How to configure Apache as a reverse proxy when terminating ssl at a load balancer?

Matthew Wang
2021-08-22 06:28

Subject:

There may be cases where you are terminating SSL at the load balancer (so all requests hitting the reverse proxy are http). If so, the reverse proxy configuration would be different than the default configuration Artifactory generates. 

Solution:

Below is an example of an apache configuration (nginx should be similar), with the important parts involving the necessary request headers bolded and underlined:

<VirtualHost>

    ProxyPreserveHost On
 
    ServerName test.artifactory.com
    ServerAlias *.test.artifactory.com
 
    ErrorLog /var/log/httpd/error-80.log
    LogLevel warn
    CustomLog /var/log/httpd/access-80.log combined
 
    AllowEncodedSlashes On
    RewriteEngine on
 
    RewriteCond %{SERVER_PORT} (.*)
    RewriteRule (.*) – [E=my_server_port:%1]
    ##  NOTE: The 'REQUEST_SCHEME' Header is supported only from apache version 2.4 and above
    RewriteCond %{REQUEST_SCHEME} (.*)
    RewriteRule (.*) – [E=my_scheme:%1]
 
    RewriteCond %{HTTP_HOST} (.*)
    RewriteRule (.*) – [E=my_custom_host:%1]

    RewriteCond "%{REQUEST_URI}" "^/(v1|v2)/"
    RewriteCond "%{HTTP_HOST}" "^(.*).test.artifactory$"
    RewriteRule "^/(v1|v2)/(.*)$" "/artifactory/api/docker/%1/$1/$2" [PT]

    RewriteRule ^/$               https://artifactory.test.artifactory/artifactory/webapp/ [R,L]
    RewriteRule ^/artifactory(/)?$     https://artifactory.test.artifactory/artifactory/webapp/ [R,L]
    RewriteRule ^/artifactory/webapp$  https://artifactory.test.artifactory/artifactory/webapp/ [R,L]

 
    RequestHeader set Host %{my_custom_host}e
    RequestHeader set X-Forwarded-Port 443 
    ## NOTE: {my_scheme} requires a module which is supported only from apache version 2.4 and above
    RequestHeader set X-Forwarded-Proto https
    RequestHeader set X-Artifactory-Override-Base-Url https://artifactory.test.artifactory/artifactory

    ProxyPassReverseCookiePath /artifactory /artifactory
 
    ProxyRequests off
    ProxyPreserveHost on
    ProxyPass /artifactory/ http://artifactoryhaaz01.azw.gapinc.com:8081/artifactory/
    ProxyPassReverse /artifactory/ http://artifactoryhaaz01.azw.gapinc.com:8081/artifactory/

</VirtualHost>

For the above, you can also choose to take out the below RewriteRules, and let Artifactory handle the redirects:

    RewriteRule ^/$               https://artifactory.test.artifactory/artifactory/webapp/ [R,L]
    RewriteRule ^/artifactory(/)?$     https://artifactory.test.artifactory/artifactory/webapp/ [R,L]
    RewriteRule ^/artifactory/webapp$  https://artifactory.test.artifactory/artifactory/webapp/ [R,L]