I want all access to my website to be forced to HTTPS (https://support.google.com/webmasters/answer/6073543?hl=en).
I also want to force canonical www URL access (https://www.yes-www.org/why-use-www/)
I am attempting to do so according to Apache recommendations using the Redirect directive https://wiki.apache.org/httpd/RedirectSSL and https://httpd.apache.org/docs/2.4/rewrite/remapping.html#canonicalhost
I have a valid lets-encrypt certificate which has both www and the naked domain.
I have configured *:80 and *:443 VirtualHost redirects. /etc/httpd/conf.d/www.example.com.conf:
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
Redirect permanent / https://www.example.com
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/www.example.com/fullchain.pem
Redirect permanent / https://www.example.com
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/www.example.com/fullchain.pem
DocumentRoot "/var/www/html/www.example.com"
</VirtualHost>
<Directory "/var/www/html/www.example.com">
Order allow,deny
Allow from all
</Directory>
All works well if I specify base URL (example.com, www.example.com, https://example.com, etc). However, if I specify a page on the naked HTTPS request the redirect eats the root slash (https://example.com/index.html becomes https://www.example.comindex.html).
I do it with the following for all non-ssl to ssl -
<VirtualHost *:80>
ServerName example.org
ServerAlias www.example.org
RewriteEngine on
RewriteRule ^/(.*)$ https://www.example.org/$1 [R,L]
</VirtualHost>
Slighly different should do the same for https://example.org only redirecting to www.example.org
<VirtualHost your.ip.add.ress:443>
ServerName example.org
RewriteEngine on
RewriteRule ^/(.*)$ https://www.example.org/$1 [R,L]
*snip*
Normal SSL certificate/key stuff goes here
*snip*
</VirtualHost>
RedirectMatch appears to solve the problem similar to the Rewrite suggested by ivanivan. Changing Redirect line in *:443 VHost section to the following seems to fix the issue:
RedirectMatch permanent ^/?(.*) https://www.example.com/$1
I still don't understand why simple Redirect doesn't work with HTTPS.
As an aside, https://salferrarello.com/chrome-clear-redirect-cache/ was useful disabling Redirect caching in Chrome during testing.
Related
I'm using PufferPanel to manage my game servers and I have run into a problem with the SSL certificate step. I'm using Lets Encrypt to generate a certificate and with that comes system files verification to make sure it is authentic. I can't get the .well-known to work as Pufferhost must have something within its JS which redirects anything to a 404 page. I found some resources online and came up with the configuration below. Unfortunately, it does not work. It shows a chrome error saying that I am performing too many redirects, how can I fix this. I really appreciate any help you can provide.
##################################################################################################
# PANEL VIRTUAL HOST #
##################################################################################################
<VirtualHost *:80 *:8080 *:443>
ServerName panel.example.com
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L,QSA]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule .* ws://localhost:8080%{REQUEST_URI} [P]
</VirtualHost>
The vhost listen to Port 8080 and then redirect to Port 8080, that should be the loop.
I would suggest to use individual vhosts for each Port.
One for Port 80 HTTP and one for Port 443 HTTPS. Port 8080 needs no vhost because you redirect to it.
Then you can use the Vhost with Port 80 with a DocumentRoot where Lets-encrypt can store the .well-known/acme-challenge/.
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName www.example.com
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/var/www/html"
ServerName www.example.com
ProxyPreserveHost On
ProxyPass "/" "http://localhost:8080/"
ProxyPassReverse "/" "http://localhost:8080/"
</VirtualHost>
When you have the Lets Encrypt Certificate you can add an redirect from Port 80 to Port 443 to force HTTPS. Then you need to add the SSL-Certificate to the Port 443 vhost config.
<VirtualHost *:80>
DocumentRoot "/var/www/html"
ServerName www.example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/var/www/html"
ServerName www.example.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
ProxyPreserveHost On
ProxyPass "/" "http://localhost:8080/"
ProxyPassReverse "/" "http://localhost:8080/"
</VirtualHost>
Depending on your OS the SSLCertificateFile/SSLCertificateKeyFile-Path is at an other location.
