Apache - Redirect Proxy

Example of redirect HTTP to HTTPS and regular reverse proxy:

<VirtualHost x.x.x.x:80 [x:x:x:x::x]:80>
        ServerAdmin [email protected]
        ServerName x.x.x
        ServerAlias xx.x.x
        LogLevel warn
        CustomLog /var/log/apache2/access.log combined
        CustomLog "|/usr/bin/logger -t apache -p local6.info" combined
        ErrorLog "|$tee -a /var/log/apache2/error_log |/usr/bin/logger -t apache -p local6.info"
        Redirect permanent / https://x.x.x/
</VirtualHost>

<VirtualHost x.x.x.x:443 [x:x:x:x::x]:443>
        ServerAdmin [email protected]
        ServerName x.x.x
        ServerAlias xx.x.x
        LogLevel warn
        CustomLog /var/log/apache2/access.log combined
        CustomLog "|/usr/bin/logger -t apache -p local6.info" combined
        ErrorLog "|$tee -a /var/log/apache2/error_log |/usr/bin/logger -t apache -p local6.info"
        ProxyRequests Off
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
        ProxyPass / http://x.x.x.x:9191/
        ProxyPassReverse / http://x.x.x.x:9191/
        ServerSignature On
        SSLEngine on
        SSLCertificateFile    /etc/apache2/ssl/x.crt
        SSLCertificateKeyFile /etc/apache2/ssl/x.key
        SSLCertificateChainFile /etc/apache2/ssl/sf_bundle-g2-g1.crt
</VirtualHost>

In case of invalid cert ie. self-signed at target add the following lines to 443 VHOST:

SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLProxyEngine On

In case you need to preserve the original host address ie. SAML, Shibboleth, etc.:

UseCanonicalName On
ProxyPreserveHost On