https doesn't work on Xampp - ssl

how to make https run on xampp. I'm creating a website but if called with https: // does not work.
i try
DocumentRoot C:/xampp/htdocs/yourProject
ServerName yourProject.whatever
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
and
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
results:
enter image description here
thank you very much.

Make sure your server is listening on port 443. Example:
<VirtualHost *:443>
ServerName www.foo.com
DocumentRoot /var/www/www.foo.com/htdocs
CustomLog /var/log/apache/www.foo.com-access.log combined
ErrorLog /var/log/apache/www.foo.com-error.log
# Example SSL configuration
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile "/var/www/www.foo.com/ssl/server.crt"
SSLCertificateKeyFile "/var/www/www.foo.com/ssl/server.key"
</VirtualHost>
Source: https://wiki.apache.org/httpd/ExampleVhosts

Related

Apache proxy pass is redirecting instead of acting like a real proxy

I'm trying to hide the port of a deployed container and preserve the original url using ProxyPass.
I've probably missconfigured something because instead of simply keeping the original address I get a redirect to the container address (example.com:8014 instead of keeping subdomain.example.com). The HTTP response is: 301 Moved Permanently (from service worker).
This is the virtual host containing the proxy:
<VirtualHost *:80>
ServerName subdomain.example.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =subdomain.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin#example.com
ServerName subdomain.example.com
ServerAlias subdomain.example.com
LoadModule proxy_http_module modules/mod_proxy_http.so
SSLProxyEngine On
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/subdomain.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subdomain.example.com/privkey.pem
ProxyPreserveHost On
ProxyPass / https://example.com:8014/
ProxyPassReverse / https://example.com:8014/
</VirtualHost>
And this is the virtual host inside the container:
<VirtualHost *:80>
ServerName example.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com:8014
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin#example.com
ServerName example.com
<Directory /var/www/html>
AllowOverride All
</Directory>
SSLEngine On
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLOptions +StrictRequire
SSLCertificateFile /etc/apache2/fullchain.pem
SSLCertificateKeyFile /etc/apache2/privkey.pem
</VirtualHost>
The container ports are mapped as follow: 80->8012, 443->8014.
My goal is to reach example.com:8014 using subdomain.example.com without changing the address.
Also Im not even sure why when using example.com:8012 I'm not being redirected to https on port 8014.
The issue must be in the container virtual host because it's it that is generating the 301 status code.
The configuration works just fine.
I would advice clearing google chrome's cache when something like this happens.

Installed SSL certificate, but when I goto my domain I have to include https:// before the URL

So I've been messing around with Apache, and I bought a SSL certificate. I finally got it installed, but now when I goto my domain with the URL (leethecoder.com) I assume it's trying to use HTTP? And my server, of course, with a SSL certificate is not listening on port 80. But, if I include https:// before the URL (https://leethecoder.com), it works. Is there a way I can make the server force the basic URL (leethecoder.com) goto port 443?
This is my current /sites-enabled/ configuration file.
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
ServerName www.leethecoder.com
ServerAlias www.leethecoder.com leethecoder.com
Options -Indexes
DocumentRoot /var/www/leethecoder.com/public_html/
SSLEngine on
SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
SSLCertificateKeyFile /etc/ssl/private/sslkey.key
SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
ErrorLog /var/www/leethecoder.com/logs/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
IMO, this is "properly" (you're currently an A-, the below might help to get an A+):
<VirtualHost *:80>
ServerName leethecoder.com
ServerAlias *.leethecoder.com
UseCanonicalName Off
ErrorLog /var/www/leethecoder.com/logs/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RedirectPermanent / https://leethecoder.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.leethecoder.com
UseCanonicalName Off
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "-ALL EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES"
SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
SSLCertificateKeyFile /etc/ssl/private/sslkey.key
SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
ErrorLog /var/www/leethecoder.com/logs/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RedirectPermanent / https://leethecoder.com/
</VirtualHost>
<VirtualHost *:443>
ServerName leethecoder.com
UseCanonicalName Off
ErrorLog /var/www/leethecoder.com/logs/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
DocumentRoot /var/www/leethecoder.com/public_html
<Directory /var/www/leethecoder.com/public_html/>
Allow From All
</Directory>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "-ALL EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES"
SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
SSLCertificateKeyFile /etc/ssl/private/sslkey.key
SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
</VirtualHost>
This is, of course, assuming that your variables are valid, you prefer the https without the www, and that you're OK for your clients to use that cipher suite. Also, that you've enabled the site, and disabled any other conflicting sites.
Proper way to do it -- secure way -- is to use the apache virtual host redirect:
<virtualhost *:80="">
ServerName www.example.com
Redirect / https://www.example.com/
</virtualhost>
<virtualhost *:443="">
ServerName www.example.com
# ... SSL configuration goes here
</virtualhost>
Or you need to use mod_rewrite to return an HTTP_RESPONSE 301 for redirect to your HTTPS site.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]
Also you need to listen port 80.
http://httpd.apache.org/docs/current/mod/mod_rewrite.html

