How do I return an SSL URL from a non-SSL Apache?
October 7, 2008 4:28 AM Subscribe
Help Apache gurus! How do I setup a virtual host when SSL terminates before my Apache server?
Hopefully this is easy since it seems like a common thing...
Here's the setup: Browser -> Load balancer -> Apache Server
The browser connects to the load balancer using https (https://www.example.com). But then the load balancer directs the request to Apache using http (http://host1.company.com). Fine.
Now, how do I use the virtual host directive to have Apache return an https url to the browser? If i just have:
<VirtualHost *:80>
ServerName www.example.com
</VirtualHost>
in httpd.conf then URLs are returned to the client as http URLs which doesnt work. Is this possible? Thanks!
Hopefully this is easy since it seems like a common thing...
Here's the setup: Browser -> Load balancer -> Apache Server
The browser connects to the load balancer using https (https://www.example.com). But then the load balancer directs the request to Apache using http (http://host1.company.com). Fine.
Now, how do I use the virtual host directive to have Apache return an https url to the browser? If i just have:
<VirtualHost *:80>
ServerName www.example.com
</VirtualHost>
in httpd.conf then URLs are returned to the client as http URLs which doesnt work. Is this possible? Thanks!
Best answer: Part #2 .... you'll want ServerAlias host1.company.com, and UseCanonicalName Off within your VirtualHost block.
posted by devbrain at 5:23 AM on October 7, 2008
posted by devbrain at 5:23 AM on October 7, 2008
Response by poster: oh cool thanks! Relative does work. Unfortunately absolute doesn't. I can't change the app. (Can't tell you the app without violating confidentiality)
The loadbalancer is F5. I dont know why it hadn't occured to me to rewrite at the load balancer. Thats definitely an option!
Why do I need ServerAlias? Won't Apache accept internal (behind the load balancer) URLs to the physical machine just fine by default?
posted by vacapinta at 5:43 AM on October 7, 2008
The loadbalancer is F5. I dont know why it hadn't occured to me to rewrite at the load balancer. Thats definitely an option!
Why do I need ServerAlias? Won't Apache accept internal (behind the load balancer) URLs to the physical machine just fine by default?
posted by vacapinta at 5:43 AM on October 7, 2008
What happens by default depends on the rest of the config.
If you have a NameVirtualHost on that ip:port pair already, then if you get a request for a host that's not listed as ServerName or ServerAlias, then apache will respond with the first vhost that matches. Which may, or may not be, the one you want.
posted by devbrain at 6:43 AM on October 7, 2008
If you have a NameVirtualHost on that ip:port pair already, then if you get a request for a host that's not listed as ServerName or ServerAlias, then apache will respond with the first vhost that matches. Which may, or may not be, the one you want.
posted by devbrain at 6:43 AM on October 7, 2008
Sounds like a job for mod_proxy and mod_proxy_html.
mod_proxy_html is an output filter to rewrite HTML links in a proxy situation, to ensure that links work for users outside the proxy. It serves the same purpose as Apache's ProxyPassReverse directive does for HTTP headers, and is an essential component of a reverse proxy.
You probably might need to set up an auxiliary virtual host to act as the proxy to rewrite the content, but that shouldn't be a big problem.
There's also one for XML if you're sending different sort of content.
posted by phax at 6:48 AM on October 7, 2008
mod_proxy_html is an output filter to rewrite HTML links in a proxy situation, to ensure that links work for users outside the proxy. It serves the same purpose as Apache's ProxyPassReverse directive does for HTTP headers, and is an essential component of a reverse proxy.
You probably might need to set up an auxiliary virtual host to act as the proxy to rewrite the content, but that shouldn't be a big problem.
There's also one for XML if you're sending different sort of content.
posted by phax at 6:48 AM on October 7, 2008
This thread is closed to new comments.
If you can't change ALL your absolute hrefs to relative, then you can try to fix the app or check your load balancer (or apache) for an in-line rewrite option to edit the pages on the fly to make the fix.
First question -- what's the app? what's generating the links? Fix that - and if you can't, fix it upstream. Next question -- what's the loadbalancer?
posted by devbrain at 5:22 AM on October 7, 2008