Apache Development
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me

The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.

Go Back   Dev Shed ForumsSystem AdministrationApache Development
Reload this Page

general - Secure website on Windows Apache which overrides Ruby proxy


Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old February 14th, 2012, 12:42 PM
ilya_sequence ilya_sequence is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Feb 2012
Posts: 1 ilya_sequence User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 47 m
Reputation Power: 0
general - Secure website on Windows Apache which overrides Ruby proxy
Hi all,

First of all I will describe the setup and then ask the question.

I have created a test website which is running on Apache 2.2 on Windows and uses Ruby on Rails 1.8 ( this older version is a requirement, but I think irrelevant to this question ) for a couple of dynamic pages, the rest of the pages are static.

The main website runs in "C:/MyRubyWebsite" through Ruby on Rails with 2 pages, "profile" and "other1", having dynamic URL which are re-written to HTTPS protocol (please see the configuration at the end of the question). The rest of the pages are served as is, they are static.

The same root directory, "C:/MyRubyWebsite", also contains a subdirectory for a PHP website, which does not depend on Ruby on Rails, e.g. "C:/MyRubyWebsite/phpwebsite". The latter would be accessible by going to "http://www.rubywebsitedomain.com/phpwebsite".

Now is the actual question. I need the PHP website, which is independent on Ruby on Rails, to be served under HTTPS. Given all the configuration below that would seem to be straightforward, just type HTTPS in front of the php website url, but when I do that the URL is re-written back to regular HTTP, e.g. non-secure.

What can be done here to allow for having non-Ruby website to be served under HTTPS?

Thank you ahead.

---------------------------------------------------------

The following is the configuration of the virtual directories within the Apache config (ip addresses, domains, and directory names are fictional, but otherwise the configuration is accurate):

--------------------- Apache Config ---------------------
Code:
Listen 111.222.333.444:80
Listen 111.222.333.444:443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLSessionCache        "shmcb:C:/Program Files/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

SSLMutex default

RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]

ProxyRequests Off
AllowCONNECT 443

<VirtualHost www.rubywebsitedomain.com:80>
     ServerAdmin webmaster@rubywebsitedomain.com
     DocumentRoot "C:/MyRubyWebsite"
     ServerName www.rubywebsitedomain.com
     ErrorLog "logs/rubywebsitedomain-err.log"
     CustomLog "logs/rubywebsitedomain-cust.log"
     ErrorDocument 503 /err503.html
     
     RewriteEngine on

# Configure mongrel instances to serve /info requests
     <Proxy balancer://mongrel_cluster>
         BalancerMember http://127.0.0.1:7771
         BalancerMember http://127.0.0.1:7772
	 BalancerMember http://127.0.0.1:7773
	 BalancerMember http://127.0.0.1:7774
     </Proxy>

   ProxyPass /info balancer://mongrel_cluster/info
   ProxyPassReverse /info balancer://mongrel_cluster/info

   RewriteCond %{REQUEST_METHOD} ^TRACE
   RewriteRule .* - [F]
   RewriteRule ^$ /

   RewriteRule ^/profile/(.*) https://www.rubywebsitedomain/profile/($1) [R,L]
   RewriteRule ^/other1/(.*) https://www.rubywebsitedomain/other1/($1) [R,L]

</VirtualHost>


<VirtualHost www.rubywebsitedomain.com:443>
     ServerAdmin webmaster@rubywebsitedomain.com
     DocumentRoot "C:/MyRubyWebsite"
     ServerName www.rubywebsitedomain.com
     ErrorLog "logs/rubywebsitedomain-secure-err.log"
     CustomLog "logs/rubywebsitedomain-secure-cust.log"
     ErrorDocument 503 http://www.rubywebsitedomain.com/err503.html

# Configure mongrel instances to serve /info requests
     <Proxy balancer://mongrel_cluster>
         BalancerMember http://127.0.0.1:7771
         BalancerMember http://127.0.0.1:7772
	 BalancerMember http://127.0.0.1:7773
	 BalancerMember http://127.0.0.1:7774
     </Proxy>

   ProxyPass /info balancer://mongrel_cluster/info
   ProxyPassReverse /info balancer://mongrel_cluster/info

   RewriteEngine on

   RewriteCond %{REQUEST_METHOD} ^TRACE
   RewriteRule .* - [F]

   ErrorLog logs/your_app_error_log
   CustomLog logs/your_access_log combined

   SSLEngine on
   SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
   SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/ssl/mycert.crt"
   SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/ssl/mycert.key"
   SSLCACertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/ssl/intercert.crt"

   <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
   </FilesMatch>
   <Directory "C:/Program Files/Apache Software   Foundation/Apache2.2/cgi-bin">
      SSLOptions +StdEnvVars
   </Directory>

   BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

   CustomLog "C:/logs/sslrlog.log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>
Reply With Quote
  #2  
Old March 11th, 2012, 10:39 AM
jharnois's Avatar
jharnois jharnois is offline
mod_dev_shed
Dev Shed God 20th Plane (14500 - 14999 posts)
  
Join Date: Sep 2002
Location: Atlanta, GA
Posts: 14,817 jharnois User rank is General 2nd Grade (Above 100000 Reputation Level)jharnois User rank is General 2nd Grade (Above 100000 Reputation Level)jharnois User rank is General 2nd Grade (Above 100000 Reputation Level)jharnois User rank is General 2nd Grade (Above 100000 Reputation Level)jharnois User rank is General 2nd Grade (Above 100000 Reputation Level)jharnois User rank is General 2nd Grade (Above 100000 Reputation Level)jharnois User rank is General 2nd Grade (Above 100000 Reputation Level)jharnois User rank is General 2nd Grade (Above 100000 Reputation Level)jharnois User rank is General 2nd Grade (Above 100000 Reputation Level)jharnois User rank is General 2nd Grade (Above 100000 Reputation Level)jharnois User rank is General 2nd Grade (Above 100000 Reputation Level)jharnois User rank is General 2nd Grade (Above 100000 Reputation Level)jharnois User rank is General 2nd Grade (Above 100000 Reputation Level)jharnois User rank is General 2nd Grade (Above 100000 Reputation Level)jharnois User rank is General 2nd Grade (Above 100000 Reputation Level)jharnois User rank is General 2nd Grade (Above 100000 Reputation Level) 
Time spent in forums: 1 Month 1 Week 4 Days 7 h 14 m 56 sec
Reputation Power: 1098
I don't have a definitive answer for you, but here are a few ideas:

I would start by enabling a RewriteLog and turning Apache's LogLevel up so you can get more information about a single request. Hopefully you can do this in a dev environment so it's easier to get the logs for just one request since high log levels in production will produce a lot of records.

I'm curious to know what happens if you go to https://www.rubywebsitedomain.com/phpwebsite/ (note the trailing slash). If "phpwebsite" is a directory and you request it without a trailing slash, Apache will redirect (not rewrite) the request in order to add the trailing slash. This is controlled by the DirectorySlash directive and is there due to security implications of not doing this (so don't just turn it off). You would think Apache would adhere to the original protocol, but maybe it doesn't (either a bug or possibly by design).
__________________
# Jeremy

Explain your problem instead of asking how to do what you decided was the solution.
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationApache Development > general - Secure website on Windows Apache which overrides Ruby proxy

« Previous Thread | Next Thread »

Developer Shed Advertisers and Affiliates



Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap