Tag Archives: apache

HowTo: Forcing traffic to https

Posted on by

Here I consider two cases for forcing all the traffic to https and I assume you are using Apache Webserver.

Case A) Without LoadBalancer
Suppose you are running a site without a load balancer. Add these lines to your Apache configuration file:

RewriteEngine On

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Suppose you have Virtualhost entries for Http (port 80) and Https (port 443) then add this to VirtualHost entry of Http.

Case B) With LoadBalancer
Consider a scenario where you have a Loadbalancer and the communication between loadbalancer and server takes place like this:
1. When a request comes on port 80 of the loadbalancer it communicates with server on port 80 (i.e. LB Port 80 ==> Server Port 80)
2. And when a request comes on port 443 of the loadbalancer it communicates with server on port 80 (i.e. LB Port 443 ==> Server Port 80)

Here servers are always working on port 80.

If you are using Apache as a LoadBalancer you need to add this to the VirtualHost entry of https:

RequestHeader set X-Forwarded-Proto "https"

On the server add this to the VirtualHost entry of http:

RewriteEngine On

RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

This will forward all the incoming requests on http to https.

This also works with Amazon’s Elastic Load Balancer as it has a support for X-Forwarded-Proto and X-Forwarded-Port.

HowTo: ReverseProxy to https in Apache

Posted on by

To enable reverse proxy (for http and https) you need these modules enabled in Apache:

  • mod_proxy
  • mod_proxy_http
  • mod_proxy_connect

When you reverse proxy requests to http, add following lines to Apache configuration file:

ProxyPass /abc http://test.com/xyz
ProxyPassReverse http://test.com/xyz /abc

This is proxy all the content on /abc to http://test.com/xyz. So when you access /abc you will see the contents of http://test.com/xyz.

But to reverse proxy https content you need a CA certificate. The CA certificate is the same certificate that the server uses to serve https content.
You need to add these lines in Apache configuration file:

SSLProxyEngine On
SSLProxyCACertificateFile ssl/certificate.pem
ProxyPass /abc https://test.com/xyz
ProxyPassReverse https://test.com/xyz /abc

For more details: http://www.apachetutor.org/admin/reverseproxies