I setup two virtual hosts for a subdomain in my apache config. One for SSL and one for non-SSL redirecting to SSL. This is it:
<VirtualHost *:80>
ServerName subdomain.domain.tld
Redirect permanent / https://subdomain.domain.tld/
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/var/www/subdomain"
ServerName subdomain.domain.de
<Directory "/var/www/subdomain">
AllowOverride All
allow from all
Options +Indexes
</Directory>
SSLCertificateFile /etc/letsencrypt/live/subdomain.domain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subdomain.domain.tld/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Apparently I also use Let’s Encrypt.
DNS is setup as follows:
subdomain.domain.tld IN A <IP address of server>
Problem is, that any request to subdomain.domain.tld in my browser will ultimately redirect to https://www.subdomain.domain.tld.
The setup does not even cover any requests to www.
Why is it redirecting my request to www? This is what I want to avoid.
I found the issue.
It was not related to the apache config, instead it was the worpress instance hosted, that did a 301 redirect.
Sorry.
Related
I have a web service which I access by typing the following URL exactly as is (character for character):
http://10.115.252.127:8980/opennms/login.jsp
The website files are served from /opt/opennms/jetty-webapps/opennms/
My objective is to use Apache (httpd.conf) to force any traffic to this URL to use SSL and no longer HTTP.
I have successfully installed the SSL certificates with no issues.
I have configured a VirtualHost directive to redirect port 80 to 443
Only sites under /var/www/html/* are being successfully redirected.
Example: http://10.115.252.127/numbers successfully redirects to https://10.115.252.127/numbers
http://10.115.252.127/charts successfully redirects to https://10.115.252.127/charts
But, when I type in the URL http://10.115.252.127:8980/opennms/login.jsp it is always served as HTTP...how do I make it served as HTTPS like the others? I have checked the forums and all the posts assume you will always be redirecting port 80 and dont say anything about how to use SSL in the scenario I explained. I have the same issue with another service running on port 3000 http://10.115.252.127:3000/login
===extract from my httpd.conf===
<VirtualHost *:80>
ServerName 10.115.252.127
Redirect permanent / https://10.115.252.127/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
ServerName 10.115.252.127
#Documentroot /var/www/html
</VirtualHost>
Based on your confirmation of my understanding, here is what you can do:
############################################################################
Listen 80
# All connections on port 80 are redirected to port 443
<VirtualHost *:80>
ServerName www.example.com
CustomLog "logs/80_access.log" combined
ErrorLog "logs/80_error.log"
Redirect permanent / https://www.example.com
# No documentRoot, no content
</VirtualHost>
############################################################################
Listen 443
# All URI are answered from the documentRoot directory
# EXCEPT /openms, which is proxied to :8980
<VirtualHost *:443>
ServerName www.example.com
# temporary, remove when tests done
LogLevel debug
CustomLog "logs/443_access.log" combined
Errorlog "logs/443_error.log"
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
# For your redirection to 8980
ProxyPass /opennms "https://www.example.com:8980/"
ProxyPassReverse /opennms "https://www.example.com:8980/"
documentRoot "/yourdir/apache/htdocs"
DirectoryIndex index.html
</VirtualHost>
Prerequisites
you must load proxy modules
you must load rewrite module
port 8980 is linked to some other software. Apache does not handle 8980.
Issue observed: I have configured ng.my-site.com using widlcard ssl cert. When I hit https://www.my-site.com it loads ng.my-site.com website!
please advise if I missed any concept / configs... Thank you!
httpd.conf
<VirtualHost *:80>
ServerName www.my-site.com
ServerAdmin webmaster#my-site.com
DocumentRoot /var/www/html/mysite
ErrorLog logs/my-site-error.log
CustomLog logs/my-site-access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName ng.my-site.com
ServerAdmin webmaster#my-site.com
DocumentRoot /var/www/html/ng
ErrorLog logs/ng-my-site-error.log
CustomLog logs/ng-my-site-access.log combined
</VirtualHost>
ssl.conf
<VirtualHost ng.my-site.com:443>
ServerName ng.my-site.com
ServerAdmin webmaster#my-site.com
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key
DocumentRoot /var/www/html/ng
ErrorLog logs/ng-my-site-ssl-error.log
CustomLog logs/ng-my-site-ssl-access.log combined
</VirtualHost>
From the documentation of Name-Based VirtualHosts and SSL:
... Apache will allow you to configure name-based SSL virtual hosts, but it will always use the configuration from the first-listed virtual host (on the selected IP address and port) to setup the encryption layer.
Thus, you've setup a virtual host on a specific IP address and port (does not matter if you've given a hostname, IP is taken). This means it will accept connections on this IP address. And, since you've given no other virtual host it will take the configuration of the first. Since you have a wildcard certificate there the browser will not complain.
