HTTP and HTTPS redirection - apache

I'm trying to configure my Apache Server to redirect both:
Non-SSL http://support.nile.sd and SSL https://support.nile.sd to the link https://support.nile.sd/otrs/customer.pl, HTTP requests are well redirected via this force-redirect.conf:
$ vim /etc/httpd/conf.d/force-redirect.conf
<VirtualHost *:80>
ServerName support.nile.sd
Redirect permanent / https://support.nile.sd/otrs/customer.pl
</VirtualHost>
But HTTPS aren't redirected!! it goes to a strange page as follows:
Index of /
Name Last modified Size Description
Could you please tell me how to redirect HTTPS also, without having the "Too many redirects ERROR"

Now it works, I used the RedirectMatch expression, on both HTTP and HTTPS Virtual hosts as follows in the same force-redirect.conf file:
<VirtualHost *:80>
ServerName support.nile.sd
RedirectMatch permanent (.*)/$ https://support.nile.sd/otrs/customer.pl
</VirtualHost>
<VirtualHost *:443>
ServerName support.nile.sd
RedirectMatch permanent (.*)/$ https://support.nile.sd/otrs/customer.pl
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/support.nile.sd/certificate.pem
SSLCertificateKeyFile /etc/letsencrypt/live/support.nile.sd/privatekey.pem
SSLCertificateChainFile /etc/letsencrypt/live/support.nile.sd/chainofgod.pem
</VirtualHost>

You only have a rule for port 80, which is regular http:// protocol
I don't see a rule for port 443, which is https
you need to add the following
<VirtualHost *:443>
ServerName support.nile.sd
DocumentRoot /var/www/site
SSLEngine on
SSLCertificateFile /path/to/www_yoursite_com.crt
SSLCertificateKeyFile /path/to/www_yoursite_com.key
SSLCertificateChainFile /path/to/DigiCertCA.crt
Redirect permanent / https://support.nile.sd/otrs/customer.pl
</VirtualHost>

Related

Ubuntu Apache Redirect All Request to HTTPS except Jenkins

I am creating a configuring a Server using Ubuntu and Apache. Everything works fine except that when I use redirection of HTTP to HTTPS.
How can I write an exception case where every http request is redirected to HTTPS except when its for JENKINS.
JENKINS : http://www.example.com:8080/ <= SHould not be redirected to HTTPS
Normal Request : http://www.example.com/ <= Should be redirected to HTTPS
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://www.example.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName example.com
DocumentRoot /usr/local/apache2/htdocs
SSLEngine On
# etc...
</VirtualHost>
Your sample configuration looks almost correct. You can create a separate VirtualHost for port 8080.
<Virtualhost *:8080>
ServerName example.com
.
.
ProxyPass / http://jenkins:8080/
.
.
</Virtualhost>
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://www.example.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName example.com
DocumentRoot /usr/local/apache2/htdocs
SSLEngine On
# etc...
</VirtualHost>

