and focus on what happens when I try connecting to the HTTPS directly, and that's when I came across this error:

proxy: HTTP: disabled connection for (localhost)

I did a little search and found out that I had to run this command to get things rolling: /usr/sbin/setsebool -P httpd_can_network_connect 1

(Note, there are other variations of this command, like: setsebool -P httpd_can_network_connect on or sudo setsebool -P httpd_can_network_connect on)

Then I had to setup these in the ssl.conf file under the <VirtualHost _default_:443> tag:

ServerName server.com
ServerAlias www.server.com

ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/

And it worked!

However, I didn't want to have to reference the ssl.conf file. I wanted everything in the httpd.conf file, and so after tinkering a bit, this is what worked for me, and I believe should work for anyone with a similar problem.

So, after commenting out the include conf.d/ssl.conf line

LoadModule ssl_module modules/mod_ssl.so

Listen 443

#For HTTP requests, redirecting to HTTPS
<VirtualHost *:80>
  ServerName server.com
  Redirect / https://server.com/
</VirtualHost>

#For HTTPS requests
<VirtualHost *:443>
  ServerName server.com
  ServerAlias www.server.com

  ProxyPreserveHost On
  ProxyRequests Off
  ProxyPass / http://localhost:8080/
  ProxyPassReverse / http://localhost:8080/

  SSLEngine on
  SSLCertificateFile /etc/pki/tls/certs/cert.cert.pem
  SSLCertificateKeyFile /etc/pki/tls/private/key.key.pem
  #SSLCACertificateFile /etc/pki/tls/certs/ca-chain.cert.pem
</VirtualHost>

Obviously, you should have installed your mod_ssl in the first place.

Thanks everyone!

Apache web server configuration - HTTP to HTTPS not working

2 Answers2