I'm trying to hide the port of a deployed container and preserve the original url using ProxyPass.
I've probably missconfigured something because instead of simply keeping the original address I get a redirect to the container address (example.com:8014 instead of keeping subdomain.example.com). The HTTP response is: 301 Moved Permanently (from service worker).
This is the virtual host containing the proxy:
<VirtualHost *:80>
ServerName subdomain.example.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =subdomain.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin#example.com
ServerName subdomain.example.com
ServerAlias subdomain.example.com
LoadModule proxy_http_module modules/mod_proxy_http.so
SSLProxyEngine On
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/subdomain.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subdomain.example.com/privkey.pem
ProxyPreserveHost On
ProxyPass / https://example.com:8014/
ProxyPassReverse / https://example.com:8014/
</VirtualHost>
And this is the virtual host inside the container:
<VirtualHost *:80>
ServerName example.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com:8014
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin#example.com
ServerName example.com
<Directory /var/www/html>
AllowOverride All
</Directory>
SSLEngine On
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLOptions +StrictRequire
SSLCertificateFile /etc/apache2/fullchain.pem
SSLCertificateKeyFile /etc/apache2/privkey.pem
</VirtualHost>
The container ports are mapped as follow: 80->8012, 443->8014.
My goal is to reach example.com:8014 using subdomain.example.com without changing the address.
Also Im not even sure why when using example.com:8012 I'm not being redirected to https on port 8014.
The issue must be in the container virtual host because it's it that is generating the 301 status code.
The configuration works just fine.
I would advice clearing google chrome's cache when something like this happens.
Related
In my Apache configuration, everything is redirected to HTTPS (which is good). But both https://www.example.com and https://example.com still exist.
Question: how to have only https://www.example.com and not the non-www?
Should I use a 301 Redirection or another technique?
How should such a configuration be changed:
<VirtualHost *:80>
ServerName example.com
ServerAlias *.example.com
RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName example.com
ServerAlias *.example.com
DocumentRoot /home/www/example
<Directory />
Options FollowSymLinks
AllowOverride All
Order deny,allow
Allow from all
Require all granted
</Directory>
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
</VirtualHost>
</IfModule>
?
Relymcd's answer solved the problem, but it also needs the certificate lines to be present (if not it will fail):
<VirtualHost *:443>
ServerName example.com
Redirect 301 / https://www.example.com/
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
</VirtualHost>
One way to do it is to change the current virtual host ServerName www.example.com and add a new Virtual Host for the non-www
<VirtualHost *:443>
ServerName example.com
Redirect 301 / https://www.example.com/
</VirtualHost>
how to make https run on xampp. I'm creating a website but if called with https: // does not work.
i try
DocumentRoot C:/xampp/htdocs/yourProject
ServerName yourProject.whatever
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
and
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
results:
enter image description here
thank you very much.
Make sure your server is listening on port 443. Example:
<VirtualHost *:443>
ServerName www.foo.com
DocumentRoot /var/www/www.foo.com/htdocs
CustomLog /var/log/apache/www.foo.com-access.log combined
ErrorLog /var/log/apache/www.foo.com-error.log
# Example SSL configuration
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile "/var/www/www.foo.com/ssl/server.crt"
SSLCertificateKeyFile "/var/www/www.foo.com/ssl/server.key"
</VirtualHost>
Source: https://wiki.apache.org/httpd/ExampleVhosts
So I've been messing around with Apache, and I bought a SSL certificate. I finally got it installed, but now when I goto my domain with the URL (leethecoder.com) I assume it's trying to use HTTP? And my server, of course, with a SSL certificate is not listening on port 80. But, if I include https:// before the URL (https://leethecoder.com), it works. Is there a way I can make the server force the basic URL (leethecoder.com) goto port 443?
This is my current /sites-enabled/ configuration file.
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
ServerName www.leethecoder.com
ServerAlias www.leethecoder.com leethecoder.com
Options -Indexes
DocumentRoot /var/www/leethecoder.com/public_html/
SSLEngine on
SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
SSLCertificateKeyFile /etc/ssl/private/sslkey.key
SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
ErrorLog /var/www/leethecoder.com/logs/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
IMO, this is "properly" (you're currently an A-, the below might help to get an A+):
<VirtualHost *:80>
ServerName leethecoder.com
ServerAlias *.leethecoder.com
UseCanonicalName Off
ErrorLog /var/www/leethecoder.com/logs/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RedirectPermanent / https://leethecoder.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.leethecoder.com
UseCanonicalName Off
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "-ALL EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES"
SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
SSLCertificateKeyFile /etc/ssl/private/sslkey.key
SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
ErrorLog /var/www/leethecoder.com/logs/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RedirectPermanent / https://leethecoder.com/
</VirtualHost>
<VirtualHost *:443>
ServerName leethecoder.com
UseCanonicalName Off
ErrorLog /var/www/leethecoder.com/logs/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
DocumentRoot /var/www/leethecoder.com/public_html
<Directory /var/www/leethecoder.com/public_html/>
Allow From All
</Directory>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "-ALL EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES"
SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
SSLCertificateKeyFile /etc/ssl/private/sslkey.key
SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
</VirtualHost>
This is, of course, assuming that your variables are valid, you prefer the https without the www, and that you're OK for your clients to use that cipher suite. Also, that you've enabled the site, and disabled any other conflicting sites.
