We have a Java/Jetty server. The servlets on this server are called by some of our internal applications over http.
I have been asked to create a webapp /website which will use many of these servlets / api.
However this is an external customer facing website and needs to be served over https / ssl. The servelet urls look like
http://internalServer:9999?parameters.
Now my webapp is ready and has been deployed on Apache on Debian. Everything works fine but as soon as I enable
https/ssl the backend calls do not go through. On chrome I get “Mixed content. Page was loaded on https but is requestig resource over http…”. On Safari I get -could not load resource due to access control checks.
I understand the reasons for these errors but I would like to know ways to solve this.
I have full control over apache server and website code.
I have very limited control over internal jetty server and no control over servelt code.(don’t want to mess with existing apps).
Is there something I can do just with apache configuration? can I use it as a reverse proxy for the Jetty(http) server?
Thanks for your help.
2
Answers
That error message means your HTML has resources that are being requested over
http://...
specifically.You’ll need to fix your HTML (and any references in javascript and css) that request resources (or references resources) to also use
https://....
If you try to call an http service from an https site you will have
Mixed content
error.You can avoid that error using apache2 proxy settings inside your
example.org.conf
You can find it inside the folder
/apache2/sites-enabled
Add some code:
From your https site you have to fetch the url
to reach the service.
In that way you can call your services http from a https site.