I run a website on a VPS and I would like to completely block access to the website via The VPS IP Address.
I made it work for HTTP but It seems impossible for HTTPS.
What I did:
<VirtualHost *:80>
ServerName xxx.xxx.xxx.xxx
Redirect 403 /
DocumentRoot /a/folder/here/
</VirtualHost>
This worked perfectly as expected for http://xx.xx.xx.xx
But I could not find a way to do the same for https://xx.xx.xx.xx
Anyone can help me please?
** I am using:**
Letsencrypt Certificat
Apache 2.4
NOTE: the file containing this rule must be executed after other sites that use SSL.
ecample:
0-site1.conf = website using no ssl (port 80)
0-site1-ssl.conf = website using ssl (port 443)
1-direct-access-conf = the file containing:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName xxx.xxx.xxx.xxx
Redirect 403 /
DocumentRoot /a/folder/here/
</VirtualHost>
</IfModule>
Just do the same for the virtual host that is bonded to port 443:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName xxx.xxx.xxx.xxx
Redirect 403 /
DocumentRoot /a/folder/here/
</VirtualHost>
</IfModule>
Related
My website is connecting through HTTP and redirecting to the HTTPS VirtualHost but there it ends.
I wouldn't post if I hadn't searched for hours without result. Please see the following:
Trying to connect through port 443 (With VirtualHost setup and Port Info)
My ports.conf file is the following:
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
And this is my router setup
yes, ssl is enabled through apache and running with ssl_mod being enabled.
All posts lead me to different types of configs in my VirtualHost for port 80, but I tried them all.
Is there anything I missed?
EDIT
UFW config
sudo ufw status
To Action From
-- ------ ----
WWW Full ALLOW Anywhere
443/tcp ALLOW Anywhere
WWW Full (v6) ALLOW Anywhere
443/tcp (v6) ALLOW Anywhere
Further description of WWW Full
sudo nano /etc/ufw/applications.d/ufw-webserver
...
[WWW Full]
title=Web Server (HTTP,HTTPS)
description=Web Server (HTTP,HTTPS)
ports=80,443/tcp
...
The redirect to HTTPS can be enabled in the Virtual Host file for port 80. If you would like to force HTTPS for all web pages, you can use the following set of directives, after running sudo a2enmod rewrite and
sudo a2enmod ssl:
to redirect everything to https://yourdomain.com:
<VirtualHost *:80>
ServerName yourdomain.com
Redirect permanent / https://yourdomain.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName yourdomain.com
DocumentRoot /usr/local/apache2/htdocs
SSLEngine On
...
</VirtualHost>
to redirect everything to https://www.yourdomain.com:
<VirtualHost *:80>
ServerName www.yourdomain.com
Redirect permanent / https://www.yourdomain.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName www.yourdomain.com
DocumentRoot /usr/local/apache2/htdocs
SSLEngine On
...
</VirtualHost>
to redirect a specific directory (/secure in our case):
<VirtualHost *:80>
ServerName www.yourdomain.com
DocumentRoot /usr/local/apache2/htdocs
Redirect permanent /secure https://yourdomain.com/secure
</VirtualHost>
<VirtualHost _default_:443>
ServerName www.yourdomain.com
DocumentRoot /usr/local/apache2/htdocs
SSLEngine On
...
</VirtualHost>
You can read more about other approaches including .htaccess here
I have a web service which I access by typing the following URL exactly as is (character for character):
http://10.115.252.127:8980/opennms/login.jsp
The website files are served from /opt/opennms/jetty-webapps/opennms/
My objective is to use Apache (httpd.conf) to force any traffic to this URL to use SSL and no longer HTTP.
I have successfully installed the SSL certificates with no issues.
I have configured a VirtualHost directive to redirect port 80 to 443
Only sites under /var/www/html/* are being successfully redirected.