Proper way to do it -- secure way -- is to use the apache virtual host redirect:
<virtualhost *:80="">
ServerName www.example.com
Redirect / https://www.example.com/
</virtualhost>
<virtualhost *:443="">
ServerName www.example.com
# ... SSL configuration goes here
</virtualhost>
Or you need to use mod_rewrite to return an HTTP_RESPONSE 301 for redirect to your HTTPS site.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]
Also you need to listen port 80.
http://httpd.apache.org/docs/current/mod/mod_rewrite.html
im trying to redirect http to https.
I've found a lot answers, but nothing works for me.
I dont know why, maybe its a apache2 config error?
I tryin it also in the .htaccess and there also nothing happens.
Just this Error:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Here's my Virtual Host File.
#Redirect HTTP TO HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]
#VHOSTS
<VirtualHost *:443>
Servername www.latoya.eu
ServerAlias latoya.eu www.latoya.eu
Documentroot /var/www/latoya
ErrorLog /path/to/log/error.log
CustomLog /path/to/log/access.log combined
SSLEngine on
SSLCertificateFile /path/to/ssl/files/pem.crt
SSLCertificateKeyFile /path/to/ssl/files/private.key
SSLCertificateChainFile /path/to/ssl/files/pem.ca-bundle
</VirtualHost>
<VirtualHost *:443>
Servername board.latoya.eu
Documentroot /var/www/latoya
ErrorLog /path/to/log/error.log
CustomLog /path/to/log/access.log combined
SSLEngine on
SSLCertificateFile /path/to/ssl/files/pem.crt
SSLCertificateKeyFile /path/to/ssl/files/private.key
SSLCertificateChainFile /path/to/ssl/files/pem.ca-bundle
</VirtualHost>
<VirtualHost *:443 *:80>
Servername secure.latoya.eu
Documentroot /var/www/latoya
ErrorLog /path/to/log/error.log
CustomLog /path/to/log/access.log combined
SSLEngine on
SSLCertificateFile /path/to/ssl/files/pem.crt
SSLCertificateKeyFile /path/to/ssl/files/private.key
SSLCertificateChainFile /path/to/ssl/files/pem.ca-bundle
</VirtualHost>
<VirtualHost *:80 *:443>
Servername static.kritzelpixel.com
Documentroot /var/www/static.kritzelpixel.com
ErrorLog /path/to/log/error.log
CustomLog /path/to/log/access.log combined
SSLCertificateFile /path/to/ssl/files/pem.crt
SSLCertificateKeyFile /path/to/ssl/files/private.key
SSLCertificateChainFile /path/to/ssl/files/pem.ca-bundle
</VirtualHost>
Using "VirtualHost *:80 *:443" or the opposite in the same virtualhost tag is completely incorrect since one virtualhost can't be SSL and not be SSL at the same time.
The fact that Apache HTTPD is not screaming in pain about it is because you "can" use different ports in the same virtualhost but that was certainly not designed to have a SSL port and a non-SSL port together.
So my suggestion is you correct your configuration to look sane, that is, having specific virtualhost *:80 and virtualhost *:443 separately.
In the VirtualHost *:80 entries you can then Redirect / https://example.com/ with the specific hostnames for your case to redirect from 80 to 443 a single line and without the need to use mod_rewrite.
To redirect to SSL mod_rewrite is not needed and overkill.
Briefly:
<VirtualHost *:80>
ServerName example.com
Redirect / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
SSLEngine on
#other directives here
</VirtualHost>
And the same with the rest of the names if they have different configurations.
Scenario:
Apache reverse proxy to Tomcat:
https://sub-domain.example.com:8080/app
To this:
https://sub-domain.example.com/app
When resolving to the app, it appends like so:
https://sub-domain.example.com/app/somedir/some.jsp
Is there a way in the request handling process we can remove the last appendage so the end-user just sees the following:
https://sub-domain.example.com/app
Our current Apache configuration:
ServerName sub-domain.example.com
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]
<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateChainFile /etc/pki/tls/certs/VendorCA.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
ServerName sub-domain.example.com
ServerAdmin admin#sub-domain.example.com
ErrorLog logs/sub-domain.example.com-error_log
CustomLog logs/sub-domain.example.com-access_log common
ProxyPass /app http://localhost:8080/app/
ProxyPassReverse /app http://localhost:8080/app/
</VirtualHost>
Any help will be really appreciated.