SSL Wildcard Apache - apache

I have a SAAS in which I need to create multiple subdomains dynamically (Note: There are a lot of subdomains, I don't know which ones will be auto generated ). So I canĀ“t repeat this for each one:
<VirtualHost *:80>
ServerName a1.app.example.com
Redirect / https://a1.app.example.com
</VirtualHost>
Is there a way to redirect each one of the subdomains in http to https?. Something like " Redirect / https://*.app.example.com "
<VirtualHost *:80>
ServerName app.example.com
Redirect / https://*.app.example.com
</VirtualHost>
<VirtualHost *:80>
ServerName app.example.com
ServerAlias *.app.example.com
DirectoryIndex index.php
DocumentRoot /var/www/xxxxxxx
SSLEngine on
SSLCertificateFile /etc/ssl/xxxxx.crt
SSLCertificateKeyFile /etc/ssl/xxxx.key
SSLCertificateChainFile /etc/ssl/xxxx.crt
</VirtualHost>

Add that to your main vhost:
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,QSA,R=301]
And make sure mod_rewrite is active. You can activate it using the a2enmod rewrite command.

Related

Proxy not redirecting

I have the following Apache config file. When someone types in http://mywebsite.com it is not redirecting them to https. Why?
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass "/" "http://10.0.1.123/"
ProxyPassReverse "/" "http://10.0.1.123/"
ServerName www.mywebsite.com
ServerAlias mywebsite.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =mywebsite.com
RewriteCond %{SERVER_NAME} =www.mywebsite.com
RewriteRule ^ https://mywebsite.com%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine on
ProxyPreserveHost On
ProxyPass "/" "http://10.0.1.123:80/"
ProxyPassReverse "/" "http://10.0.1.123:80/"
ServerName www.mywebsite.com
ServerAlias mywebsite.com
ServerAdmin admin_ws1#mywebsite.com
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.mywebsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.mywebsite.com/privkey.pem
</VirtualHost>
<VirtualHost *:80>
...
ProxyPass "/" "http://10.0.1.123/"
...
RewriteRule ^ https://mywebsite.com%{REQUEST_URI} [END,NE,R=permanent]
The ProxyPass is telling Apache to work as reverse proxy and forward the request to the real server. The RewriteRule instead is telling Apache to answer the request itself with a redirect to the HTTPS version of the site. Obviously it cannot do both at the same time, so there is a conflict. Please remove Proxy* rules and keep only the Rewrite* rules on port 80.

apache redirect HTTPS to canonical HTTPS

I want all access to my website to be forced to HTTPS (https://support.google.com/webmasters/answer/6073543?hl=en).
I also want to force canonical www URL access (https://www.yes-www.org/why-use-www/)
I am attempting to do so according to Apache recommendations using the Redirect directive https://wiki.apache.org/httpd/RedirectSSL and https://httpd.apache.org/docs/2.4/rewrite/remapping.html#canonicalhost
I have a valid lets-encrypt certificate which has both www and the naked domain.
I have configured *:80 and *:443 VirtualHost redirects. /etc/httpd/conf.d/www.example.com.conf:
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
Redirect permanent / https://www.example.com
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/www.example.com/fullchain.pem
Redirect permanent / https://www.example.com
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/www.example.com/fullchain.pem
DocumentRoot "/var/www/html/www.example.com"
</VirtualHost>
<Directory "/var/www/html/www.example.com">
Order allow,deny
Allow from all
</Directory>
All works well if I specify base URL (example.com, www.example.com, https://example.com, etc). However, if I specify a page on the naked HTTPS request the redirect eats the root slash (https://example.com/index.html becomes https://www.example.comindex.html).
I do it with the following for all non-ssl to ssl -
<VirtualHost *:80>
ServerName example.org
ServerAlias www.example.org
RewriteEngine on
RewriteRule ^/(.*)$ https://www.example.org/$1 [R,L]
</VirtualHost>
Slighly different should do the same for https://example.org only redirecting to www.example.org
<VirtualHost your.ip.add.ress:443>
ServerName example.org
RewriteEngine on
RewriteRule ^/(.*)$ https://www.example.org/$1 [R,L]
*snip*
Normal SSL certificate/key stuff goes here
*snip*
</VirtualHost>
RedirectMatch appears to solve the problem similar to the Rewrite suggested by ivanivan. Changing Redirect line in *:443 VHost section to the following seems to fix the issue:
RedirectMatch permanent ^/?(.*) https://www.example.com/$1
I still don't understand why simple Redirect doesn't work with HTTPS.
As an aside, https://salferrarello.com/chrome-clear-redirect-cache/ was useful disabling Redirect caching in Chrome during testing.