I have a DigitalOcean Ubuntu 20.04 Droplet. Connected to a Domain and SSL Cert from Namecheap. Everything works fine. I'm trying to add a redirect from http://example.com to https://www.example.com. HTTPS and WWW. When I try my domain. I get an error saying "too many redirects." I can't access the page. No Apache. So I'm in a Redirect loop. Between www and non-www. My /etc/apache2/sites-enabled/000-default.conf is:
`<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
Redirect permanent / https://www.example.com/
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/ssl/example_com.crt
SSLCertificateKeyFile /etc/ssl/example_com.key
SSLCertificateChainFile /etc/ssl/example_com.ca-bundle
</VirtualHost>`
So, how can I stop the Redirect Loop? I also have /etc/apache2/sites-enabled/000-default.conf:30
`<VirtualHost *:443>
ServerName example.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/ssl/example_com.crt
SSLCertificateKeyFile /etc/ssl/example_com.key
SSLCertificateChainFile /etc/ssl/example_com.ca-bundle
</VirtualHost>`
Does this look correct? Please take a look. And reply. With how I can stop the redirect. Loop. Thanks
Adjust your Vhost configuration:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/example_com.crt
SSLCertificateKeyFile /etc/pki/tls/private/example_com.key
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
To have the following result:
http://example.com -> https://www.example.com
http://www.example.com -> https://www.example.com
https://example.com -> https://www.example.com
https://www.example.com -> Stays the same
My domain name is example.com without www. So if I put www.example.com then it does not work but example.com works. So I configured apache like this
<VirtualHost *:80>
ServerName example.com
ServerAdmin webmaster#example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAdmin webmaster#example.com
DocumentRoot path/to/project/public
SSLEngine on
SSLCertificateFile /path/to/keys/xxx.crt
SSLCertificateKeyFile /path/to/keys/xxx.key
ErrorLog /var/log/apache2/error_log
CustomLog /var/log/apache2/access_log combined
<Directory "path/to/project/public">
Options FollowSymLinks
Require all granted
</Directory>
</VirtualHost>
Now, as you can see, I do a permanent redirection to https like
Redirect permanent / https://example.com/
But this redirection add www with the domain name by default. So the redirected url becomes https://www.example.com/. Obviously my website can not be accessed from with www since it is registered without www. So please tell me how can make the redirect to work and go to https://example.com/ without the https.
Add an Alias
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
</VirtualHost>
This requires that the www.yourdomain.com points to the same place as yourdomain.com. However the www might not work with your SSL certificate, it depends on the certificates specificity.
I generally allow both on my sites as some people insist on including the www whenever they enter an address.
Apache's documentation can help out with more specifics https://httpd.apache.org/docs/2.2/vhosts/name-based.html
As far as the redirect issue you're having:
Make sure you don't have some RewriteEngine rules that are rewriting your non www requests to www. You might have an .htaccess file in your site directory that is doing the rewrite/redirect.
It might look something like:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://www.%{SERVER_NAME}/$1 [R,L]
Which would mean you should remove the www in the last Rewrite Rule
I have a SAAS in which I need to create multiple subdomains dynamically (Note: There are a lot of subdomains, I don't know which ones will be auto generated ). So I canĀ“t repeat this for each one:
<VirtualHost *:80>
ServerName a1.app.example.com
Redirect / https://a1.app.example.com
</VirtualHost>
Is there a way to redirect each one of the subdomains in http to https?. Something like " Redirect / https://*.app.example.com "
<VirtualHost *:80>
ServerName app.example.com
Redirect / https://*.app.example.com
</VirtualHost>
<VirtualHost *:80>
ServerName app.example.com
ServerAlias *.app.example.com
DirectoryIndex index.php
DocumentRoot /var/www/xxxxxxx
SSLEngine on
SSLCertificateFile /etc/ssl/xxxxx.crt
SSLCertificateKeyFile /etc/ssl/xxxx.key
SSLCertificateChainFile /etc/ssl/xxxx.crt
</VirtualHost>
Add that to your main vhost:
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,QSA,R=301]
And make sure mod_rewrite is active. You can activate it using the a2enmod rewrite command.
I'm trying to do an url rewriting with Apache 2.4. I want that requests to
http://subdomain.domain.com
http://www.subdomain.domain.com
https://www.subdomain.domain.com
are remapped to
https://subdomain.domain.com
to avoid an error in SSL wildcard cert that doesn't not match www.subdomain.domain.com.
I tried with:
<VirtualHost ip:80>
ServerName subdomain.domain.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost ip:80>
ServerName www.subdomain.domain.com
Redirect permanent / https://subdomain.domain.com
</VirtualHost>
<VirtualHost ip:443>
ServerName www.subdomain.domain.com
Redirect permanent / https://subdomain.domain.com
</VirtualHost>
<VirtualHost ip:443>
ServerName subdomain.domain.com
...
...
...
My configuration works for (1) and (2) but not for (3). Where is my mistake?
I think the problem is that one of your port 443 virtualhosts does not have SSL on.
Try this
<VirtualHost ip:443>
ServerName www.subdomain.domain.com
Redirect permanent / https://subdomain.domain.com
SSLEngine on
SSLCertificateFile /something
SSLCertificateKeyFile /something
</VirtualHost>
Otherwise, the request simply won't be understood, because it's encrypted.
See eg How to redirect https to http without any SSL Certificate for why this is necessary.