Geek pop quiz!
Jun. 16th, 2008 01:31 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
theweaselkingApache2 server is proxying a rather stupid app off another server, such that https://apache/appname secretly and silently loads from http://stupidapp:8080/appname/, which is running Jetty. This is fine. Everything loads correctly.
However, Apache server is using https. Stupid app is http. Stupid app insists that all it's links go to http, meaning any time you click on a link on https://apache/appname it tries to take you to http://apache/appname/link. It actually uses Javascript to make sure that the rather clever Apache proxy won't fix the links for it, because it's stupid.
You can get the link you want by adding the "s" back to the URL, manually.
I want all those links to go to https://LINK automagically and without the user seeing anything.
Obvious solution: Have Apache listen to http://apache/appname/* and redirect to https://apache/appname/* - but what's the magic mod_rewrite formula to make that happen? I hate apache's documentation, and haven't found a good example yet.[1]
Obvious solution: Make the javascript app not stupid, or, rather, make it https everything instead of http. However, this is proving much harder than anticipated, because the app is really stupid. And this would also break it for internal users going directly to the http://stupidapp:8080/appname/ site. Not that I care *that* much, but I'd rather they both work.
Non-obvious solution: Anything else.
Pop quiz:How do I get this to work?
[1]: What I've been trying is this, inside the (working) http://apache/ site file:
But that doesn't work.
EDIT: Solved!
![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
prk pointed me at the correct syntax, and then I had a "DUH" moment when I realised my failures weren't showing in the log. Any of the logs. At all.
Because the HTTPS server isn't exposed to port 80 traffic from the outside, using it's full name. It's only visible from the inside using the local name.
Right, then.
Move the internal-only http app over to https (it doesn't HAVE to be http, it just always has been), change the site file for the internal site to be just this:
However, Apache server is using https. Stupid app is http. Stupid app insists that all it's links go to http, meaning any time you click on a link on https://apache/appname it tries to take you to http://apache/appname/link. It actually uses Javascript to make sure that the rather clever Apache proxy won't fix the links for it, because it's stupid.
You can get the link you want by adding the "s" back to the URL, manually.
I want all those links to go to https://LINK automagically and without the user seeing anything.
Obvious solution: Have Apache listen to http://apache/appname/* and redirect to https://apache/appname/* - but what's the magic mod_rewrite formula to make that happen? I hate apache's documentation, and haven't found a good example yet.[1]
Obvious solution: Make the javascript app not stupid, or, rather, make it https everything instead of http. However, this is proving much harder than anticipated, because the app is really stupid. And this would also break it for internal users going directly to the http://stupidapp:8080/appname/ site. Not that I care *that* much, but I'd rather they both work.
Non-obvious solution: Anything else.
Pop quiz:
[1]: What I've been trying is this, inside the (working) http://apache/ site file:
RewriteEngine on
RewriteRule ^appname/([^/\.]+) https://apache/appname/$1 [L]
But that doesn't work.
EDIT: Solved!
prk pointed me at the correct syntax, and then I had a "DUH" moment when I realised my failures weren't showing in the log. Any of the logs. At all.Because the HTTPS server isn't exposed to port 80 traffic from the outside, using it's full name. It's only visible from the inside using the local name.
Right, then.
Move the internal-only http app over to https (it doesn't HAVE to be http, it just always has been), change the site file for the internal site to be just this:
NameVirtualHost *:80
[VirtualHost *:80]
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://apacheservername/$1 [R,L]
[/VirtualHost]
(no subject)
Date: 2008-06-16 05:42 pm (UTC)RewriteEngine On
RewriteRule ^/(.*) https://secure.example.org/$1 [R=301, L]
I expect you'd tweak as:
RewriteRule ^/appname/(.*) https://apache/appname/$1 [R=301, L]
You may need to use other attributes if you're doing a GET with parameters, to have them redirect too.
But you'll be in for a lot of pain if your app uses POST though.
(no subject)
Date: 2008-06-16 05:54 pm (UTC)However, the http:// links are not being rewritten.
(no subject)
Date: 2008-06-16 05:59 pm (UTC)(no subject)
Date: 2008-06-16 06:54 pm (UTC)Maybe try a rewrite all, and see if it's picking it up?
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://apache/$1 [R,L]
You can also use the rewrite debugging to log to a file, then see if it's matching on anything (or even processing the rules!).
RewriteLog "/var/log/apache2/rewrite_log"
RewriteLogLevel 9
You want that after you turn on the engine, before you do the RewriteCond or RewriteRule.
3am here, so brains starting to shut down.
Good luck!
prk.
(no subject)
Date: 2008-06-16 07:07 pm (UTC)...fail!"
Taking out the log entries means it starts, but does nothing....
... and I've just found the problem. It's a stupid problem.
The server listens to port 80, from internal addresses.
Port 80 doesn't get to it from the outside world - the router blocks it.
The address I'm using is the FQDN.
So my client is never *reaching* the server to take the rewrite.
Fix that, and it works.
Gah. That was just stupid.
Now I just need to fire the firewall.
Thanks!
(no subject)
Date: 2008-06-17 12:53 am (UTC)How bizarre - syntax is correct, but other limits seem to not be allowing it. I could understand that in a .htaccess but I don't see why the sites config would not allow it, unless it has to be global config.
Groovy.
prk