Wildcard SSL vhosts configuration with RewriteEnginer - apache

I am currently working to configure a domain that has many wildcard subdomains. I want to make sure the following occurs.
All *:80 traffic gets translated to the corresponding fqdn domain name in HTTPS
For Example:
http://jane.example.com -> https://jane.example.com
http://jack.example.com -> https://jack.example.com
http://www.example.com -> https://www.example.com
A couple caveats:
A. my ssl cert is a wildcard, so if there is no host, I want to make sure the redirect includes a host of www. both on *:80 and *:443
http://example.com -> https://www.example.com
https://example.com -> https://www.example.com
The vhost looks like:
<VirtualHost 108.161.x.x:443>
Servername %1.example.com
ServerAlias www.example.com
DocumentRoot /home/sites/example.com/www
ErrorLog logs/md-ssl-error_log
CustomLog logs/md-ssl-access_log common
SSLEngine on
SSLCertificateFile /etc/ssl/kl_crt.crt
SSLCertificateKeyFile /path/to/kl_pk.key
SSLCertificateChainFile /path/to/kl_cab.crt
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>
The regular http traffic here
<Virtualhost 108.161.x.x:80>
ServerName %1.example.com
RewriteEngine On
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>
Anyone know whats wrong with my code?

You can try something like this :
ServerName example.com
ServerAlias %1.example.com
DocumentRoot /home/sites/example.com/%1

Related

Apache VirtualHost redirect, change only domain

How can I create VirtualHost to redirect all links changing only its domain, including subdomain and parameters:
exampleA.com -> exampleB.com
test.exampleA.com -> test.exampleB.com
test1234.exampleA.com/url/test.html?param=222 -> test1234.exampleB.com/url/test.html?param=222
I want to redirect all subdomains like *, and it should be permanent 301
Now I have a simple 301 redirection
<VirtualHost *:80 *:443>
ServerName exampleA.com
ServerAlias *.exampleA.com
RewriteEngine On
Redirect 301 / https://exampleB.com
</VirtualHost>
I have never done something like this, but try the redirect option in your virtualhost file. First enable rewrite
sudo a2enmod rewrite
Then in your virtualhost file
RewriteEngine on
RewriteCond %{SERVER_NAME} =exampleA.com [OR]
RewriteCond %{SERVER_NAME} =www.exampleA.com
RewriteRule ^ https://exampleB%{REQUEST_URI} [END,NE,R=permanent]
Read more about this here: https://httpd.apache.org/docs/2.4/rewrite/remapping.html
It takes the original domain and rewrites to another. In older apache I remember it goes something like this:
<VirtualHost *:80>
ServerName www.domain1.com
Redirect / http://www.domain2.com
</VirtualHost>
I found the solution:
<VirtualHost *:80 *:443>
ServerName exampleA.com
ServerAlias *.exampleA.com
RewriteEngine On
RewriteCond %{HTTP_HOST} (.+\.)?exampleA\.com$ [NC]
RewriteRule (.*) https://%1exampleB.com$1 [R=301,L]
</VirtualHost>

virtual host force https and redirect www to non-www, but no other subdomains

This is essentially the same question as htaccess force https and redirect www to non-www, but no other subdomains (i.e., I want to configure Apache to redirect all non-HTTPS and/or "www" URLs to HTTPS non-www URLs), but I want to configure Apache via a Virtual Host rather than an .htaccess file (since I read that avoiding .htaccess has some benefits).
I was able to get the following answer to work when using an .htaccess file: https://stackoverflow.com/a/34333450/1468130 But it did not work when I tried transferring that answer's configuration to my Virtual Hosts configuration; "https://www.domain.com" never redirected to "https://domain.com".
I read up on the differences between .htaccess and Virtual Host .conf files, and found this http://tltech.com/info/rewriterule-in-htaccess-vs-httpd-conf/ and this: https://www.digitalocean.com/community/questions/can-you-use-virtual-host-config-conf-to-redirect-www-domain-to-non-www?answer=15129 which seemed to hint that I could just wrap the configuration in a <Directory> block and it would work. Unfortunately, it doesn't ("https://www.domain.com" is still never redirected to "https://domain.com"), so I'm wondering if the Internet knew what I was doing wrong:
<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin admin#domain.com
DocumentRoot /var/www/domain.com/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/domain.com/>
RewriteEngine On
# match any URL with www and rewrite it to https without the www
RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]
# match urls that are non https (without the www)
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^(www\.)(.*) [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</Directory>
</VirtualHost>
I've also tried configuring <VirtualHost *:443> as Dusan Bajic suggested in the comments, but that has no effect either; https://www.domain.com still won't redirect to https://domain.com:
<VirtualHost *:443>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin admin#domain.com
DocumentRoot /var/www/domain.com/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem
<Directory /var/www/domain.com/>
RewriteEngine On
# match any URL with www and rewrite it to https without the www
RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]
</Directory>
</VirtualHost>
Also per the comments, I have tried the above *:443 configuration paired with a *:80 configuration with the <Directory> block changed to only redirect HTTP to HTTPS. But when I do that, "www" never gets removed.
<Directory /var/www/paradoxmayhem.com/>
RewriteEngine On
RewriteCond %{SERVER_NAME} =www.paradoxmayhem.com [OR]
RewriteCond %{SERVER_NAME} =paradoxmayhem.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</Directory>
Got it! Apparently, when I used letsencrypt (certbot) to configure SSL, it automatically created another virtual host file (at /etc/apache2/sites-enabled/domain.com-le-ssl.conf), which has its own definition for the domain.com *:443 Virtual Host, and seems to have taken precedence over any of the *:443 configuration I tried to set up before. I added the following code to the -le-ssl.conf file, and now my redirects finally work in all the cases I desired, using 100% Apache Virtual Host configuration:
<Directory /var/www/domain.com/>
RewriteEngine On
# match any URL with www and rewrite it to https without the www
RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]
</Directory>

