running website with no http show different content - apache

Im running 3 sites in one server the same IP in Ubuntu/Apache using vhost.
I bought an SSL certificate and installed it in one of my sites successfully. The problem is when I run the site with no https it shows content from my other site.
Ex.
www.aaaaa.com
www.bbbbb.com (SSL)
www.ccccc.com
when I run https://bbbbb.com there is no problem but
when I run http://bbbbb.com it shows the content of www.aaaaa.com
I know the ssl is working correctly coz I have tested it sslchecker.
This is the first time I installed SSL, I hope someone knows something about this problem.

ok just got the Answer from this link
https://www.namecheap.com/support/knowledgebase/article.aspx/9821/38/redirect-to-https-on-apache
You just need to Redirect HTTPS on Apache. Solution is I added vhost port 80 on my conf file in apache to redirect it to https when accessing the site with no https.
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#example.com
ServerName example.com.ca
ServerAlias www.example.com
DocumentRoot /var/www/example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/example.com/example.ca.crt
SSLCertificateKeyFile /etc/ssl/example.com/example.key
SSLCertificateChainFile /etc/ssl/example.com/example.ca.ca-bundle
</VirtualHost>

Related

Use Apache To Run SSL On Port 8980 Specifically

I have a web service which I access by typing the following URL exactly as is (character for character):
http://10.115.252.127:8980/opennms/login.jsp
The website files are served from /opt/opennms/jetty-webapps/opennms/
My objective is to use Apache (httpd.conf) to force any traffic to this URL to use SSL and no longer HTTP.
I have successfully installed the SSL certificates with no issues.
I have configured a VirtualHost directive to redirect port 80 to 443
Only sites under /var/www/html/* are being successfully redirected.
Example: http://10.115.252.127/numbers successfully redirects to https://10.115.252.127/numbers
http://10.115.252.127/charts successfully redirects to https://10.115.252.127/charts
But, when I type in the URL http://10.115.252.127:8980/opennms/login.jsp it is always served as HTTP...how do I make it served as HTTPS like the others? I have checked the forums and all the posts assume you will always be redirecting port 80 and dont say anything about how to use SSL in the scenario I explained. I have the same issue with another service running on port 3000 http://10.115.252.127:3000/login
===extract from my httpd.conf===
<VirtualHost *:80>
ServerName 10.115.252.127
Redirect permanent / https://10.115.252.127/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
ServerName 10.115.252.127
#Documentroot /var/www/html
</VirtualHost>
Based on your confirmation of my understanding, here is what you can do:
############################################################################
Listen 80
# All connections on port 80 are redirected to port 443
<VirtualHost *:80>
ServerName www.example.com
CustomLog "logs/80_access.log" combined
ErrorLog "logs/80_error.log"
Redirect permanent / https://www.example.com
# No documentRoot, no content
</VirtualHost>
############################################################################
Listen 443
# All URI are answered from the documentRoot directory
# EXCEPT /openms, which is proxied to :8980
<VirtualHost *:443>
ServerName www.example.com
# temporary, remove when tests done
LogLevel debug
CustomLog "logs/443_access.log" combined
Errorlog "logs/443_error.log"
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/cert_mtocb2500lbscorp.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mtocb2500-lbscorp.key
# For your redirection to 8980
ProxyPass /opennms "https://www.example.com:8980/"
ProxyPassReverse /opennms "https://www.example.com:8980/"
documentRoot "/yourdir/apache/htdocs"
DirectoryIndex index.html
</VirtualHost>
Prerequisites
you must load proxy modules
you must load rewrite module
port 8980 is linked to some other software. Apache does not handle 8980.

Apache2 VirtualHost SSL config issues

Debian 10 / Apache2 -
GOAL: redirect all web traffic to VPS server to SSL. I have 2 sites hosted: bjmurrey.com and nextcloud.bjmurrey.com. I have 1 IP address.
PROBLEM: I can't for the life of me find a way to make this work. I have tried 1000 suggestions posted here and elsewhere with no success. The closest I get is everything redirects to https://bjmurrey.com when typing in nextcloud.bjmurrey.com. I am also a novice at this so please be kind.
I have a default.conf that looks like this:
<VirtualHost *:80>
ServerName www.bjmurrey.com
ServerAlias bjmurrey.com
DocumentRoot /var/www/blog
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://bjmurrey.com/
</VirtualHost>
<VirtualHost *:80>
ServerName nextcloud.bjmurrey.com
DocumentRoot /var/www/nextcloud
ServerAlias nextcloud.bjmurrey.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://nextcloud.bjmurrey.com/
</VirtualHost>
I have a default-ssl.conf that looks like this:
<VirtualHost bjmurrey.com:443>
ServerName bjmurrey.com
ServerAlias www.bjmurrey.com
DocumentRoot /var/www/blog
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/bjmurrey.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/bjmurrey.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost nextcloud.bjmurrey.com:443>
ServerName nextcloud.bjmurrey.com
DocumentRoot /var/www/nextcloud
ServerAlias nextcloud.bjmurrey.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/nextcloud.bjmurrey.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.bjmurrey.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
bjmurrey.com is in var/www/blog and nextcloud.bjmurrey.com in the var/www/nextcloud directories.
I have my DNS records www and nextcloud both pointed to same IP. I only have 1 IP available. This is a very low traffic site.
I have done all kinds of things like just have the default virtual host redirect to only nextcloud and removed all mention of the www site and it still redirects to bjmurrey.com, or redirects with an SSL error saying that nextcloud can't be loaded because the ssl is for bjmurrey.com only. As you can see I have made certs with letsencrypt for both bjmurrey.com and nextcloud.bjmurrey.com.
I'm about to yank all my hair out in frustration, so I know I've tapped out all my knowledge here. Help!
I have retested with http and is working for me.
Both addresses mydomain.myhost.example.com and myhost.example.com resolve to the same IP.
This is my configuration file
ServerName example.com
<VirtualHost *:80>
ServerName mydomain.myhost.example.com
DocumentRoot /var/www/mydomain
</VirtualHost>
<VirtualHost *:80>
ServerName myhost.example.com
DocumentRoot /var/www/myhost
</VirtualHost>
Tested in Ubuntu 20.04.1, Apache 2.4

How to fix 'No secure protocols supported'?