Example: http://10.115.252.127/numbers successfully redirects to https://10.115.252.127/numbers
http://10.115.252.127/charts successfully redirects to https://10.115.252.127/charts
But, when I type in the URL http://10.115.252.127:8980/opennms/login.jsp it is always served as HTTP...how do I make it served as HTTPS like the others? I have checked the forums and all the posts assume you will always be redirecting port 80 and dont say anything about how to use SSL in the scenario I explained. I have the same issue with another service running on port 3000 http://10.115.252.127:3000/login
===extract from my httpd.conf===
<VirtualHost *:80>
ServerName 10.115.252.127
Redirect permanent / https://10.115.252.127/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
ServerName 10.115.252.127
#Documentroot /var/www/html
</VirtualHost>
Based on your confirmation of my understanding, here is what you can do:
############################################################################
Listen 80
# All connections on port 80 are redirected to port 443
<VirtualHost *:80>
ServerName www.example.com
CustomLog "logs/80_access.log" combined
ErrorLog "logs/80_error.log"
Redirect permanent / https://www.example.com
# No documentRoot, no content
</VirtualHost>
############################################################################
Listen 443
# All URI are answered from the documentRoot directory
# EXCEPT /openms, which is proxied to :8980
<VirtualHost *:443>
ServerName www.example.com
# temporary, remove when tests done
LogLevel debug
CustomLog "logs/443_access.log" combined
Errorlog "logs/443_error.log"
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
# For your redirection to 8980
ProxyPass /opennms "https://www.example.com:8980/"
ProxyPassReverse /opennms "https://www.example.com:8980/"
documentRoot "/yourdir/apache/htdocs"
DirectoryIndex index.html
</VirtualHost>
Prerequisites
you must load proxy modules
you must load rewrite module
port 8980 is linked to some other software. Apache does not handle 8980.
I have a server running Apache 2 that has 6 virtual hosts. All the virtual hosts run over SSL. However if you make a request to my server's IP (for example: https://11.22.33.444) since there is no certificate for my IP you are redirected to the last virtual host alphabetically and whatever app is linked to that virtual host will load over https://11.22.33.444.
My question is how can I either
redirect any traffic loading over my server's public IP address to an error page
OR
Deny any traffic loading over my server's public IP address and shutdown the connection
Apache prioritizes VirtualHosts in terms of order. By putting a very basic server at the top, it will redirect all traffic (that doesn't satisfy the other virtual hosts) to that webpage.
#default server b/c first
<VirtualHost *:80>
Redirect 302 / https://www.mainsite.com/error_page
</VirtualHost>
#main server
<VirtualHost *:443>
ServerName www.mainsite.com
DocumentRoot ...
SSLEngine on
SSLCertificateFile.....etc.
</VirtualHost>
<VirtualHost *:443>
ServerName www.secondsite.com
DocumentRoot ...
SSLEngine on
SSLCertificateFile.....etc.
</VirtualHost>
#force https servers
<VirtualHost *:80>
ServerName www.mainsite.com
Redirect 301 / https://www.mainsite.com/
</VirtualHost>
<VirtualHost *:80>
ServerName portfolio.secondsite.com
Redirect 301 / https://www.secondsite.com/
</VirtualHost>
i am trying to set up https for webapp. I set up an ssl cert from letsencrypt. My domain name is now routing to https but it is going straight to apache2 homepage. My sites-available default-ssl.conf file looks as follows
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster#localhost
ServerName domain-names.com
ServerAlias www.domain-name.com
#ProxyPass / http://domain-name.com:8080/
#ProxyPassReverse / https://domain-name.com:443/
Unfortunately, before i attempted this i could access my webapp via ip_address:80/myapp.. Now i am getting a 502 proxy error.
Any help would be greatly appreciated, thank you
I have a server running Apache 2.4 on Windows, and I have set up a VirtualHost in the httpd-vhosts.conf file, and an 'A' record in my DNS server that points subdomain.mydomain.com to my IP address. Unfortunately, connecting to subdomain.mydomain.com just shows the same page as mydomain.com. Here is the code I used in the httpd-vhosts.conf file:
<VirtualHost *:80>
ServerAdmin admin#mydomain.com
DocumentRoot "c:/Apache24/subdomain/htdocs"
ServerName subdomain.mydomain.com
ErrorLog "c:/Apache24/subdomain/logs/errors.log"
CustomLog "c:/Apache24/subdomain/logs/access.log"
</VirtualHost>
What am I doing wrong?
Make sure your domain provider configuration doesn't redirect # to www, you need them to be configured separately to redirect to your machines IP address