Hi GB. I have a similar solution.
Client --> https://mysite.com --> proxy --> http://backend. the url in the client broswer is https://mysite.com. this is my /etc/httpd/conf.d/ssl.conf: LoadModule ssl_module modules/mod_ssl.so LoadFile /usr/lib/libxml2.so LoadModule proxy_html_module modules/mod_proxy_html.so LoadModule xml2enc_module modules/mod_xml2enc.so Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex default SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin NameVirtualHost mysite.com:443 <VirtualHost mysite.com:443> ServerName mysite.com ProxyRequests off ProxyPass / https://10.173.90.167:8443/ ProxyHTMLURLMap https://10.173.90.167:8443 / <Location /> ProxyPassReverse https://10.173.90.167:8443/ ProxyHTMLEnable On ProxyHTMLURLMap / / RequestHeader unset Accept-Encoding </Location> SSLEngine on SSLProxyEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/httpd/cert/IT_Global_Alternative.cer SSLCertificateKeyFile /etc/httpd/cert/IT_Global_Alternative.key SSLCertificateChainFile /etc/httpd/cert/IT_Global_CA.cer <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> 2010/4/22 GB GB <gbcy...@gmail.com> > Basically what goes on when the user types in https://mydomain.com/lsw > he gets an authentification page from the backend application. Once he > enters his credentials, I notice a POST in the apache logs. > > This is what the user types in: > https://mydomain.com/lsw/clientele/gen/authentification.jsp > he enters his credentials, then a POST appears in the log : > POST /lsw/clientele/gen/authentification.jsp HTTP/1.1" 302 > > and in the browser I get the following: The connection has timed out > > > http://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P > > the above link doesn't work because its http rather than https!! > > If I add the "s" manually > > https://backend2.ca/lsw/clientele/ses/pagePersonnelle.jsp?Mouftah=VXV744A9SVZMU9P > then it works. > > 1)So how can I force the protocole to remain https once the client > does a POST..... > 2)I have noticed in many examples that people use PreserveHost on, in > my case, if activate > PreserveHost on then I cant even get the first page to work: > > Thx in advance > > > > > On Wed, Apr 21, 2010 at 4:56 AM, Krist van Besien > <krist.vanbes...@gmail.com> wrote: > > On Tue, Apr 20, 2010 at 6:41 PM, GB GB <gbcy...@gmail.com> wrote: > > > > > > > >> #this for some reason becomes http from client perspective > >> #PreserveHost on does not work with lsw, so I disabled it.... > >> RewriteRule ^/lsw(.*)$ http://backend2.ca:8082/lsw$1 > [NC,P,L] > >> ProxyPassReverse /lsw http://backend2.ca:8082/lsw > >> Redirect permanent /lsw https://mydomain.com/lsw > > > > First of all: Remove the "Redirect Permanent". It's not needed (as > > this virtualhost only gets https requests anyway) and confuses. If you > > want to make sure that people who accidentaly land on the http site > > get redirected to https you need to put a redirect in the http virtual > > host. > > > > Secondly: Look at what your backend produces. It is very well possible > > that it passes html pages back to the client that contain http:// > > style URLs. RewriteRule only operates on request URLs, > > ProxyPassReverse only on redirects passed back. The content passed > > back by the backend is not modified. > > > > HTH, > > > > Krist > > > > -- > > krist.vanbes...@gmail.com > > kr...@vanbesien.org > > Bremgarten b. Bern, Switzerland > > -- > > A: It reverses the normal flow of conversation. > > Q: What's wrong with top-posting? > > A: Top-posting. > > Q: What's the biggest scourge on plain text email discussions? > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP Server > Project. > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > > " from the digest: users-digest-unsubscr...@httpd.apache.org > > For additional commands, e-mail: users-h...@httpd.apache.org > > > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