I have a personal website which I'm trying to set up to use HTTPS.
I'm using an Amazon Lightsail instance with Ubuntu 18.04 and Apache/2.4.29 on it. Opened port 443 using both AWS dashboard and ufw. I also made sure openssl version is up-to-date. I have used certbot, installation completes fine, I restarted webserver but when I go to ssllabs.com to test, I get:
Assessment failed: No secure protocols supported
Now, I have 3 websites served by the webserver, DocumentRoot is set to default /var/www/html and I created a conf file for each site in /etc/apache/sites-available as example.com.conf, with a VirtualHost listening to *:80 only. All sites are tested and works fine with the .conf files.
When I ran certbot, I got a file in /etc/apache/sites-available called example.com-le-ssl.conf with this in it:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html/example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
At this point, I expected it to work since the guide on https://certbot.eff.org/lets-encrypt/ubuntubionic-apache.html says nothing else needs to be done.
What am I missing?
Thanks in advance!

httpd redirects with SSL and subdomains/vhosts

I'm trying to setup http -> https redirected subdomains on my website, which is being served by Apache (Version: 2.2.31). I purchased a wildcard SSL certificate that is installed correctly for my main site (www.domain.com) because I get a green lock next to the address, so that part should be done.
The issue: browsing to subdomain.domain.com redirects to www.domain.com and I can't figure out why. I've been reading and following this page as well as several others with similar content, but I'm missing the key ingredient.
The main site is served from /var/www/html and the subdomain is served from /var/www/vhosts/subdomain. Also, I'm getting this error:
[warn] _default_ VirtualHost overlap on port 443, the first has precedence
Here's the vhost section of /etc/httpd/conf/httpd.conf:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.domain.com
ServerAlias www.domain.com
#Redirect permanent / https://www.domain.com
Redirect 302 / https://www.domain.com
</VirtualHost>
<VirtualHost *:80>
ServerName subdomain.domain.com
ServerAlias subdomain.domain.com
#Redirect permanent / https://subdomain.domain.com
Redirect 302 / https://subdomain.domain.com
</VirtualHost>
And here's /etc/httpd/conf.d/ssl.conf:
<VirtualHost *:443>
ServerName www.domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/html
...
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /path/to/cert
SSLCertificateKeyFile /path/to/key
SSLCertificateChainFile /path/to/bundle
</VirtualHost>
<VirtualHost *:443>
ServerName subdomain.domain.com
ServerAlias subdomain.domain.com
DocumentRoot /var/www/vhosts/subdomain
...
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /path/to/cert
SSLCertificateKeyFile /path/to/key
SSLCertificateChainFile /path/to/bundle
</VirtualHost>
And here's apachectl -S output (with my domain name redacted/substituted):
Any help would be greatly appreciated.
=======================================================================
Edit: I removed the word permanent, cleared my cache, and the problem persists. It seems like it has to do with the warning, right?
Also, I get a successful response regardless of which subdomain I use even when it doesn't exist. I can literally type whatever I want for subdomain and it goes to the main site. http://<anything>.domain.com and https://<anything>.domain.com both load the main site with https.
The problem was simple, but elusive, at least to me. In /etc/httpd/conf.d/ssl.conf, I needed to add the following line for the VirtualHost configurations to be distinct:
NameVirtualHost *:443
Now everything works as expected.

Name based virtual hosts serve the same SSL site

On my server I have the following vhost definition:
<VirtualHost *:80 *:443>
ServerAdmin admin#mysiste.com
ServerName mysite.com
ServerAlias www.mysite.com
DocumentRoot /var/www/mysite.com/current/public
SSLEngine on
SSLCertificateKeyFile /etc/ssl/ssl.key/myserver.key
SSLCertificateFile /etc/ssl/ssl.crt/mysite_com.crt
SSLCertificateChainFile /etc/ssl/ssl.crt/mysite_com.ca-bundle
<Directory /var/www/mysite.com/current/public>
Allow from all
Options -MultiViews
</Directory>
</VirtualHost>
The site itself works fine, the problem is that if I try any other site (vhost) hosted on the same server with https and skip the warning I get served mysite.com. This wouldn't be a problem for the casual user but I noticed Google tried and actually indexed a ton of URLs on my "other" sites via https which were actually pages from mysite.com and I'm afraid I'll get penalized for duplicate content.
How do I deny the other sites to be served via https?
I solved the issue. For further reference this is Ubuntu 12.04.
In /etc/apache2/ports.conf added the following to the <IfModule mod_ssl.c> section:
NameVirtualHost *:443
As per the instructions in the above file, modified in /etc/apache2/sites-available/default-ssl from <VirtualHost _default_:443> to <VirtualHost *:443>.
Then:
sudo a2ensite default-ssl
sudo service apache2 reload
Done.