A
A
Alexander Semenenko2019-10-15 11:09:47
linux
Alexander Semenenko, 2019-10-15 11:09:47

Apache as a reverse proxy, is it correct to make the proxy work on https, and internal servers on http?

We have an apache reverse proxy on https and a non-standard port on the Internet.
Internal servers work on http.
ProxyPass
/xxx 192.168.1.6/xxx
ProxyPassReverse /xxx 192.168.1.6/xxx
The problem is when we try to open the address https ://our_url:port/xxx
We are redirected to http ://our_url:port/xxx / and we get an error because we are trying to connect to https via http.
Moreover, if we add a slash at the end: https://our_url:port/xxx/
Then the proxy works correctly and we get to the internal server.
That is, without the last slash it does not work, but with a slash it works.
Why is this and how can it be fixed?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
V
Victor Taran, 2019-10-15
@semenenko88

no, it's not right, and most importantly, 100% of mans on the Internet say the opposite.
Reasoning by the fact that the protocol can be replaced, however, this is a complete nonsense upon detailed consideration.
Insofar as.
1. httaccess knows nothing about what it is for a proxy and may be looping with redirects
2. errors in http reffer like syte.ru:443 or https://site.ru:80
3 js +ajax + sessions still nothing they don’t know about the protocol on the outside and will work incorrectly if they have https checks (and this happens)
in general it will work, but for 100% compatibility it’s naturally better to use the
http-http
https backing - https
in this case, everything will definitely work as expected, without any crutches.
and make a secure connection must be secure everywhere

M
Mikhail Vasilyev, 2019-10-15
@vasilyevmn

Try traefik as a reverse proxy instead of apache.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question