I have recently started switching all my sites to SSL, locally using Mamp Pro virtual hosts and self-sign certificates.
All works fine with one exception:
if I type local.domainname.co.uk in a browser I get a 403 error, unless I type the full https:// first, then it works fine. On the live site it all works as expected; type domainname.co.uk and the browser fills in the https:// for me.
These are drupal sites using htaccess module to force the ssl - but since it works live but not local I'm assuming its a mamp issue?
Solved this - I needed to set up a non-SSL host in MAMP with the same name and settings as the SSL host (with SSL unchecked obviously) - although I want the site all https, there still needs to be an http host so it can re-direct to ssl (until browsers default to https at some point in the future?). MAMP instructions.
Or don't bother if you can live with typing https:// every time!
Related
I am using ngrok to make my local instance of Apache (running through XAMPP on Windows 10) viewable to the internet. It works fine to access http://example.com but if I try https://example.com it gives me a certificate error (because the certificate is issued for its ngrok.io domain). I know I can avoid the cert error by using a url that ngrok generates for https, but I'd rather use my own domain name. How can I avoid the certificate error and get my site to load over https? I've seen a few guides for enabling https/ssl on localhost, but that's not what I need to do - I need to enable it for example.com, not localhost, and as I said, serving the site over http is working fine.
So I am currently working on a project where I use the Instagram API to get some user Data onto my Localhost webpage on the Raspberry. The API however needs secure redirect uri (https). But when the API wants do redirect to https://localhost/instagram it says
"404 Not Found The requested URL /instagram was not found on this server. Apache/2.4.25 (Raspbian) Server at localhost Port 443"
In the url-bar it says "Not secure", the https part is marked red and is crossed out. When I test my stuff on another computer which has Xampp and Apache running everything works fine and even if I type https://localhost it redirects straight to localhost.
I found out that I might need a SSL certificate in order to make use of https links even if I'm running on localhost. But I don't really know how I should do this on my raspberryPi. There are already some SSL modules enabled inside the Apache2 folder.
Just upgraded to Mamp Pro 3.5 from simple MAMP and all worked great till I added a self signed cert.
My document root for my local.mysite.com was set to htdocs/html/magento
Site works fine using http.
When I add the self signed ssl the site now only works correctly at https pages. If I try to go to any page without https such as http://local.mysite.com/store I get this in the apache log:
File does not exist: /Applications/MAMP/htdocs/store
If I uncheck the ssl the http urls all work again.
Did I miss something in the set up?
Thanks
It's far from obvious, but you can actually add a second host with the exact same domain name (local.mysite.com in your case) but this time leave SSL disabled on the SSL tab.
You'll therefore have two hosts, both for local.mysite.com. One is for https and the other for http.
I would appreciate some help to understand what is going on: both Firefox and Chrome are failing to load my non-SSL website, say subdomain.example.com, with the following SSL errors (both on ubuntu 14.04 i386):
FF30: ssl_error_rx_record_too_long
Chrome 35: ERR_SSL_PROTOCOL_ERROR
This started to occur after I set (and follow) a redirect (302) to SSL on the parent domain, say http://example.com to https://example.com. It gets back to normal after a full cache clean on the browser. But as soon as I access the parent domain I get the problem on the subdomain.
I have never entered the subdomain URL with the "https://" scheme prefix. I don't usually type any prefix and it is happening even if I explicitly prefix with "http://". And it is not only on the address bar, the same happens for links.
I am very confident that there is nothing wrong with the non-SSL site on the subdomain.
I thought about filling a bug report but it is unlikely this is a bug in both browsers and more likely I am missing something.
It there any rule that if a website on a given domain supports SSL (or redirects http to https), then sites on subdomains are assumed to do as well?
I later found the cause of the SSL errors. But the problem still persists (now the message is connection refused):
Apache web server was configured to listen on both ports 80 and 443, but with no "SSLEngine on" clause. This effectively makes it serve plain HTTP on port 443.
It is worth to mention that this Apache configuration mistake is not that hard to fall into. Actually, in the default Ubuntu configuration (possibly the same for Debian), it is just a matter of enabling/loading the SSL module (and not providing a site configuration that uses SSL).
I have just found the cause. The ssl site on the parent domain is including the following STS response header:
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
That triggers the browser behavior by spec.
I have spent 1 full day on this and I am tired. Any help will be appreciated
Problem:
Rails app. Working perfectly on development machine. Deployed it on production machine - Ubuntu 10.04, Apache2 /2.2.14, mysql, Using Passenger for Rails.
Whenever I tried to access with serverName in the browser, the url will become https:// serverName and the page will not be displayed.
I ended up enabling ssl and generating a certificate. The site works with a warning - "not trusted. do you want to proceed". I am fine with that.
But I am trying to run it on http and nto redirect to https.
I disabled ssl mode with sudo a2dismod ssl
removed default-ssl from sites-enabled
Now ssl is disabled but still when I go to browser and type the server address or ip, it appends https to it and says 'This webpage is not available'
It is not the browser issue because I am able to access the other server (not owned by me) with http.
Also the app runs fine with http on my localhost in the same browser.
I would really appreciate if anyone could help me with disabling https completly on apache2.
I found out why the redirect was happening.
Everything was working fine on local but not in the production environment, even after disabling SSL on apache. It was rails which was redirecting it on https.
Had to do this
config.force_ssl = false
in config/environments/production.rb