Access to phpmyadmin is not possible now due to redirection of virtualhosts

I have a server with two subdomains, so I set up redirection for both of my subdomains specially because I want to force that the two subdomains are accessed only by https instead of http. My ideal scenario would be that I have those redirection untouched and be able to access phpMyAdmin locally (for security reasons obviously) but the problem now is that when I type the following in my browser:
127.0.0.1/phpmyadmin or localhost/phpmyadmin it takes me to https://example1.com/webservice/myrestfile-REST.php?appconfig=example
Is there any way to solve this problem?
This is the configuration that I currently have with the redirection:
<VirtualHost *:80>
ServerName example1.com
ServerAlias API.com
ErrorLog /var/www/html/error.log
CustomLog /var/www/html/requests.log combined
DocumentRoot /var/www/html
RewriteEngine On
LogLevel alert rewrite:trace6
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^ https://example1.com/webservice/myrestfile-REST.php?appconfig=example [R,L]
Redirect permanent / https://example1.com
# RewriteRule ^(.*)$ /webservice/myrestfile-REST.php?appconfig=example [QSA,L]
</VirtualHost>
<VirtualHost *:443>
ServerName example1.com
DocumentRoot /var/www/html
RewriteEngine On
RewriteRule ^(.*)$ /webservice/myrestfile-REST.php?appconfig=example [QSA,L]
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/40d5d69ae6a53.crt
SSLCertificateKeyFile /etc/httpd/ssl/sitekey.key
SSLCertificateChainFile /etc/httpd/ssl/gd_bundle-g2-g1.crt
</VirtualHost>
It looks like you have apache set to listen on any ip <VirtualHost *:80> which would include the loopback address 127.0.0.1. See if you can just use the condition to ignore those.
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/phpmyadmin$ [NC]
RewriteCond %{HTTP_HOST} !^127\.0\.0\.1 [OR]
RewriteCond %{HTTP_HOST} !^localhost [NC]
RewriteRule ^(.*)$ /webservice/myrestfile-REST.php?appconfig=example [QSA,L]
See how that works and let me know.

redirect www to non-www https with apache & .htaccess

I've seen a lot of these questions being asked but I have yet to find one that works for my scenario. I have tried almost every single one of them and just can't get it to work.
Could someone explain how I can get www.domain.com and www.subdomain.domain.com to redirect to https without the www?
Here is what I have so far:
Currently, I have the following DNS records:
A # 1.2.3.4
A subdomain 1.2.3.4
CNAME www domain.com.
CNAME www.subdomain subdomain.domain.com.
I also have a virtual host file as follows below (almost exact replica's for subdomain as well):
<VirtualHost *:80>
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
<VirtualHost *:443>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin webmaster#localhost
DocumentRoot /path/to/public_html
SSLEngine on
SSLCertificateFile /path/to/domain.crt
SSLCertificateKeyFile /path/to/domain.key
SSLCertificateChainFile /path/to/domain-bundle
<Directory "/path/to/public_html">
AllowOverride All
</Directory>
ErrorLog ${APACHE_LOG_DIR}/domain-error.log
CustomLog ${APACHE_LOG_DIR}/domain-access.log combined
</VirtualHost>
In the 443 virtualhost, try adding:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R]
So this is what i've learned. www.domain.com is different than domain.com. This is includes subdomains too. Ideally, you are going to want to have an SSL certification for both of these names. If you are like me, however, I didn't really want to spend the money.
The following fix works if a user types the following into the address bar:
http://www.domain.com => Will be redirected to https://domain.com
www.domain.com => Will be redirected to https://domain.com
https://domain.com => Will stay as is, secured with no errors.
https://www.domain.com => This is the only thing that will give a user a notice.
Luckily, I don't see any user typing this into the browser.
I've removed the following from my DNS because I've come with terms that www.subdomain.domain.com isn't practical unless I spend more money on another CERT, but I'm fine with this domain failing if they use a www.
CNAME www.subdomain subdomain.domain.com.
And this is now my new VirtualHost *:80 that I replaced with the one in my question.
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.*)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]
</VirtualHost>
Thanks again, to Jon Lin for responding and helping me out.

Variable/Dynamic/REGEX Virtualhost in Apache?

Just an off the wall question today. Is it posible to vary DocumentRoot of a virtualhost based on the subdomain requested like so?
<VirtualHost *>
ServerName ^VARIABLE$.example.com
DocumentRoot ~/Sites/^VARIABLE$
</VirtualHost>
Yes it is possible:
Step1: Setting up Wildcard DNS
You have to add an A Record that points to your server's IP like that:
*.example.com. IN A 192.168.1.1
Step2: Set up apache VirtualHost
<VirtualHost *>
ServerName www.example.com
ServerAlias *.example.com
DirectoryIndex index.html
DocumentRoot /home/www/www.example.com/htdocs
....
</VirtualHost>
Notice the important line: ServerAlias *.example.com. This will tell Apache that any host with the .example.com suffix will match this virtual host too.
Step3: Setting up Rewrite Rules
You have to add this lines in your .htaccess file located in your web root folder (eg. /home/www/www.example.com/htdocs):
RewriteEngine on
RewriteCond %{http_host} .
RewriteCond %{http_host} !^www.example.com [NC]
RewriteCond %{http_host} ^([^.]+)\.example.com [NC]
RewriteRule ^(.*) http://www.example.com/%1/ [R=301,L,QSA]
That way a request for foo.example.com will redirect visitors to example.com/foo and so on. Good luck.
(Reference: http://www.debian-administration.org/articles/358)