So I've been messing around with Apache, and I bought a SSL certificate. I finally got it installed, but now when I goto my domain with the URL (leethecoder.com) I assume it's trying to use HTTP? And my server, of course, with a SSL certificate is not listening on port 80. But, if I include https:// before the URL (https://leethecoder.com), it works. Is there a way I can make the server force the basic URL (leethecoder.com) goto port 443?
This is my current /sites-enabled/ configuration file.
LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
ServerName www.leethecoder.com
ServerAlias www.leethecoder.com leethecoder.com
Options -Indexes
DocumentRoot /var/www/leethecoder.com/public_html/
SSLEngine on
SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
SSLCertificateKeyFile /etc/ssl/private/sslkey.key
SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
ErrorLog /var/www/leethecoder.com/logs/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
IMO, this is "properly" (you're currently an A-, the below might help to get an A+):
<VirtualHost *:80>
ServerName leethecoder.com
ServerAlias *.leethecoder.com
UseCanonicalName Off
ErrorLog /var/www/leethecoder.com/logs/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RedirectPermanent / https://leethecoder.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.leethecoder.com
UseCanonicalName Off
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "-ALL EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES"
SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
SSLCertificateKeyFile /etc/ssl/private/sslkey.key
SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
ErrorLog /var/www/leethecoder.com/logs/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RedirectPermanent / https://leethecoder.com/
</VirtualHost>
<VirtualHost *:443>
ServerName leethecoder.com
UseCanonicalName Off
ErrorLog /var/www/leethecoder.com/logs/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
DocumentRoot /var/www/leethecoder.com/public_html
<Directory /var/www/leethecoder.com/public_html/>
Allow From All
</Directory>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "-ALL EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES"
SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
SSLCertificateKeyFile /etc/ssl/private/sslkey.key
SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
</VirtualHost>
This is, of course, assuming that your variables are valid, you prefer the https without the www, and that you're OK for your clients to use that cipher suite. Also, that you've enabled the site, and disabled any other conflicting sites.
Proper way to do it -- secure way -- is to use the apache virtual host redirect:
<virtualhost *:80="">
ServerName www.example.com
Redirect / https://www.example.com/
</virtualhost>
<virtualhost *:443="">
ServerName www.example.com
# ... SSL configuration goes here
</virtualhost>
Or you need to use mod_rewrite to return an HTTP_RESPONSE 301 for redirect to your HTTPS site.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]
Also you need to listen port 80.
http://httpd.apache.org/docs/current/mod/mod_rewrite.html
Related
I'm trying to hide the port of a deployed container and preserve the original url using ProxyPass.
I've probably missconfigured something because instead of simply keeping the original address I get a redirect to the container address (example.com:8014 instead of keeping subdomain.example.com). The HTTP response is: 301 Moved Permanently (from service worker).
This is the virtual host containing the proxy:
<VirtualHost *:80>
ServerName subdomain.example.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =subdomain.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin#example.com
ServerName subdomain.example.com
ServerAlias subdomain.example.com
LoadModule proxy_http_module modules/mod_proxy_http.so
SSLProxyEngine On
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/subdomain.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subdomain.example.com/privkey.pem
ProxyPreserveHost On
ProxyPass / https://example.com:8014/
ProxyPassReverse / https://example.com:8014/
</VirtualHost>
And this is the virtual host inside the container:
<VirtualHost *:80>
ServerName example.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com:8014
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin#example.com
ServerName example.com
<Directory /var/www/html>
AllowOverride All
</Directory>
SSLEngine On
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
SSLHonorCipherOrder off
SSLSessionTickets off
SSLOptions +StrictRequire
SSLCertificateFile /etc/apache2/fullchain.pem
SSLCertificateKeyFile /etc/apache2/privkey.pem
</VirtualHost>
The container ports are mapped as follow: 80->8012, 443->8014.
My goal is to reach example.com:8014 using subdomain.example.com without changing the address.
Also Im not even sure why when using example.com:8012 I'm not being redirected to https on port 8014.
The issue must be in the container virtual host because it's it that is generating the 301 status code.
The configuration works just fine.
I would advice clearing google chrome's cache when something like this happens.
how to make https run on xampp. I'm creating a website but if called with https: // does not work.
i try
DocumentRoot C:/xampp/htdocs/yourProject
ServerName yourProject.whatever
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
and
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
results:
enter image description here
thank you very much.
