I'm using PufferPanel to manage my game servers and I have run into a problem with the SSL certificate step. I'm using Lets Encrypt to generate a certificate and with that comes system files verification to make sure it is authentic. I can't get the .well-known to work as Pufferhost must have something within its JS which redirects anything to a 404 page. I found some resources online and came up with the configuration below. Unfortunately, it does not work. It shows a chrome error saying that I am performing too many redirects, how can I fix this. I really appreciate any help you can provide.
##################################################################################################
# PANEL VIRTUAL HOST #
##################################################################################################
<VirtualHost *:80 *:8080 *:443>
ServerName panel.example.com
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule .* ws://localhost:8080%{REQUEST_URI} [P]
</VirtualHost>
The vhost listen to Port 8080 and then redirect to Port 8080, that should be the loop.
I would suggest to use individual vhosts for each Port.
One for Port 80 HTTP and one for Port 443 HTTPS. Port 8080 needs no vhost because you redirect to it.
Then you can use the Vhost with Port 80 with a DocumentRoot where Lets-encrypt can store the .well-known/acme-challenge/.
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName www.example.com
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/var/www/html"
ServerName www.example.com
ProxyPreserveHost On
ProxyPass "/" "http://localhost:8080/"
ProxyPassReverse "/" "http://localhost:8080/"
</VirtualHost>
When you have the Lets Encrypt Certificate you can add an redirect from Port 80 to Port 443 to force HTTPS. Then you need to add the SSL-Certificate to the Port 443 vhost config.
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName www.example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/var/www/html"
ServerName www.example.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
ProxyPreserveHost On
ProxyPass "/" "http://localhost:8080/"
ProxyPassReverse "/" "http://localhost:8080/"
</VirtualHost>
Depending on your OS the SSLCertificateFile/SSLCertificateKeyFile-Path is at an other location.
Related
Hi I have been working on setting up my webserver. We have the company domain https://www.company.com which is already with https, which we are unable to get SSL certificates. I wanted to make use this domain and deploy my app (http) by adding https//www.company.com/myapp this myapp and map this url to the http app which is deployed.
I am using the configuration shown below for your reference. I have a doubt only if we get SSL only we progress or their is some way to map this domain to my app running on port 8000.
<VirtualHost *:443>
ServerName company.com
ServerAlias www.company.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /myapp http://localhost:8000/
ProxyPassReverse /myapp http://localhost:8000/
RewriteEngine On
RewriteCond %{ENV:HTTPS} on
RewriteRule /(.*) http://localhost:8000/$1 [R=301,L]
</VirtualHost>
if you want to use HTTP, use port 80 instead of 443. you can also use both separately for HTTP and HTTPS connection.
<VirtualHost *:80>
ServerName company.com
ServerAlias www.company.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /myapp http://localhost:8000/
ProxyPassReverse /myapp http://localhost:8000/
RewriteEngine On
..................
As per server requirements
..................
</VirtualHost>
<VirtualHost *:443>
ServerName company.com
ServerAlias www.company.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /myapp http://localhost:8000/
ProxyPassReverse /myapp http://localhost:8000/
RewriteEngine On
RewriteCond %{ENV:HTTPS} on
RewriteRule /(.*) http://localhost:8000/$1 [R=301,L]
</VirtualHost>
I have the following Apache config file. When someone types in http://mywebsite.com it is not redirecting them to https. Why?
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass "/" "http://10.0.1.123/"
ProxyPassReverse "/" "http://10.0.1.123/"
ServerName www.mywebsite.com
ServerAlias mywebsite.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =mywebsite.com
RewriteCond %{SERVER_NAME} =www.mywebsite.com
RewriteRule ^ https://mywebsite.com%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine on
ProxyPreserveHost On
ProxyPass "/" "http://10.0.1.123:80/"
ProxyPassReverse "/" "http://10.0.1.123:80/"
ServerName www.mywebsite.com
ServerAlias mywebsite.com
ServerAdmin admin_ws1#mywebsite.com
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.mywebsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.mywebsite.com/privkey.pem
</VirtualHost>
<VirtualHost *:80>
...
ProxyPass "/" "http://10.0.1.123/"
...
RewriteRule ^ https://mywebsite.com%{REQUEST_URI} [END,NE,R=permanent]
The ProxyPass is telling Apache to work as reverse proxy and forward the request to the real server. The RewriteRule instead is telling Apache to answer the request itself with a redirect to the HTTPS version of the site. Obviously it cannot do both at the same time, so there is a conflict. Please remove Proxy* rules and keep only the Rewrite* rules on port 80.
I want all access to my website to be forced to HTTPS (https://support.google.com/webmasters/answer/6073543?hl=en).
I also want to force canonical www URL access (https://www.yes-www.org/why-use-www/)
I am attempting to do so according to Apache recommendations using the Redirect directive https://wiki.apache.org/httpd/RedirectSSL and https://httpd.apache.org/docs/2.4/rewrite/remapping.html#canonicalhost
I have a valid lets-encrypt certificate which has both www and the naked domain.
I have configured *:80 and *:443 VirtualHost redirects. /etc/httpd/conf.d/www.example.com.conf:
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
Redirect permanent / https://www.example.com
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/www.example.com/fullchain.pem
Redirect permanent / https://www.example.com
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/www.example.com/fullchain.pem
DocumentRoot "/var/www/html/www.example.com"
</VirtualHost>
<Directory "/var/www/html/www.example.com">
Order allow,deny
Allow from all
</Directory>
All works well if I specify base URL (example.com, www.example.com, https://example.com, etc). However, if I specify a page on the naked HTTPS request the redirect eats the root slash (https://example.com/index.html becomes https://www.example.comindex.html).
