1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 6:09 pm May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Apache proxy + SSL

         

onetwentynine

12:13 am on Jun 8, 2012 (gmt 0)

10+ Year Member



Hey guys,

Long time listener, first time caller :)

I am trying to figure out how to set up a site that is doing some serving of content locally and then proxying whatever doesn't match the proxy rules to another server which is at the client's DC. Here's what I am working with: 


ProxyPass /en-US ajp://localhost:50101/en-US
ProxyPass /en-CA ajp://localhost:50101/en-CA

# now proxy the remainder of traffic to the client's DC

ProxyPass / http://www1.example.ca/
ProxyPassReverse / http://www1.example.ca/


I will also need to proxy SSL traffic, but I am drawing a blank on how to incorporate that into the existing configuration which is just an include file under /etc/httpd/vhosts.d/

Any insight is much appreciated!

Cheers,
-ds

onetwentynine

4:44 pm on Jun 11, 2012 (gmt 0)

10+ Year Member



Does anyone think that this is a better config? 


RewriteCond %{REQUEST_URI} !^/(en-CA|/en-US)
RewriteRule ^/$http://www1.example.ca [P]

onetwentynine

7:07 pm on Jun 15, 2012 (gmt 0)

10+ Year Member 



[/code]Any proxy experts? I am looking for the best to way to proxy specific content to localhost and the remainder (non-matching) content to another website. Are these configs equivalent?
so

[code]
ProxyPass /en-US ajp://localhost:50101/en-CA
ProxyPass /en-CA ajp://localhost:50101/en-US
ProxyPass /foo  ajp://localhost:50101/foo
ProxyPass /test  ajp://localhost:50101/test


# now proxy the remainder of traffic to the client's DC

ProxyPass / http://www1.example.ca/
ProxyPassReverse / http://www1.example.ca/


or 


RewriteCond %{REQUEST_URI} !^/(en-CA|/en-US|/foo|/test)
RewriteRule ^/$ http://www1.example.ca [P]

g1smd

7:33 pm on Jun 15, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month 



!^/(en-CA|/en-US|/foo|/test)

matches
not 
/en-CA

not 
//en-US

not 
//foo
and
not 
//test


The double slash would be a big problem if the rest of the rule had been correctly coded. 


RewriteRule ^/$ http://www1.example.ca [P]

If this rule is in htaccess, it will work only for requests for 
example.com//
with a double slash.

Additionally, the target URL should end with a trailing slash.

onetwentynine

7:36 pm on Jun 17, 2012 (gmt 0)

10+ Year Member



Oh whoops, that was not right at all... This should be correct yes?: 

RewriteCond %{REQUEST_URI} !^/(en-CA|en-US|foo|test)
RewriteRule ^/(.*) http://www1.example.ca [P]

I also need this to work with https traffic, but I am unsure of the best way to write the logic. Should I create an additional rule or add an [OR] to the existing one?

g1smd

7:43 pm on Jun 17, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



The leading slash in the rule pattern must be removed if the rule is located in the htaccess file.

You'll need 
/$1
on the end of the rule target if you want to pass the requested page name through.

Set up a rule for http and another for https. Test the protocol using a RewriteCond looking at 
%{SERVER_PORT}
for port 443 in one rule and for NOT port 443 in the other rule.

onetwentynine

8:39 pm on Jun 17, 2012 (gmt 0)

10+ Year Member



For the record, this code is being applied directly to a vhosts.d/examplesite.ca.conf (no .htaccess)

BTW, are these equivalent? 

RewriteCond %{HTTPS} on

and 
RewriteCond %{SERVER_PORT} ^443$


Here is the amended code: 

RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_URI} !^/(en-CA|en-US|foo|test)
RewriteRule ^/(.*) http://www1.example.ca/$1 [P]

RewriteCond %{SERVER_PORT} ^443$
RewriteCond %{REQUEST_URI} !^/(en-CA|en-US|foo|test)
RewriteRule ^/(.*) https://www1.example.ca/$1 [P]

Now that I have proxied everything NOT matching these 4 patterns, back to my original question...how should I manage the handling of these 4 patterns locally? As I referenced in my 1st post there is a Tomcat AJP connector listening locally on port 50101.

Thanks for your help so far!

g1smd

8:46 pm on Jun 17, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



The http rule should also reject requests for URLs which should always be https.

The https rule should also reject requests for URLs which should always be http.

Unfortunately can't help you with the Tomcat stuff.

onetwentynine

9:42 pm on Jun 17, 2012 (gmt 0)

10+ Year Member



How do you mean? Shouldn't the 
!^443$
or 
^443$
code cover this?

g1smd

9:53 pm on Jun 17, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



If /folder1/ is supposed to be http and /folder2/ is supposed to be https, your current code allows both folders to be requested both ways.

onetwentynine

7:43 pm on Jun 21, 2012 (gmt 0)

10+ Year Member



Ok I think I see what you mean. How would you accomplish this within the same rule?

Thanks for your help!
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 6:09 pm May 1, 2026