Apache 虚拟主机 proxypass 不适用于 HTTPS 中的根 url

Question

I wrote these Virtual Host entries for force https and to proxy the requests to a embed tomcat running at local 8080 for a Java Spring JSF app. It works fine for subdirectories like https://my.site.com/something.jsf but not to root https domain https://my.site.com , that gots redirect to just index.html (with no domain prefix).

For http request http://my.site.com it is correctly redirect to https with no issues.

When I had just *:80 with the same proxypass it worked just fine.

<VirtualHost *:80>
        ServerName my.site.com
        RedirectPermanent / https://my.site.com/
</VirtualHost>

<VirtualHost *:443>
        ServerName my.site.com
        ServerAlias my.site.com
        ProxyPreserveHost On
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/
        SSLEngine On
        SSLCertificateFile /etc/pki/tls/certs/localhost.crt
</VirtualHost>

httpd access_log:

https requests to root produces this log line:

201.8.25.80 - - [12/Feb/2021:14:37:21 -0300] "GET / HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36"

No error is reported in httpd error_log .

Tomcat log:

I got this stacktrace in the application log, but I'm not sure that is related, cause is's not logged everytime that root https is called.

INFO 3093 --- [http-nio-8080-exec-3] o.apache.coyote.http11.Http11Processor   : Error parsing HTTP request header
 Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.

java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
    at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:479) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:684) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:806) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[na:na]
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[na:na]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-8.5.34.jar!/:8.5.34]
    at java.base/java.lang.Thread.run(Thread.java:834) ~[na:na]

I'm looking for possible solutions and reasons for this behavior for days, and got nothing... If someone can help, I'll be grateful.

Answer 1

I didn't discover why the requests to root in https was being wrong redirected. But it's been solved by adding a <LocationMatch> that match to root and redirect to index.jsf , keeping the proxy directives, like so:

<VirtualHost *:443>
        ServerName my.site.com
        SSLEngine On
        SSLCertificateFile /etc/pki/tls/certs/localhost.crt

        <LocationMatch "^/?$">
                Redirect / /index.jsf
        </LocationMatch>

        ProxyPreserveHost On
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/
</VirtualHost>