I'm just in the process of thinking through a design pattern for a specific feature and wanted to bounce a few ideas off other people who may have implemented this before.
www.main-website.com/api/ is to power all of the functionality in the background. Java based web application
something.another-website.com is to pull in content from www.main-website.com/api/something.another-website.com/
something.another-website.com may or may not be https, as such, nothing more than basic information will be being served which is publicly accessible anyway
My thoughts on this currently are;
something.another-website.com, use .htaccess (or equivalent for Nginx / IIS) to set up a proxy redirect along the lines of;
RewriteEngine on RewriteRule "^(.*)$" "https:// www.main-website.com/api/something.another-website.com" [P] ProxyPassReverse "/" "https:// www.main-website.com/api/"
This way, whenever someone accesses http://
something.another-website.com, then this is passed over to https://
www.main-website.com/api/something.another-website.com to handle and serve the content, all while appearing to the user that they are still on the http://
something.another-website.com website at all times.
The concept being that many websites will be using the API to pull in basic content into their own website which is all managed through a central platform at https://
A few questions on the topic;
Does this sound like a solid design pattern?
Are there likely to be any challenges related to a http website proxying through to a https website to request content?
Is there anything else I should be thinking about?
This framework is going to be the basis of a larger API as things scale, so I'm trying to foresee any challenges and make sure this is designed as best as possible from the start.