apache redirect HTTPS to canonical HTTPS

I want all access to my website to be forced to HTTPS (https://support.google.com/webmasters/answer/6073543?hl=en).
I also want to force canonical www URL access (https://www.yes-www.org/why-use-www/)
I am attempting to do so according to Apache recommendations using the Redirect directive https://wiki.apache.org/httpd/RedirectSSL and https://httpd.apache.org/docs/2.4/rewrite/remapping.html#canonicalhost
I have a valid lets-encrypt certificate which has both www and the naked domain.
I have configured *:80 and *:443 VirtualHost redirects. /etc/httpd/conf.d/www.example.com.conf:
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
Redirect permanent / https://www.example.com
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/www.example.com/fullchain.pem
Redirect permanent / https://www.example.com
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/www.example.com/fullchain.pem
DocumentRoot "/var/www/html/www.example.com"
</VirtualHost>
<Directory "/var/www/html/www.example.com">
Order allow,deny
Allow from all
</Directory>
All works well if I specify base URL (example.com, www.example.com, https://example.com, etc). However, if I specify a page on the naked HTTPS request the redirect eats the root slash (https://example.com/index.html becomes https://www.example.comindex.html).
I do it with the following for all non-ssl to ssl -
<VirtualHost *:80>
ServerName example.org
ServerAlias www.example.org
RewriteEngine on
RewriteRule ^/(.*)$ https://www.example.org/$1 [R,L]
</VirtualHost>
Slighly different should do the same for https://example.org only redirecting to www.example.org
<VirtualHost your.ip.add.ress:443>
ServerName example.org
RewriteEngine on
RewriteRule ^/(.*)$ https://www.example.org/$1 [R,L]
*snip*
Normal SSL certificate/key stuff goes here
*snip*
</VirtualHost>
RedirectMatch appears to solve the problem similar to the Rewrite suggested by ivanivan. Changing Redirect line in *:443 VHost section to the following seems to fix the issue:
RedirectMatch permanent ^/?(.*) https://www.example.com/$1
I still don't understand why simple Redirect doesn't work with HTTPS.
As an aside, https://salferrarello.com/chrome-clear-redirect-cache/ was useful disabling Redirect caching in Chrome during testing.

Redirect HTTP to HTTPS Apache2

im trying to redirect http to https.
I've found a lot answers, but nothing works for me.
I dont know why, maybe its a apache2 config error?
I tryin it also in the .htaccess and there also nothing happens.
Just this Error:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Here's my Virtual Host File.
#Redirect HTTP TO HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]
#VHOSTS
<VirtualHost *:443>
Servername www.latoya.eu
ServerAlias latoya.eu www.latoya.eu
Documentroot /var/www/latoya
ErrorLog /path/to/log/error.log
CustomLog /path/to/log/access.log combined
SSLEngine on
SSLCertificateFile /path/to/ssl/files/pem.crt
SSLCertificateKeyFile /path/to/ssl/files/private.key
SSLCertificateChainFile /path/to/ssl/files/pem.ca-bundle
</VirtualHost>
<VirtualHost *:443>
Servername board.latoya.eu
Documentroot /var/www/latoya
ErrorLog /path/to/log/error.log
CustomLog /path/to/log/access.log combined
SSLEngine on
SSLCertificateFile /path/to/ssl/files/pem.crt
SSLCertificateKeyFile /path/to/ssl/files/private.key
SSLCertificateChainFile /path/to/ssl/files/pem.ca-bundle
</VirtualHost>
<VirtualHost *:443 *:80>
Servername secure.latoya.eu
Documentroot /var/www/latoya
ErrorLog /path/to/log/error.log
CustomLog /path/to/log/access.log combined
SSLEngine on
SSLCertificateFile /path/to/ssl/files/pem.crt
SSLCertificateKeyFile /path/to/ssl/files/private.key
SSLCertificateChainFile /path/to/ssl/files/pem.ca-bundle
</VirtualHost>
<VirtualHost *:80 *:443>
Servername static.kritzelpixel.com
Documentroot /var/www/static.kritzelpixel.com
ErrorLog /path/to/log/error.log
CustomLog /path/to/log/access.log combined
SSLCertificateFile /path/to/ssl/files/pem.crt
SSLCertificateKeyFile /path/to/ssl/files/private.key
SSLCertificateChainFile /path/to/ssl/files/pem.ca-bundle
</VirtualHost>
Using "VirtualHost *:80 *:443" or the opposite in the same virtualhost tag is completely incorrect since one virtualhost can't be SSL and not be SSL at the same time.
The fact that Apache HTTPD is not screaming in pain about it is because you "can" use different ports in the same virtualhost but that was certainly not designed to have a SSL port and a non-SSL port together.
So my suggestion is you correct your configuration to look sane, that is, having specific virtualhost *:80 and virtualhost *:443 separately.
In the VirtualHost *:80 entries you can then Redirect / https://example.com/ with the specific hostnames for your case to redirect from 80 to 443 a single line and without the need to use mod_rewrite.
To redirect to SSL mod_rewrite is not needed and overkill.
Briefly:
<VirtualHost *:80>
ServerName example.com
Redirect / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
SSLEngine on
#other directives here
</VirtualHost>
And the same with the rest of the names if they have different configurations.