Make sure your server is listening on port 443. Example:
<VirtualHost *:443>
ServerName www.foo.com
DocumentRoot /var/www/www.foo.com/htdocs
CustomLog /var/log/apache/www.foo.com-access.log combined
ErrorLog /var/log/apache/www.foo.com-error.log
# Example SSL configuration
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile "/var/www/www.foo.com/ssl/server.crt"
SSLCertificateKeyFile "/var/www/www.foo.com/ssl/server.key"
</VirtualHost>
Source: https://wiki.apache.org/httpd/ExampleVhosts
I have two websites in the same web server (Ubuntu 16.04.2 LTS - Apache/2.4.18). Everything works well when I try to access to both websites using HTTP (port 80). This is the vhosts.conf file content:
<VirtualHost *:80>
ServerName site1
DocumentRoot /var/www/html/site1
ErrorLog ${APACHE_LOG_DIR}/site1_error.log
CustomLog ${APACHE_LOG_DIR}/site1_access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName site2
DocumentRoot /var/www/html/site2
ErrorLog ${APACHE_LOG_DIR}/site2_error.log
CustomLog ${APACHE_LOG_DIR}/site2_access.log combined
</VirtualHost>
So, both sites are accessible through "mydomain.com/site1" and "mydomain.com/site2". I have installed a Let's Encrypt certificate and, to make it works, I have configured a virtual host like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/site_error.log
CustomLog ${APACHE_LOG_DIR}/site_access.log combined
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
I can access both site using SSL (port 443) successfully but I can't use different log files for different sites. I have tried something like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.com/site1
DocumentRoot /var/www/html/site1
ErrorLog ${APACHE_LOG_DIR}/site1_error.log
CustomLog ${APACHE_LOG_DIR}/site1_access.log combined
Alias /site1 /var/www/html/site1
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost *:443>
ServerName mydomain.com/site2
DocumentRoot /var/www/html/site2
ErrorLog ${APACHE_LOG_DIR}/site2_error.log
CustomLog ${APACHE_LOG_DIR}/site2_access.log combined
Alias /site2 /var/www/html/site2
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
But it doesn't work. How can I distinguish between two sites in order to have two different log files?
Following the link proposed by CBroe, I have found the solution by using the SetEnvIf directive. The final working virtual host configuration looks like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.com
DocumentRoot /var/www/html
SetEnvIf Request_URI ^/site1(/|$) site1
SetEnvIf Request_URI ^/site2(/|$) site2
CustomLog ${APACHE_LOG_DIR}/site1_access.log combined env=site1
CustomLog ${APACHE_LOG_DIR}/site2_access.log combined env=site2
ErrorLog ${APACHE_LOG_DIR}/site_error.log
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
I have setup 2 websites on my Ubuntu web server and am having some trouble with getting two SSL certificates to work correctly. I did get one working on it's own at first, however, now I can't restart Apache successfully.
Error when trying to restart Apache
* Restarting web server apache2
* The apache2 configtest failed.
Output of config test was:
AH00526: Syntax error on line 3 of /etc/apache2/sites-enabled/website1.conf:
ServerName takes one argument, The hostname and port of the server
Action 'configtest' failed.
Output of /etc/apache2/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Output of website1.conf (first vhost file from /etc/apache2/sites-available)
<VirtualHost *:80>
ServerAdmin support#localhost
ServerName www.website1.com website1.com
DocumentRoot /var/www/html/website1.com/public
Redirect permanent /secure https://website1.com
</VirtualHost>
<VirtualHost _default_:443>
ServerAdmin support#localhost
ServerName website1.com
DocumentRoot /var/www/html/website1.com/public
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /var/www/html/website1.com/private/website1.crt
SSLCertificateKeyFile /var/www/html/website1.com/private/website1_private.key
SSLCertificateChainFile /var/www/html/website1.com/private/DigiCertCA.crt
</VirtualHost>
Output of website1.conf (second vhost file from /etc/apache2/sites-available)
<VirtualHost *:80>
ServerAdmin support#localhost
ServerAlias www.website2.com website2.com
DocumentRoot /var/www/html/website2.com/public
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerAdmin support#localhost
ServerName website2.com
DocumentRoot /var/www/html/website2.com/public
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /var/www/html/website2.com/private/website2.crt
SSLCertificateKeyFile /var/www/html/website2.com/private/website2_private.key
SSLCertificateChainFile /var/www/html/website2.com/private/DigiCertCA.crt
</VirtualHost>
Any help or verification of my config would be greatly appreciated. Thanks in advance.
I have apache web server :
<VirtualHost *:443>
ServerName www.foo.com
DocumentRoot /var/www/testApplication
CustomLog /var/log/apache/testApplication-access.log combined
ErrorLog /var/log/apache/testApplication-error.log
# Example SSL configuration
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile "/var/www/testApplication/ssl/server.crt"
SSLCertificateKeyFile "/var/www/testApplication/ssl/server.key"
</VirtualHost>
I would like to redirect request which came to:
localhost:443/WebService1.php to localhost:9003/ws
localhost:443/WebService2.php to localhost:9004/ws
9004 and 9003 are ports on which java application is listening
I was trying to achieve it by modifying VirtualHost into:
ServerName www.foo.com
DocumentRoot /var/www/testApplication
CustomLog /var/log/apache/testApplication-access.log combined
ErrorLog /var/log/apache/testApplication-error.log
# Example SSL configuration
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile "/var/www/testApplication/ssl/server.crt"
SSLCertificateKeyFile "/var/www/testApplication/ssl/server.key"
ProxyPass / http://localhost:9003/ws
ProxyPassReverse / http://localhost:9003/ws
</VirtualHost>
however this way everything is being redirected into 9003. How can I modify this setting so that both 9003 and 9004 will be used?