If you want different configurations for different hosts add the appropriate configurations. If you want to have an error message for all but this specific host add a default host which serves the error.
It works! I just had to add in my ssl.conf this will avoid non-ssl sites to get redirected back to HTTP.
RewriteEngine On
RewriteCond %{HTTP_HOST} !^ng.my-site.com
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
It was simple enough to configure my Virtual Host to redirect to HTTPS from HTTP when accessing a page in a certain directory. What doesn't seem to be so simple is going beach to HTTP after you leave that directory and go to pages outside it. Is that even possible?
Here is my Virtual Host:
<VirtualHost *:80>
DocumentRoot "C:/xampp/htdocs/pokerprimacy/httpdocs"
ServerName pokerprimacy.local
ServerAlias www.pokerprimacy.local
<Directory C:/xampp/htdocs/pokerprimacy/httpdocs>
AllowOverride All
Allow from All
</Directory>
Redirect /members https://pokerprimacy.local/members
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "C:/xampp/htdocs/pokerprimacy/httpdocs"
ServerName pokerprimacy.local
ServerAlias www.pokerprimacy.local
<Directory C:/xampp/htdocs/pokerprimacy/httpdocs>
AllowOverride All
Allow from All
</Directory>
SSLEngine on
SSLCertificateFile conf/ssl.crt/server.crt
SSLCertificateKeyFile conf/ssl.key/server.key
</VirtualHost>
You can see this is being done locally. So, if I start on the home page at /, it is using HTTP. If I then go to /members/login, it uses HTTPS; as it should. But, from there, if I go back to the home page, it is still using HTTPS. Is there a way to toggle between HTTP and HTTPS only when I'm at a page in the members directory?
On my server I have the following vhost definition:
<VirtualHost *:80 *:443>
ServerAdmin admin#mysiste.com
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /var/www/mysite.com/current/public
SSLEngine on
SSLCertificateKeyFile /etc/ssl/ssl.key/myserver.key
SSLCertificateFile /etc/ssl/ssl.crt/mysite_com.crt
SSLCertificateChainFile /etc/ssl/ssl.crt/mysite_com.ca-bundle
<Directory /var/www/mysite.com/current/public>
Allow from all
Options -MultiViews
</Directory>
</VirtualHost>
The site itself works fine, the problem is that if I try any other site (vhost) hosted on the same server with https and skip the warning I get served mysite.com. This wouldn't be a problem for the casual user but I noticed Google tried and actually indexed a ton of URLs on my "other" sites via https which were actually pages from mysite.com and I'm afraid I'll get penalized for duplicate content.
How do I deny the other sites to be served via https?
I solved the issue. For further reference this is Ubuntu 12.04.
In /etc/apache2/ports.conf added the following to the <IfModule mod_ssl.c> section:
NameVirtualHost *:443
As per the instructions in the above file, modified in /etc/apache2/sites-available/default-ssl from <VirtualHost _default_:443> to <VirtualHost *:443>.
Then:
sudo a2ensite default-ssl
sudo service apache2 reload
Done.
I have a rails 3 app running with following stack:
ubuntu lucid lynx, apache2, passenger hosted on Amazon EC2
When accessed over http, the pages load and the site has no problems at all.
Then i installed a valid SSL cert on the webserver. When i try to access the same url over https, and it looks like passenger is not being activated. instead, in the browser, the folder structure of the rails application is rendered.
What configuration changes or modifications do I need to make to Apache and/or Passenger so that the https URL returns the same thing as the corresponding http url?
You need something like this:
<VirtualHost *:80>
ServerName orders.xxx.com
DocumentRoot "/var/www/html/ps-main/current/public"
CustomLog /var/log/apache2/orders common
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://orders.xxx.com%{REQUEST_URI}
NameVirtualHost *:443
RailsEnv production
<Directory /var/www/html/ps-main>
AllowOverride all
Options -MultiViews
</Directory>
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
CustomLog /var/log/apache2/orders common
ServerAdmin webmaster#xxx.com.com
ServerName orders.xxx.com
SSLCertificateFile /etc/ssl/cert.crt
SSLCertificateKeyFile /etc/ssl/server.key
SSLCertificateChainFile /etc/ssl/intermediate.pem
# SSLProtocol all
SSLCipherSuite HIGH:MEDIUM
DocumentRoot /var/www/html/ps-main/current/public
<Directory /var/www/html/ps-main/current/public>
Options -MultiViews
AllowOverride all
</Directory>
</VirtualHost>
This will redirect all http traffic to https. If that's not what you need, remove the redirects.