httpd redirects with SSL and subdomains/vhosts

I'm trying to setup http -> https redirected subdomains on my website, which is being served by Apache (Version: 2.2.31). I purchased a wildcard SSL certificate that is installed correctly for my main site (www.domain.com) because I get a green lock next to the address, so that part should be done.
The issue: browsing to subdomain.domain.com redirects to www.domain.com and I can't figure out why. I've been reading and following this page as well as several others with similar content, but I'm missing the key ingredient.
The main site is served from /var/www/html and the subdomain is served from /var/www/vhosts/subdomain. Also, I'm getting this error:
[warn] _default_ VirtualHost overlap on port 443, the first has precedence
Here's the vhost section of /etc/httpd/conf/httpd.conf:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.domain.com
ServerAlias www.domain.com
#Redirect permanent / https://www.domain.com
Redirect 302 / https://www.domain.com
</VirtualHost>
<VirtualHost *:80>
ServerName subdomain.domain.com
ServerAlias subdomain.domain.com
#Redirect permanent / https://subdomain.domain.com
Redirect 302 / https://subdomain.domain.com
</VirtualHost>
And here's /etc/httpd/conf.d/ssl.conf:
<VirtualHost *:443>
ServerName www.domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/html
...
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /path/to/cert
SSLCertificateKeyFile /path/to/key
SSLCertificateChainFile /path/to/bundle
</VirtualHost>
<VirtualHost *:443>
ServerName subdomain.domain.com
ServerAlias subdomain.domain.com
DocumentRoot /var/www/vhosts/subdomain
...
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /path/to/cert
SSLCertificateKeyFile /path/to/key
SSLCertificateChainFile /path/to/bundle
</VirtualHost>
And here's apachectl -S output (with my domain name redacted/substituted):
Any help would be greatly appreciated.
=======================================================================
Edit: I removed the word permanent, cleared my cache, and the problem persists. It seems like it has to do with the warning, right?
Also, I get a successful response regardless of which subdomain I use even when it doesn't exist. I can literally type whatever I want for subdomain and it goes to the main site. http://<anything>.domain.com and https://<anything>.domain.com both load the main site with https.
The problem was simple, but elusive, at least to me. In /etc/httpd/conf.d/ssl.conf, I needed to add the following line for the VirtualHost configurations to be distinct:
NameVirtualHost *:443
Now everything works as expected.

Redirect http to https by configuring .conf file of apache

I have configure apache to tomcat configuration by code like
<VirtualHost *:80>
ServerName captiveportal
ProxyPass / http://ip:port/path
ProxyPassReverse / http://ip:port/path
</VirtualHost>
Now i want to reirect this request to https
How can i achieve this ?
After looking your answer i have changes my configuration like
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile "/etc/httpd/conf/crt1.crt"
SSLCertificateKeyFile "/etc/httpd/conf/key1.key"
ProxyPass / http://ip:port/path
</VirtualHost>
<VirtualHost *:80>
ServerName captiveportal
Redirect / https://ip:port/path
</VirtualHost>
but when i type captiveportal on my browser it redirects me on url https://ip:port/path and it displays problem loading page
One more thing i don't want to display https://ip:port/path on browser.
Note :- https://ip:port/path where port is my tomcat port and ip is machine ip where tomcat run.
You could do something like this:
<VirtualHost *:80>
ServerName captiveportal
Redirect / https://my.host.name/
</VirtualHost>
...and then put your ProxyPass directives in side your SSL VirtualHost block instead.