Apache httpd24 with mod24_ssl is not redirecting from http to https

I have my Amazon linux server and I had been installed httpd24 and mod24_ssl.
I had been setup ssl certificate in /etc/httpd/conf.d/ssl.conf file with https redirect instructions:
<VirtualHost *:80>
ServerName example.com:80
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<VirtualHost _default_:443>
ServerName example.com:443
SSLEngine on
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLProxyProtocol all -SSLv3
SSLHonorCipherOrder on
SSLCertificateFile /etc/example.com/cert.pem
SSLCertificateKeyFile /etc/example.com/privkey.pem
SSLCertificateChainFile /etc/example.com/chain.pem
</VirtualHost>
But the httpd starts normally without any issue. But the redirection is not working. I have other file /etc/httpd/conf/httpd.confhere. What I might have missed.? I come across many articles but those didn't solve my problem.
You are missing RewriteEngine onPlease add that to the config file and restart Apache. Check edited below.
<VirtualHost *:80>
ServerName example.com:80
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
<VirtualHost _default_:443>
ServerName example.com:443
SSLEngine on
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
SSLProxyProtocol all -SSLv3
SSLHonorCipherOrder on
SSLCertificateFile /etc/example.com/cert.pem
SSLCertificateKeyFile /etc/example.com/privkey.pem
SSLCertificateChainFile /etc/example.com/chain.pem
</VirtualHost>

Using multiple CA certificates for Apache SSL

I have two virtual hosts, and use two certificates. While not indicated by the following httpd.conf file, I am using *.example.com as well as *.sites.example.com and thus need to the two certificates. When accessing https://bla.sites.example.com/, the browser displays the following warning:
bla.sites.example.com uses an invalid security certificate.
The certificate is only valid for the following names: *.example.com, example.com
(Error code: ssl_error_bad_cert_domain)
If I remove the first VirtualHost which redirects to www.example.com, I don't get the warning.
Why is this, and how should I use multiple CA certificates for different VirtualHosts?
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
SSLCertificateKeyFile /etc/pki/tls/private/example_key.pem
#Following certificate is good for example.com and *.example.com
SSLCertificateFile /etc/pki/tls/certs/example_startssl_class2.crt
SSLCertificateChainFile /etc/pki/tls/certs/sub.class2.server.ca.pem
RewriteEngine on
RewriteRule .* https://www.example.com%{REQUEST_URI} [NE,R,L]
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias *.sites.example.com
ErrorDocument 404 /error-404.html
DocumentRoot /var/www/example/html_sites
SSLEngine on
SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
SSLCertificateKeyFile /etc/pki/tls/private/example_key.pem
#Following certificate is good for example.com, sites.example.com and *.sites.example.com
SSLCertificateFile /etc/pki/tls/certs/example_startssl_sites_class2.crt
SSLCertificateChainFile /etc/pki/tls/certs/sub.class2.server.ca.pem
<Directory "/var/www/example/html_sites">
allow from all
Options +Indexes
</Directory>
</VirtualHost>
Note that I have the following settings in /etc/httpd/conf.d/ssl.conf:
#Following certificate is good for example.com and *.example.com
SSLCertificateFile /etc/pki/tls/certs/example_startssl_class2.crt
SSLCACertificateFile /etc/pki/tls/certs/example_startssl_class2.crt
SSLCertificateKeyFile /etc/pki/tls/private/example_key.pem
SSLCertificateChainFile /etc/pki/tls/certs/sub.class2.server.ca.pem
Your VHOST's are not setup correctly. You have both pointing to ServerName example.com
They both should have different specific ServerName and different document roots. Then apache will know where to send the request to the correct vhost and you won't get that error.
You can see more configuration help here. Multiple Certs using SNI
Since they are two different certs, your vhosts should look something like this.
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example/html_sites
SSLEngine on
SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
SSLCertificateKeyFile /etc/pki/tls/private/example_key.pem
#Following certificate is good for example.com and *.example.com
SSLCertificateFile /etc/pki/tls/certs/example_startssl_class2.crt
SSLCertificateChainFile /etc/pki/tls/certs/sub.class2.server.ca.pem
<Directory "/var/www/example/html_sites">
ErrorDocument 404 /error-404.html
allow from all
Options +Indexes
RewriteEngine on
RewriteRule .* https://www.example.com%{REQUEST_URI} [NE,R,L]
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName bla.sites.example.com
ServerAlias *.sites.example.com
DocumentRoot /var/www/example2/html_sites
SSLEngine on
SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
SSLCertificateKeyFile /etc/pki/tls/private/example_key.pem
#Following certificate is good for example.com, sites.example.com and *.sites.example.com
SSLCertificateFile /etc/pki/tls/certs/example_startssl_sites_class2.crt
SSLCertificateChainFile /etc/pki/tls/certs/sub.class2.server.ca.pem
<Directory "/var/www/example2/html_sites">
allow from all
Options +Indexes
</Directory>
</VirtualHost>
Also to remember to restart apache when making changes.

Apache HTTP Server, Tomcat and rewriting

Scenario:
Apache reverse proxy to Tomcat:
https://sub-domain.example.com:8080/app
To this:
https://sub-domain.example.com/app
When resolving to the app, it appends like so:
https://sub-domain.example.com/app/somedir/some.jsp
Is there a way in the request handling process we can remove the last appendage so the end-user just sees the following:
https://sub-domain.example.com/app
Our current Apache configuration:
ServerName sub-domain.example.com
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]
<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateChainFile /etc/pki/tls/certs/VendorCA.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
ServerName sub-domain.example.com
ServerAdmin admin#sub-domain.example.com
ErrorLog logs/sub-domain.example.com-error_log
CustomLog logs/sub-domain.example.com-access_log common
ProxyPass /app http://localhost:8080/app/
ProxyPassReverse /app http://localhost:8080/app/
</VirtualHost>
Any help will be really appreciated.