Symptom:
We have APEX and ORDS running on port 8888. We have TLS/SSL enabled on LoadBalancer. We have reverse proxy configuration for Http and OrdsProxyPass "/apex" "http://localhost:8888/apex" retry=60
ProxyPassReverse /apex http://localhost:8888/apex
ProxyPreserveHost On
When we apex applications are not verifying HTTPS connections, all are fine. After apex applications start to verify HTTPS connections, error out though we have TLS on Loadblanancer
Warning: 199 APEX "HTTP request but need HTTPS"
Solution:
It turns out issue on type Loadbalancer we created. By default it is on TCP-443, so it is on Transport Layer , it has no idea it is https or http, connections pass to apex application is TCP connections with port 443. So apex application would not regard it as https.We need to change Loadbalancer type to HTTP -443 which is Application Layer, in this way, apex application can see it is https, thus the issue is gone.
In OKE service yaml file , we can add below to inform OCI LB to use "HTTP"
service.beta.kubernetes.io/oci-load-balancer-backend-protocol: "HTTP"
Tips for Apache Reverse Proxy
- It is fine from HTTPS --> HTTP
- Need extra work for HTTP --> HTTPS . SSLProxyEngine --> ON Apache link stackoverflow link
- HTTPS --> HTTPS is similar as HTTP --> HTTPS
No comments:
Post a Comment