How to configure apache2 subdomains to route to different servers

I am running apache 2.4.7 and presently all my traffic is going to a backend server on 8080 on the same server/instance.
I want my www traffic to go to a new server/instance and all my other subdomains (app, api, etc.) to go to the existing 8080.
Can somebody provide some direction?
Help appreciated.
<VirtualHost *:80>
ProxyPreserveHost On
ServerAdmin webmaster#example.com
ServerName example.com
Redirect "/" "https://www.example.com/"
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}
ServerAlias www.example.com
DocumentRoot /var/www/example.com/public_html/
Redirect "/ft/" "/"
ErrorLog /var/www/example.com/logs/error.log
CustomLog /var/www/example.com/logs/access.log combined
ProxyPass / http://0.0.0.0:8080/
ProxyPassReverse / http://0.0.0.0:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
If you want to do an external redirect to the new server for the www subdomain, you'll need to add the following to your configuration, under the other rewrite rules:
RewriteCond ${HTTP_HOST} ^www\. [NC]
RewriteRule ^ https://www.example.com/${REQUEST_URI} [L,R=301]
And you would need to remove the ServerAlias directive. This is also assuming you've already pointed DNS to the new host.
If the new box serving the www content is to be another backed server, you would need another virtual host. Add the following at the top instead:
<VirtualHost *:80>
ServerName www.example.com
ProxyPass / http://other-box/
ProxyPassReverse / http://other-box/
</VirtualHost>
And you still would need to remove the ServerAlias directive.

Apache 2.4 url rewriting with https

I'm trying to do an url rewriting with Apache 2.4. I want that requests to
http://subdomain.domain.com
http://www.subdomain.domain.com
https://www.subdomain.domain.com
are remapped to
https://subdomain.domain.com
to avoid an error in SSL wildcard cert that doesn't not match www.subdomain.domain.com.
I tried with:
<VirtualHost ip:80>
ServerName subdomain.domain.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost ip:80>
ServerName www.subdomain.domain.com
Redirect permanent / https://subdomain.domain.com
</VirtualHost>
<VirtualHost ip:443>
ServerName www.subdomain.domain.com
Redirect permanent / https://subdomain.domain.com
</VirtualHost>
<VirtualHost ip:443>
ServerName subdomain.domain.com
...
...
...
My configuration works for (1) and (2) but not for (3). Where is my mistake?
I think the problem is that one of your port 443 virtualhosts does not have SSL on.
Try this
<VirtualHost ip:443>
ServerName www.subdomain.domain.com
Redirect permanent / https://subdomain.domain.com
SSLEngine on
SSLCertificateFile /something
SSLCertificateKeyFile /something
</VirtualHost>
Otherwise, the request simply won't be understood, because it's encrypted.
See eg How to redirect https to http without any SSL Certificate for why this is necessary.

Redirect subdomains to different paths while using separate SSL certificates

I have a website with several different subdomains, and want to have parts of the site with higher levels of security than others. Such as Admin areas. I know that you can create as many certificates as you want. The issue that I am having is that whatever subdomain is listed first, it's DocumentRoot is applied to all the other subdomains redirecting to https://. Here is my code in httpd-vhosts.conf:
# HTTP Configuration
<VirtualHost *:80>
ServerName account.example.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
DocumentRoot "/Applications/MAMP/htdocs/Website/Account"
</VirtualHost>
# SSL Configuration
<VirtualHost *:443>
ServerName account.example.com
SSLEngine on
SSLCertificateFile /Applications/MAMP/conf/apache/account.crt
SSLCertificateKeyFile /Applications/MAMP/conf/apache/account.key
DocumentRoot "/Applications/MAMP/htdocs/Website/Account"
</VirtualHost>
#Secure Admin Config
<VirtualHost *:80>
ServerName secure.example.com
DocumentRoot "/Applications/MAMP/htdocs/Website/Secure"
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
DocumentRoot "/Applications/MAMP/htdocs/Website/Secure"
# Other directives here
</VirtualHost>
#SSL Config for Admin area
# SSL Configuration
<VirtualHost *:443>
ServerName secure.example.com
SSLEngine on
SSLCertificateFile /Applications/MAMP/conf/apache/secure.crt
SSLCertificateKeyFile /Applications/MAMP/conf/apache/secure.key
DocumentRoot "/Applications/MAMP/htdocs/Website/Secure"
</VirtualHost>
For example, if I were to go to secure.example.com it's DocumentRoot would be /Applications/MAMP/htdocs/Website/Account instead of /Applications/MAMP/htdocs/Website/Secure
Is there a way to fix this?
Thank you in advance!