On 17/04/2020 18:15, rugman66 . wrote: > Made correction to ProxyPass and ProxyPassReverse.
Good. Changing the context path in the reverse proxy opens up the possibility for all sorts of breakage and is generally best avoided if at all possible. <snip/> > I have Apache 2.4.6 running as reverse proxy for Tomcat 7.0.96, both > running SSL, and a functioning redirect from HTTP to HTTPS for both > Apache and Tomcat. ( Need to use both these releases due to IT > availability and app requirements ) > Prior to enabling SSL on both a Json GET command made to the > application worked. Now after enabling SSL and the Apache redirect, > when the json calls are made to the application with the URL starting > with HTTP:// that should be > redirected to HTTPS:// the following errors occurs. > > 415 Unsupported media type > "message": "Unsupported Media Type in Header" Can you tell where that error message is coming from? httpd? Tomcat? The application? > When the same json GET command is issued to the same URL using > HTTPS:// it works. It looks as if communication is breaking down > between Apache and Tomcat. What URL is used with that GET? What appears in the access logs (httpd and Tomcat) for each of those? Can you also log the HTTP headers sent and received by the client for each request? > Apache I'm no httpd expert... > <VirtualHost *:80> > ServerName http://foo.domain.com > Redirect / https://foo.domain.com/ > </VirtualHost> But the above looks to be consistent with: https://cwiki.apache.org/confluence/display/HTTPD/RedirectSSL > <VirtualHost _default_:443> > SSLEngine on > SSLProxyProtocol all > SSLCertificateFile "/auto/foo/ssl_certificate/cert.cer" > SSLCertificateChainFile "/auto/some-path/ssl_certificate/chain.cer" > SSLCertificateKeyFile "/auto/some-path/ssl_certificate/some.key" > SSLCipherSuite "ALL:!ADH:!SSLv2:!EXPORT40:!EXP:!LOW" > ServerName "foo.domain.com" > TraceEnable Off > ProxyRequests Off > ProxyPreserveHost Off > SSLProxyEngine on > AddDefaultCharset utf-8 > AddType 'application/json; charset=UTF-8' .json > ProxyPass "/app" "https://foo.domain.com:8443/app" > ProxyPassReverse "/app" "https://foo.domain.com:8443/app" > </VirtualHost> Hmm. I'm wondering about that AddType but it looks OK. > Tomcat > > <Connector port="8110" protocol="HTTP/1.1" > connectionTimeout="20000" > redirectPort="443" > proxyName="foo.domian.com" > ProxyPort="80" Will this become unnecessary once the HTTPS redirect is working? The redirect will always happen in httpd. > <Connector > port="8443" > scheme="https" > secure="true" > protocol="org.apache.coyote.http11.Http11AprProtocol" > SSLEnabled="true" > SSLCipherSuite="ALL:!ADH:!SSLv2:!EXPORT40:!EXP:!LOW" > SSLCertificateFile="/auto/foo/ssl_certificate/cert.cer" > SSLCertificateChainFile="/auto/some-path/ssl_certificate/chain.cer" > SSLCertificateKeyFile="/auto/some-path/ssl_certificate/some.key" > maxThreads="150" > clientAuth="false" > SSLProtocol="TLSv1.2 -SSLv2 -SSLv3 -TLSv1 -TLSv1.1" > maxHttpHeaderSize="32768" > URIEncoding="UTF-8" > /> Again, looks to be OK. > Appreciate any insight. I'd want to look at exactly what was in each request/response at each stage of this. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org