Hi Trini,
There is a property that you can set in the portal-ext.properties file that will force the protocol to be HTTP. Add this to your portal-ext.properties file
web.server.protocol=http
This setting is not a INSTANCE based setting but rather a server wide setting. So it means that all urls that are generated by Liferay will use http as a protocol regardless of what protocol the inbound request contained. So it means both your INSTANCE 1 and your INSTANCE 2 will use http for their links (unless you have hardcoded a link somewhere in your code).
Some people configure their proxies to force a certain protocol for a domain. So if a request comes in using, say HTTP, the request is redirected to the same URL but using HTTPS. You could try to use a technique like this to get HTTPS on INSTANCE 1, but not on INSTANCE 2. I think the most important part though is that you have the default protocol to HTTP coming from Liferay because you cannot redirect from HTTPS -> HTTP for obvious (security) reasons.
I'm not a security guy though and my immediate concern with this solution, assuming it even works, is that the initial INSTANCE 1 request would be HTTP. For pages that might send sensitive information (say a login form) you'd want to make sure that you hardcode the URL to https. Otherwise I think someone could sniff your initial request before the proxy did the 302 to use HTTPS.
The other option is to use the opposite property -- force all the resulting protocols on both instances to https. Use your proxy to do SSL termination so that the traffic between the proxy and your Liferay server is http, but the links that LR generates are all secure. In terms of "cost" really its just an SSL cert and that's a pretty insignificant expense. Personally I would go with this option. I use this one with several client and I am sure it is the model used by most.
Hope that helps.
