Hi Folks,

We are trying to implement SSL for our website login pages only through Apache reverse proxy.
We have installed & configured SSL certificates on apache proxy.

Here below is our apache2 config.

<VirtualHost *:80>
ServerName www.myweb.org:80

ReWriteEngine On
##### Redirect login page to https ######
# Redirect non-https requests for SSL URL paths to https
RewriteCond %{SERVER_PORT} !=443
RewriteCond %{REQUEST_URI} ^/actions/?
RewriteRule ^/(.*)$ [myweb.org...] [R=301,L]
#
# Redirect https requests for non-SSL URL paths to http

RewriteCond %{SERVER_PORT} =443
RewriteCond %{REQUEST_URI} !^/actions/?
RewriteRule ^/(.*)$ [myweb.org...] [R=301,L]

ProxyPass / [mywebbackendapp1:8080...]
ProxyPassReverse / [mywebbackendapp1:8080...]



<VirtualHost 10.0.0.134:443>

ServerName myweb.org
SSLEngine on
SSLOptions +StrictRequire

<Directory />
SSLRequireSSL
</Directory>

SSLProtocol all
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM


SSLCertificateFile /usr/local/apache2/conf/ssl/mywebcert.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl/mybwebcert.key
SSLCertificateChainFile /usr/local/apache2/conf/ssl/intermediate.crt

SSLVerifyClient none
SSLProxyEngine on


ProxyPass /actions [mywebbackendapp1:8080...]
ProxyPassReverse /actions [mywebbackendapp1:8080...]

We do get page with https, but can’t go back to http from https pages once users logged in.

Will much appreciate anyone help.

Thanks

AW