Thursday, April 11, 2019

Warning: 199 APEX "HTTP request but need HTTPS" on Apache Reverse Proxy

Symptom:

  We have APEX and ORDS running on port 8888. We have TLS/SSL enabled on LoadBalancer.  We have reverse proxy configuration for Http and Ords

 ProxyPass "/apex" "http://localhost:8888/apex" retry=60
 ProxyPassReverse /apex http://localhost:8888/apex
 ProxyPreserveHost On

When we apex applications are not verifying HTTPS connections, all are fine. After apex applications start to verify HTTPS connections, error out though we have TLS on Loadblanancer
Warning: 199 APEX "HTTP request but need HTTPS"

Solution:

It turns out issue on type Loadbalancer we created. By default it is on TCP-443, so it is on Transport Layer , it has no idea it is https or http, connections pass to apex application is  TCP connections with port 443. So apex application would not regard it as https.

We need to change Loadbalancer type to HTTP -443 which is Application Layer, in this way, apex application can see it is https, thus the issue is gone.

In OKE service yaml file , we can add below to inform OCI LB to use "HTTP"

service.beta.kubernetes.io/oci-load-balancer-backend-protocol: "HTTP"

Tips for Apache Reverse Proxy

  • It is fine from HTTPS --> HTTP  
  • Need extra work for HTTP --> HTTPS . SSLProxyEngine --> ON  Apache link  stackoverflow link
  • HTTPS --> HTTPS is similar as HTTP --> HTTPS