On Wed, Feb 8, 2017 at 8:30 AM David Gerard <dgerard(a)gmail.com> wrote:
We have an external IP, which accepts SSL on 443 and
http:// on 80,
and passes both through to the back-end server as plaintext on port
80. So both
https://example.wiki and
http://example.wiki work, because
we have legacy http:// URLs in documentation *everywhere* that need to
keep working.
This seems a little complicated. Why can't you have them both on the
same public Apache and define multiple Vhosts instead of passing through
like a proxy?
Trouble is: how do I get it, when it gets an http://
URL, to
auto-redirect to https:// ?
If you weren't doing the passthru stuff, I'd suggest something like this
in your VirtualHost config for the :80:
RewriteEngine on
RewriteRule ^/(.*)$
https://foo.wiki/$1 [L,R=301,NE]
Remember that the server sees *only* http://
connections, it isn't
doing SSL at all - SSL is terminated at the external IP.
(Can Apache even see if the incoming request was originally https:// ?)
Since you're using two layers of Apache and basically proxying, no, the
second Apache can't know. What you *could* do is set a header at the
termination Apache though that passes the data through. Something with
SetEnv or SetEnvIf (name it something like X_WAS_HTTPS) and then
check for that at your second layer.
-Chad