TURN Server use https connection for the admin session - ssl

I have installed TURN server. And APACHE is also installed there. SSL Certificates are also installed. The site is running fine where I am typing https://www.domain.com or https://domain.com
But if I type only www.domain.com or domain.com it is saying "TURN Server
use https connection for the admin session".
All I want, if someone types the URL without HTTPS, it will redirect it to HTTPS URL.
It is a server where TURN Server is also installed ( Repeating it again )

I think this link can help.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
The Apache doc recommend this:
<VirtualHost *:80>
ServerName www.example.com
Redirect / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
# ... SSL configuration goes here
</VirtualHost>

Related

Redirect to https if url point to another webserver by means of proxypass

I need help about a configuration. I have an .htaccess for my frontend webserver which is so configured:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/?(dir_a|dir_b|dir_c)
RewriteCond %{QUERY_STRING} !^/?(dir_a|dir_b|dir_c)
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
DirectoryIndex index.php
So, dir_a, dir_b and dir_c, which are on the frontend server, are not redirected to https. Everything on the frontend server is correctly redirected to https if https is omitted or using http when one inputs an URL of my website. This does not happen for a location pointing to an internal webserver, i.e I have in my apache2.conf:
<VirtualHost *:443>
...
ServerName example.com
SSLEngine on
SSLProxyEngine On
...
</VirtualHost>
...
<Location /backsrvdir>
SSLRequireSSL
ProxyPass http://192.168.x.y/backsrvdir
ProxyPassReverse http://192.168.x.y/backsrvdir
</Location>
In backsrvdir I have another .htaccess with its DirectoryIndex bsindex.php.
It works only if the link already contains https:, so if I write or click on https://example.com/backsrvdir it's ok, if omit https: or using http: the frontend server responds with a "403 Forbidden: You don't have permission to access /backsrvdir/ on this server. Apache/2.2.22 (Debian) Server at example.com Port 80".
As I stated above, port 80 is open only for dir_a dir_b and dir_c.
Any idea to solve the problem and have http://example.com/backsrvdir redirected to https://example.com/backsrvdir?
Thanks in advance.
Try something like this:
<VirtualHost *:80>
...
Redirect permanent /backsrvdir https://example.com/backsrvdir
# Remove the other 3 lines:
# SSLRequireSSL
# ProxyPass http://192.168.x.y/backsrvdir
# ProxyPassReverse http://192.168.x.y/backsrvdir
...
</VirtualHost>
Also remove anything related to https redirection from .htaccess

How to permanent redirect an HTTP to HTTPS SSL url?

How can I redirect any incoming HTTP requests to my local HTTPS configuration in apache2 on ubuntu?
The following does not work, because localhost is not replaced with the internal server ip.
<VirtualHost *:80>
Redirect / https://localhost
</VirtualHost>
<VirtualHost *:443>
ProxyPass ...
</VirtualHost>
Is that possible without having to explicit hardcode my local server IP into the Redirect?
This should do:
<VirtualHost *:80>
...
RewriteEngine On
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302]
</VirtualHost>
Once you are sure it works OK, change 302 to 301

How to force redirect http to https on a apache reverse proxy server?

I have an apache reverse proxy server with http and https services. I want to redirect http to https forcible. What should i configure the config file?
Recommended and also safer way is using VirtualHost:
<VirtualHost *:80>
ServerName www.example.com
Redirect permanent / https://www.example.com/
</VirtualHost>
or
<VirtualHost *:80>
ServerName www.example.com
Redirect permanent /login https://www.example.com/login
</VirtualHost>
The other way is using mod_rewrite:
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e. http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context
As I said, Apache recommends using VirtualHost config.
Examples taken from:
https://wiki.apache.org/httpd/RedirectSSL
https://wiki.apache.org/httpd/RewriteHTTPToHTTPS

Apache rewrite before mod_jk (remove www)

