One of my users is having some trouble with forwarding to an internal web app from a public address.
Everything worked fine for him when the situation was like this:
- front page: http://www.myexample.com/
- public ref to internal app: http://www.example.com/app-8903/app.html
- secretly goes to: http://secret.example.com:8903/app-8903/app.html
This is to say, my user is providing the very last URL, with the port information duplicated in the URL base, and they were using that to give a public face that hid both the port and the internal machine name. You could still read the port in the URL base if you looked, but the obvious reference and machine name were hidden.
Doing it this way, he could have several different instances of the application running on secret.example.com with different ports, and on the front end it just looked like it was changing the URL directory/base.
Now the user wants to do the same thing over https:, and the people helping him with apache config say it can't be done.
Is that so? Without being there to tinker with the configuration myself, I'm not sure what his IT people have tried, but reading through the apache2 SSL FAQ and other docs, it seems like it should be possible to rewrite URLs to different ports and still use https:.
The SSL must be enabled only in the front end (public server), proxying a SSL request is the same of breaking the SSL security (man in the middle attack). So you will have: https://www.myexample.com/app-8903/app.html but it secretely will serve plain http connections from https://secret.myexample.com:8903/app.html
Of course if his apps try to redirect the URL to something else without SSL, there will be problems.