apachereverse-proxyvirtuoso

ProxyPassReverse does not keep correct protocol while redirecting


I have set up a Virtuoso server that serves Linked Data using content negotiation. The server is served through a reverse proxy Apache server and may be queried using http or https.

http://public.server.org/myapp      --> http://private.local.domain:1234/
https://public.server.org/myapp     --> http://private.local.domain:1234/

The Virtuoso server then performs content negotiation and redirects to /describe?...

I have no problem when accessing the public server through http. The redirection takes place and content is retrieved.

However, when I access the public server though https, the redirection sends me to http://public.server.org/describe?... (that is HTTP, not HTTPS).

I'm expecting to be redirected to https://public.server.org/describe?... (with the same protocol as the original query).

My configuration is:

<VirtualHost xxx.yyy.zzz.ttt:80>
  ServerName public.server.org
  ProxyPass /myapp              http://localhost:8890/myapp
  ProxyPassReverse /myapp       http://localhost:8890/myapp

  ProxyRequests Off

  <Location /describe>
    ProxyPass               http://localhost:8890/describe
    ProxyPassReverse        /describe
  </Location>

</VirtualHost>

<VirtualHost xxx.yyy.zzz.ttt:443>
  ServerName public.server.org
  ProxyPass /myapp              http://localhost:8890/myapp
  ProxyPassReverse /myapp       http://localhost:8890/myapp

  ProxyRequests Off

  <Location /describe>
    ProxyPass               http://localhost:8890/describe
    ProxyPassReverse        /describe
  </Location>

</VirtualHost>

Is it possible for apache to correctly reverse the proxy in order to maintain the original query protocol while redirecting?


Solution

  • After debugging with dumpio and Apache error logs, I think I found the problem.

    What happened?

    First, my configuration was incorrect. At another place I did not transcribe here, I had a ProxyPreserveHost On directive that was active. Hence, the configuration worked but for wrong reasons.

    Apache was keeping the Host and Virtuoso used this host. Hence, when sending a redirect to /describe..., Virtuoso was redirecting to http://public.server.org/describe... instead of my expected http://localhost:8890/describe...

    Hence, the redirection was not captured by the ProxyPassReverse directives and passed unchanged to the client (and it worked). The problem being that the redirection was always done through http, regardless of the original query scheme.

    Solution

    I decided to drop the ProxyPreserveHost On directive and rely on a correct ProxyPassReverse directive.

    For an unknown reason, I could not figure out the correct setting inside the Location, hence I used the settings:

    <VirtualHost xxx.yyy.zzz.ttt:443>
      ServerName public.server.org
      ProxyPass /myapp              http://localhost:8890/myapp
      ProxyPassReverse /myapp       http://localhost:8890/myapp
    
      ProxyRequests Off
      ProxyPreserveHost Off # To avoid problems if it is set On elsewhere.
    
      ProxyPass /describe http://localhost:8890/describe
      ProxyPassReverse /describe http://localhost:8890/describe
    </VirtualHost>
    

    Note: I only changed the https settings as the http ones were functioning somehow (hence the http virtualhost still uses ProxyPreserveHost On and no ProxyPassReverse