Here's the context:
I am working with Centos 7, apache 2.4.6 and tomcat 8.0.
I have a classical php website that is stored in /var/www folder.
I have a JEE website that is stored in tomcat webapps folder.
I have a wildcard ssl certificate (signed).
Here's what I want:
I want ALL accesses to my server to be redirected to correct website, with https, and without www.
Here are the use cases:
URL 'example.com' ==> redirected to https OK
URL 'www.example.com' ==> redirected https + remove www OK
URL 'https://www.example.com' ==> keep https + remove www OK
URL 'test.example.com' ==> redirected to https OK
URL 'www.test.example.com' ==> redirected https + remove www OK
URL 'https://www.test.example.com' ==> KO not redirected - browser displays a page saying that website is badly configured and connection not secured (because the wildcard ssl does not cover 2 levels)
This last point is what I'm trying to fix.
Here's my configuration:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect / https://example.com/
</VirtualHost>
<VirtualHost *:80>
ServerName test.example.com
ServerAlias www.test.example.com
Redirect / https://test.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/public/example
SSLEngine on
SSLCertificateFile xxx
SSLCertificateKeyFile xxx
SSLCertificateChainFile xxx
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
</VirtualHost>
<VirtualHost *:443>
ServerName test.example.com
ServerAlias www.test.example.com
SSLEngine on
SSLCertificateFile xxx
SSLCertificateKeyFile xxx
SSLCertificateChainFile xxx
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
JkMount / worker_test
JkMount /* worker_test
</VirtualHost>
So, it seems that I'm almost there, but what am I doing wrong ?
As far as I know, you cannot configure more than one https virtual host for each IP, that's it, name based virtual hosting is limited to only one SSL virtual host.
This info is from https://wiki.apache.org/httpd/NameBasedSSLVHosts
As a rule, it is impossible to host more than one SSL virtual host on the same IP address and port. This is because Apache needs to know the name of the host in order to choose the correct certificate to setup the encryption layer. But the name of the host being requested is contained only in the HTTP request headers, which are part of the encrypted content. It is therefore not available until after the encryption is already negotiated. This means that the correct certificate cannot be selected, and clients will receive certificate mismatch warnings and be vulnerable to man-in-the-middle attacks.
In reality, Apache will allow you to configure name-based SSL virtual hosts, but it will always use the configuration from the first-listed virtual host (on the selected IP address and port) to setup the encryption layer. In certain specific circumstances, it is acceptable to use a single SSL configuration for several virtual hosts. In particular, this will work if the SSL certificate applies to all the virtual hosts. For example, this will work if:
All the VirtualHosts are within the same domain, eg: one.example.com and two.example.com.
You have a wildcard SSL certificate for that domain (one where the Common Name begins with an asterix: i.e *.example.com)
I´ve heard about using SNI to achieve this kind of configurations, but I have never tested: SSL with Virtual Hosts Using SNI

Redirecting HTTP to HTTPS with Apache

I have an issue using mod_rewrite to force redirection of HTTP requests to HTTPS using Apache 2.2.22 on Ubuntu Server 12.04.
My /etc/apache2/sites-available/default file is as follows:
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
The HTTPS host is defined in default-ssl in the same directory.
Visiting the server's local IP address, the redirect appears to work fine. However, accessing it via the FQDN, it doesn't. Using the FQDN, the site is available at port 5443, which is mapped in the firewall to 443 on the server, so perhaps that has something to do with the problem. I cannot just use port 443 directly, as it is in use on this IP address by another server.
To further clarify, the following are valid links:
https://website:5443
https://192.168.200.80:443
The redirect works here:
http://192.168.200.80
But the following gives a 400 Bad Request, and this is where the redirect is needed:
http://website:5443/
"Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please."
This is totally possible. The following redirects all http to the https url.
<VirtualHost *:80>
ServerName mydomainname.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
make sure you load the rewrite module mod_rewrite and enable it.
Your problem here is the initial HTTP request: This won't work as the server won't understand it receiving the request on port 443 (as the response code suggests).
If no port is given, the protocol http defaults to port 80, https to port 443.
This is also the reason why your local redirect works. I bet, if you access the page through http://website/ (with proper port forwarding of port 80), it will work as well. Also note that your VirtualHost is only defined for port 80 anyway, so it won't be valid for requests sent to website:5443 (or website:443).
In general, you'd need a server accepting both HTTP and HTTPS requests on a single port. Not sure any popular server actually supports something like that, because (I think) it essentially violates the specs.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
if u want to redirect your site from http:// anything.example.com to https: //anything.example.com ... Just create a dedicated hosting .conf file as /etc/httpd/conf.d/dedicated.conf and other conf file as virtual.conf ... entries for dedicated.conf are as follows....
this is dedicated server hosting conf file for redirecting it to https...
<virtualhost *:80>
servername host.example.com
documentroot /var/www/html
rewriteengine on
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
sslcertificatefile /etc/pki/tls/certs/name.crt
sslcertificatekeyfile /etc/pki/tls/private/name.key
</virtualhost>
<directory /var/www/html>
allowoverride all
require all granted
</directory>
Alternatively as mentioned in comment below, we can use redirect also:
<virtualhost *:80>
servername host.example.com
documentroot /var/www/html
RedirectMatch / https://host.example.com:ANY_PORT/ #if there is specific port
sslcertificatefile /etc/pki/tls/certs/name.crt
sslcertificatekeyfile /etc/pki/tls/private/name.key
</virtualhost>
<directory /var/www/html>
allowoverride all
require all granted
</directory>