I do it with the following for all non-ssl to ssl -
<VirtualHost *:80>
ServerName example.org
ServerAlias www.example.org
RewriteEngine on
RewriteRule ^/(.*)$ https://www.example.org/$1 [R,L]
</VirtualHost>
Slighly different should do the same for https://example.org only redirecting to www.example.org
<VirtualHost your.ip.add.ress:443>
ServerName example.org
RewriteEngine on
RewriteRule ^/(.*)$ https://www.example.org/$1 [R,L]
*snip*
Normal SSL certificate/key stuff goes here
*snip*
</VirtualHost>
RedirectMatch appears to solve the problem similar to the Rewrite suggested by ivanivan. Changing Redirect line in *:443 VHost section to the following seems to fix the issue:
RedirectMatch permanent ^/?(.*) https://www.example.com/$1
I still don't understand why simple Redirect doesn't work with HTTPS.
As an aside, https://salferrarello.com/chrome-clear-redirect-cache/ was useful disabling Redirect caching in Chrome during testing.
I'm trying to do an url rewriting with Apache 2.4. I want that requests to
http://subdomain.domain.com
http://www.subdomain.domain.com
https://www.subdomain.domain.com
are remapped to
https://subdomain.domain.com
to avoid an error in SSL wildcard cert that doesn't not match www.subdomain.domain.com.
I tried with:
<VirtualHost ip:80>
ServerName subdomain.domain.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost ip:80>
ServerName www.subdomain.domain.com
Redirect permanent / https://subdomain.domain.com
</VirtualHost>
<VirtualHost ip:443>
ServerName www.subdomain.domain.com
Redirect permanent / https://subdomain.domain.com
</VirtualHost>
<VirtualHost ip:443>
ServerName subdomain.domain.com
...
...
...
My configuration works for (1) and (2) but not for (3). Where is my mistake?
I think the problem is that one of your port 443 virtualhosts does not have SSL on.
Try this
<VirtualHost ip:443>
ServerName www.subdomain.domain.com
Redirect permanent / https://subdomain.domain.com
SSLEngine on
SSLCertificateFile /something
SSLCertificateKeyFile /something
</VirtualHost>
Otherwise, the request simply won't be understood, because it's encrypted.
See eg How to redirect https to http without any SSL Certificate for why this is necessary.
I have one web server running two sites on different ports.
IE: server:8081 and server:8083
I setup two DNS records and pointed it to “my server”
Dev.server.com and Pre.server.com
I would like Dev.server.com to redirect to server:8083 but mask the URL to always stay Dev.server.com and Pre.server.com to redirect to server:8081 but mask the URL to always stay pre.server.com
If I set them up like this
<VirtualHost *:80>
ServerName http:// Dev.server.com
ProxyRequests off
ProxyPass / http://server:8083
ProxyPassReverse / http://server:8083
</VirtualHost>
<VirtualHost *:80>
ServerName http:// Pre.server.com
ProxyRequests off
ProxyPass / http://server:8081
ProxyPassReverse / http://server:8081
</VirtualHost>
Everything routes to the Dev instance and nothing makes it to the Pre instance
I have it set like this;
<VirtualHost *:80>
ServerName http:// Dev.server.com
RewriteEngine On
RewriteCond %{HTTP_HOST} ^dev\.server\.com$ [NC]
RewriteRule ^(.*)$ http:// Dev.server.com:8083$1 [R]
RewriteCond %{HTTP_HOST} ^pre\.server\.com$ [NC]
RewriteRule ^(.*)$ http://pre. server.com:8081$1 [R]
</VirtualHost>
Listen 0.0.0.0:8083
Listen 0.0.0.0:8081
<VirtualHost *:8083>
ServerName dev. server.com
ProxyRequests off
ProxyPass / http:// server.com:8083/jde/owhtml/
ProxyPassReverse / http:// server.com:8083/jde/owhtml/
Oc4jMount /jde HTML_DV_8083
Oc4jMount /jde/* HTML_DV_8083
</VirtualHost>
<VirtualHost *:8081>
ServerName pre.server.com
ProxyRequests off
ProxyPass / http:// server.com:8081/jde/owhtml/
ProxyPassReverse / http:// server.com:8081/jde/owhtml/
Oc4jMount /jde HTML_PY_8081
Oc4jMount /jde/* HTML_PY_8081
</VirtualHost>
This works perfectly for the routing but does not mask the URL. It adds the port to the URL witch we do not want to happen.
Anyone have any ideas as to what I am doing wrong?
You want your reverse proxy to happen in your port 80 vhost. Because you're using mod_rewrite to redirect the browser to URLs like http://Dev.server.com:8083/, that's what the browser will see. You just need 2 vhosts on port 80:
<VirtualHost *:80>
ServerName dev.server.com
ProxyRequests off
ProxyPass / http://server.com:8083/jde/owhtml/
ProxyPassReverse / http://server.com:8083/jde/owhtml/
Oc4jMount /jde HTML_DV_8083
Oc4jMount /jde/* HTML_DV_8083
</VirtualHost>
<VirtualHost *:80>
ServerName pre.server.com
ProxyRequests off
ProxyPass / http://server.com:8081/jde/owhtml/
ProxyPassReverse / http://server.com:8081/jde/owhtml/
Oc4jMount /jde HTML_PY_8081
Oc4jMount /jde/* HTML_PY_8081
</VirtualHost>
Note that the "ServerName" is dev.server.com and pre.server.com, and not http:// Dev.server.com with a space following the scheme and ://. Because http:// Dev.server.com isn't going to be the hostname you're going to visit, apache defaults everything to the first vhost. This is probably why your second attempt works, because both dev and pre default to the first vhost since nothing matches on port 80.