How to use same port for http and https - apache

I pretty much don't know about http and this topic, so couldn't find any answer enough to solve my question. Let me know if this question is duplicated and you already found the answer about this.
What I want to achieve
Normally it's working with http://domain:3000 but I want to make it accessible for https://domain:3000.
What I did
I installed let's encrypt and added reverse proxy settings on my apache setting file. So it was possible to access https://domain:3000 with the path such as https://domain/api but as I mentioned above I want to directly use port number on https as well.
additional lines on my httpd.conf are
NameVirtualHost *:80
<VirtualHost *:80>
ServerName my.domain
ServerAlias www.my.domain *.my.domain
DocumentRoot /var/www/html
RewriteEngine on
RewriteCond %{SERVER_NAME} =my.domain [OR]
RewriteCond %{SERVER_NAME} =www.my.domain [OR]
RewriteCond %{SERVER_NAME} =*.my.domain
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
Listen 443
</IfModule>
Include /etc/httpd/conf/httpd-le-ssl.conf
<IfModule mod_proxy.c>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /api http://my.domain:3000
ProxyPassReverse /api http://my.domain:3000
</IfModule>
Do I need to add more settings? or any other way to solve this?

It is better to configure the application you have to use different port for SSL connections, e.g. 3001 and forward requests via HTTPS to this port or access it directly

Related

Wrong certificate being presented behind apache reverse proxy

I think I know the reason this is happening but I don't know how to fix it. I have a reverse proxy set up on one server and it's proxying from port 443 to my mattermost server (not on the same machine) on the default port of 8065.
I have SSL set up on the proxy with a let's encrypt certificate.
Port 8065 is opened on my firewall to the mattermost server but also on that same public IP I have port 80 and 443 opened to a completely different server.
What is happening is that when I hit the url for my mattermost server the certificate for that other server is being presented to my browser instead of the one that is configured on the proxy. I have no idea why this is happening. Here is my virtual host section:
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot "/var/www/html"
ServerName chat.example.com
<Directory "/var/www/html">
allow from all
Options None
Require all granted
</Directory>
ProxyPreserveHost On
RewriteEngine On
RewriteCond %{REQUEST_URI} /api/v[0-9]+/(users/)?websocket [NC]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} \bUpgrade\b [NC]
RewriteRule .* ws://x.x.x.x:8065%{REQUEST_URI} [P,QSA,L]
ProxyPass / http://x.x.x.x:8065/ timeout=31536000
ProxyPassReverse / http://x.x.x.x:8065/
SSLCertificateFile /etc/letsencrypt/live/chat.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/chat.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/chat.example.com/chain.pem
</VirtualHost>
</IfModule>
Let me know if more information is required.
Rich
I ended up doing this a different way - not sure why it wasn't working. I'm calling it worked around.

how to add ipv6 to an apache vhost with v4 https and http

I'm having some difficulties with adding ipv6 to a vhost configuration that uses https and http, and forwards all http requests to https. This is what I currently have which works fine, but I'm not sure how to go about adding ipv6 to the mix. Any help would be greatly appreciated
<VirtualHost 213.138.102.25:443>
ServerName example.co.uk
ServerAlias www.example.co.uk
SSLEngine on
SSLCertificateFile /home/example/ssl/www_example_co_uk.crt
SSLCertificateKeyFile /home/example/ssl/www.example.co.uk.key
SSLCertificateChainFile /home/example/ssl/www_example_co_uk.ca-bundle
DocumentRoot /home/example/public_html/example.co.uk
<Directory /home/example/public_html/example.co.uk/>
Options MultiViews Indexes FollowSymLinks
AllowOverride all
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName example.co.uk
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.co.uk [NC,OR]
RewriteCond %{HTTP_HOST} ^www.example.co.uk [NC]
#RewriteRule ^(.*)$ https://www.example.co.uk/$1 [L,R=301,NC]
RewriteRule ^(.+[^/])/$ http://%{HTTP_HOST}/$1 [R=301,L]
Redirect permanent / https://www.example.co.uk/
</VirtualHost>
There are a few things you will need to do;
First, you may need to add a "Listen" directive in your conf file like this
Listen [2001:cdba:0000:0000:0000:0000:3257:9652]:443
Listen [2001:cdba:0000:0000:0000:0000:3257:9652]:80
Look in your existing conf file for the IP4 version and put it near that.
This might not be necessary if you are just listening to the ports like this
Listen 80
but if its like this you do need to add it
Listen 12.34.56.78:80
Second Leave your IP4 directives in-place and copy / paste them replacing the opening section in the copied version with something like this;
<VirtualHost [2001:cdba:0000:0000:0000:0000:3257:9652]:443>
and
<VirtualHost [2001:cdba:0000:0000:0000:0000:3257:9652]:80>
Do note that the IPV6 address is enclosed in square brackets and the address provided is only for example.
You will also need to be aware that IPV6 usually has its own firewall/iptables config and there may be other gotchas as well.
Dont forget to reload / restart Apache
Hope this helps.

