• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 980
  • Last Modified:

mod_proxy by URL acting weird

Hi Guys i hope  someone can help me

I Have an apache server that his main funtion is to do reverse proxy

we have a jboss as 7 with liferay and in the same box aN apache server; everything running on a RHEL 6.2 Server

We tried to make that apache server handled the certificates, but after some research i found that jobss and apache need to have certificat to works fine.

At this moment Jboss has certificates enabled listening on port 8443

My https on the apache is running on port 8181, the reason is that firewall forward al request from port 443 to the server  port 8181

The configuration i have works fine if everything is by ip, but if i use url the login part is the one is not workin; becuase after login it keeps by http and not https even that the action of login call to the https.

Login by IP
Works fine, the login action calls to https; authetication is done  using https ( i got the certificate) and next page after authentication still by htts

Login using URL

Login action calls to https , the authentication is done https ( becuase it show me the certificate), but when the portal show me the next page it show it as http  

This is my httpd.conf file

<VirtualHost *:8181>

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel debug

SSLEngine on
SSLProxyEngine On

SSLCertificateFile /var/tmp/sfp.crt
SSLCertificateKeyFile /var/tmp/sfp.key

ProxyRequests Off
ProxyPreserveHost On
ProxyPass / connectiontimeout=300 timeout=300
ProxyPassReverse / keepalive=On


ProxyRequests On
ProxyPreserveHost On
ProxyVia full
ProxyPass / keepalive=On
ProxyPassReverse / keepalive=On

  Any idea

what is happening ?
  • 2
  • 2
1 Solution
Pepe2323Author Commented:
since this question has been assigned to DNS topic i will update with more info.

this is DEV server and i don't have dns working on that what we have been doing is chaning the /etc/hosts file to point to ip.ip.ip.ip www.dev.mx on the server and also on our local computers

I have made test using the public ip and the internal ip and both face the same issue when i use www.dev.mx

Architecture  using Public ip

Client ---- > Firewall -----> apache ----> App server

Firewall listen on regular ports (80 and 443), apache listen on ( 8080 for http and 8181 for https) and app server listen ( 8081 for http and 8443 for https)

Architecture  using internal ip

Client -----> Apache ---> App server

I hope this help to find a solution
does your login page redirect to a proper IP or FQDN? can you please post the URL to be redirected to
Pepe2323Author Commented:
At this moment i'm not able to get the exact url, someone did a mess on the server and crashed so they are working on the restore process.

i'm gonna try to explain your question i hope will be understandable.

i have done severl tests

usgin public ip

on my client browser i type http://200.x.x.x

Action button  login calls to https://200.x.x.x/Guest/home ( i checked this using firebug)

As soon as i push it, it show me the certificate,  and next page it been show also by https

Conclusion by ip is working fine.

Test 2:

using url

As i said there is not dns for this dev server, so in my hosts file i defined www.gob-dev.mx
as the public ip 200.x.x.x; i did on ther client computer and in the server.

Action of the login calls to https://www.gob-dev.mx/Guest/home

i can access by http using www.gob-dev.mx , when i type my login and password and push "login" button it show me the certificate, but the next page that after login show with http; the ur it show is like http://www.gob-dev.mx

Conclusion: my guess something after the login when i use url, is calling for the next page without the https.

I wonder what is the difference on the process when i use url than when i use ip

If you need the exacts urls when i use ip and when i use url i will get it but i will take me sometime; need to wait the server being restored again.
please check with firebug if you get this redirect from the server (some 30x response) or if the redirect is inside the HTML (meta tag or javascript)

There's some info on the Liferay site, as to how to enforce HTTPS usin mod_proxy (rewrite rules for your plain HTTP virtual host).  See: "Secure form post"

Anyway a simpler and more efficient solution would be to terminate the SSL conversation at the Apache layer and simply use  AJP (mod_jk) to connect to your Jboss instance. Seeing both are on the same physical server the security risks are minimal,


Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now