hosting multiple websites on apache under one ip address

I am trying to host multiple websites (app.diff1.com and app.diff2.com running on tomcat server) on my apache server which are running on ports 8082 and 8083 respectively, to access them i want to use a single domain name (app.in.xxx.com/diff) along with a differentiater (diff1/diff2).I used url rewriting to change the domain names respectively. Now when i am trying to access the websites i always end up with hitting the first virtual host.
Please suggest me if i am not approaching the solution correctly.
Code snippet:
in httpd.conf file.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^app\.in\.xxx\.com/([a-z]*)$
RewriteRule ^ http://www.app.%1.com [L,R=301]
</IfModule>
<IfModule mod_proxy.c>
ProxyRequests off
</IfModule>
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.app.diff1.com
ProxyPass / http://www.app.diff1.com:8082/
ProxyPassReverse / http://www.app.diff1.com:8082/
</VirtualHost>
<VirtualHost *:80>
ServerName www.app.diff2.com
ProxyPass / http://www.app.diff2.com:8083/
ProxyPassReverse / http://www.app.diff2.com:8083/
</VirtualHost>
Move your rewrites into the first listed virtual host, and stop trying to capture the first path component of the URL as if it were part of HTTP_HOST -- capture it in the RewriteRule itself and use $1.
Also see ServerPath which is an esoteric way to do the same mapping.

Redirecting HTTP to HTTPS with Apache

I have an issue using mod_rewrite to force redirection of HTTP requests to HTTPS using Apache 2.2.22 on Ubuntu Server 12.04.
My /etc/apache2/sites-available/default file is as follows:
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
The HTTPS host is defined in default-ssl in the same directory.
Visiting the server's local IP address, the redirect appears to work fine. However, accessing it via the FQDN, it doesn't. Using the FQDN, the site is available at port 5443, which is mapped in the firewall to 443 on the server, so perhaps that has something to do with the problem. I cannot just use port 443 directly, as it is in use on this IP address by another server.
To further clarify, the following are valid links:
https://website:5443
https://192.168.200.80:443
The redirect works here:
http://192.168.200.80
But the following gives a 400 Bad Request, and this is where the redirect is needed:
http://website:5443/
"Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please."
This is totally possible. The following redirects all http to the https url.
<VirtualHost *:80>
ServerName mydomainname.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
make sure you load the rewrite module mod_rewrite and enable it.
Your problem here is the initial HTTP request: This won't work as the server won't understand it receiving the request on port 443 (as the response code suggests).
If no port is given, the protocol http defaults to port 80, https to port 443.
This is also the reason why your local redirect works. I bet, if you access the page through http://website/ (with proper port forwarding of port 80), it will work as well. Also note that your VirtualHost is only defined for port 80 anyway, so it won't be valid for requests sent to website:5443 (or website:443).
In general, you'd need a server accepting both HTTP and HTTPS requests on a single port. Not sure any popular server actually supports something like that, because (I think) it essentially violates the specs.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
if u want to redirect your site from http:// anything.example.com to https: //anything.example.com ... Just create a dedicated hosting .conf file as /etc/httpd/conf.d/dedicated.conf and other conf file as virtual.conf ... entries for dedicated.conf are as follows....
this is dedicated server hosting conf file for redirecting it to https...
<virtualhost *:80>
servername host.example.com
documentroot /var/www/html
rewriteengine on
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
sslcertificatefile /etc/pki/tls/certs/name.crt
sslcertificatekeyfile /etc/pki/tls/private/name.key
</virtualhost>
<directory /var/www/html>
allowoverride all
require all granted
</directory>
Alternatively as mentioned in comment below, we can use redirect also:
<virtualhost *:80>
servername host.example.com
documentroot /var/www/html
RedirectMatch / https://host.example.com:ANY_PORT/ #if there is specific port
sslcertificatefile /etc/pki/tls/certs/name.crt
sslcertificatekeyfile /etc/pki/tls/private/name.key
</virtualhost>
<directory /var/www/html>
allowoverride all
require all granted
</directory>

Redirect address with folder structure to https?

I want to make sure all my traffic is on ssl even if they type http. But I also want it to pass the folders so mod_rewrite will still work. I tried this poor example but it does not work. Basicly I if they type http://mydomain.com/apage it will redirect to https://mydomain.com/apage
Server: Apache2, LAMP stack.
.htaccess
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(/) https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
I am open to tweaking a virtual host files for Apache but I have not seen it done like that before. This is my first adventure into ssl hosting.
Just replacing http with https
RewriteCond %{HTTPS} !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
I suggest not using mod_rewrite or htaccess if you have access to httpd.conf.
If you want to force all users to use https (a good idea) you can add something like this to httpd.conf:
<VirtualHost 1.2.3.4:80>
ServerName SSL.EXAMPLE.COM
CustomLog /var/log/httpd/EXAMPLE.access_log combined
ErrorLog /var/log/httpd/EXAMPLE.error_log
Redirect / https://ssl.example.com/
</VirtualHost>
<VirtualHost 1.2.3.4:443>
ServerName ssl.example.com
DocumentRoot /var/www/html
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM
.
.
.
</VirtualHost>
<Directory /var/www/html>
#If all else fails, this will ensure nothing can get in without being encrypted.
SSLRequireSSL
</Directory>