I'm trying to do an url rewriting with Apache 2.4. I want that requests to
http://subdomain.domain.com
http://www.subdomain.domain.com
https://www.subdomain.domain.com
are remapped to
https://subdomain.domain.com
to avoid an error in SSL wildcard cert that doesn't not match www.subdomain.domain.com.
I tried with:
<VirtualHost ip:80>
ServerName subdomain.domain.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost ip:80>
ServerName www.subdomain.domain.com
Redirect permanent / https://subdomain.domain.com
</VirtualHost>
<VirtualHost ip:443>
ServerName www.subdomain.domain.com
Redirect permanent / https://subdomain.domain.com
</VirtualHost>
<VirtualHost ip:443>
ServerName subdomain.domain.com
...
...
...
My configuration works for (1) and (2) but not for (3). Where is my mistake?
I think the problem is that one of your port 443 virtualhosts does not have SSL on.
Try this
<VirtualHost ip:443>
ServerName www.subdomain.domain.com
Redirect permanent / https://subdomain.domain.com
SSLEngine on
SSLCertificateFile /something
SSLCertificateKeyFile /something
</VirtualHost>
Otherwise, the request simply won't be understood, because it's encrypted.
See eg How to redirect https to http without any SSL Certificate for why this is necessary.
Related
I have a DigitalOcean Ubuntu 20.04 Droplet. Connected to a Domain and SSL Cert from Namecheap. Everything works fine. I'm trying to add a redirect from http://example.com to https://www.example.com. HTTPS and WWW. When I try my domain. I get an error saying "too many redirects." I can't access the page. No Apache. So I'm in a Redirect loop. Between www and non-www. My /etc/apache2/sites-enabled/000-default.conf is:
`<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
Redirect permanent / https://www.example.com/
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/ssl/example_com.crt
SSLCertificateKeyFile /etc/ssl/example_com.key
SSLCertificateChainFile /etc/ssl/example_com.ca-bundle
</VirtualHost>`
So, how can I stop the Redirect Loop? I also have /etc/apache2/sites-enabled/000-default.conf:30
`<VirtualHost *:443>
ServerName example.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/ssl/example_com.crt
SSLCertificateKeyFile /etc/ssl/example_com.key
SSLCertificateChainFile /etc/ssl/example_com.ca-bundle
</VirtualHost>`
Does this look correct? Please take a look. And reply. With how I can stop the redirect. Loop. Thanks
Adjust your Vhost configuration:
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/example_com.crt
SSLCertificateKeyFile /etc/pki/tls/private/example_com.key
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
To have the following result:
http://example.com -> https://www.example.com
http://www.example.com -> https://www.example.com
https://example.com -> https://www.example.com
https://www.example.com -> Stays the same
I purchased a wildcard for the following domain = *.example.com
My website URL is = https://sub.example.com
I configured redirections through apache2 VirtualHosts like this (to force "http" to "https", and "www" to "no-www") =
<VirtualHost *:80>
ServerName sub.example.com
ServerAlias www.sub.example.com
ServerAdmin webmaster#example.com
# Redirect 301 to HTTPS
Redirect permanent / https://sub.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName sub.example.com
ServerAlias www.sub.example.com
ServerAdmin webmaster#example.com
DocumentRoot /var/www/html/example
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# Redirect www to no-www
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
# TLS
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/wildcard.crt
SSLCertificateKeyFile /etc/apache2/ssl/wildcard.key
SSLCertificateChainFile /etc/apache2/ssl/digicert.pem
Header always set Strict-Transport-Security "max-age=15768000"
</VirtualHost>
Redirects are working fine for http (80) requests =
http://sub.example.com to https://sub.example.com ==> WORKS
http://www.sub.example.com to https://sub.example.com ==> WORKS
But not for https (443) requests with "www" =
https://www.sub.example.com to https://sub.example.com ==> ERROR
The browser returns the following error = NET::ERR_CERT_COMMON_NAME_INVALID
During my researches, I found that some people get the same problem and the provided solution is to take a wildcard to cover the "www" part.
This is my case, I have a wildcard.
Could someone tell me why I got this error ?
OK, so it seems impossible to make it work with a wildcard. I found my answer on another topic, here = https://stackoverflow.com/a/9743652/5903520
I want all access to my website to be forced to HTTPS (https://support.google.com/webmasters/answer/6073543?hl=en).
I also want to force canonical www URL access (https://www.yes-www.org/why-use-www/)
I am attempting to do so according to Apache recommendations using the Redirect directive https://wiki.apache.org/httpd/RedirectSSL and https://httpd.apache.org/docs/2.4/rewrite/remapping.html#canonicalhost
I have a valid lets-encrypt certificate which has both www and the naked domain.
I have configured *:80 and *:443 VirtualHost redirects. /etc/httpd/conf.d/www.example.com.conf:
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
Redirect permanent / https://www.example.com
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/www.example.com/fullchain.pem
Redirect permanent / https://www.example.com
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/www.example.com/fullchain.pem
DocumentRoot "/var/www/html/www.example.com"
</VirtualHost>
<Directory "/var/www/html/www.example.com">
Order allow,deny
Allow from all
</Directory>
All works well if I specify base URL (example.com, www.example.com, https://example.com, etc). However, if I specify a page on the naked HTTPS request the redirect eats the root slash (https://example.com/index.html becomes https://www.example.comindex.html).
I do it with the following for all non-ssl to ssl -
<VirtualHost *:80>
ServerName example.org
ServerAlias www.example.org
RewriteEngine on
RewriteRule ^/(.*)$ https://www.example.org/$1 [R,L]
</VirtualHost>
Slighly different should do the same for https://example.org only redirecting to www.example.org
<VirtualHost your.ip.add.ress:443>
ServerName example.org
RewriteEngine on
RewriteRule ^/(.*)$ https://www.example.org/$1 [R,L]
*snip*
Normal SSL certificate/key stuff goes here
*snip*
</VirtualHost>
RedirectMatch appears to solve the problem similar to the Rewrite suggested by ivanivan. Changing Redirect line in *:443 VHost section to the following seems to fix the issue:
RedirectMatch permanent ^/?(.*) https://www.example.com/$1
I still don't understand why simple Redirect doesn't work with HTTPS.
As an aside, https://salferrarello.com/chrome-clear-redirect-cache/ was useful disabling Redirect caching in Chrome during testing.
My domain name is example.com without www. So if I put www.example.com then it does not work but example.com works. So I configured apache like this
<VirtualHost *:80>
ServerName example.com
ServerAdmin webmaster#example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAdmin webmaster#example.com
DocumentRoot path/to/project/public
SSLEngine on
SSLCertificateFile /path/to/keys/xxx.crt
SSLCertificateKeyFile /path/to/keys/xxx.key
ErrorLog /var/log/apache2/error_log
CustomLog /var/log/apache2/access_log combined
<Directory "path/to/project/public">
Options FollowSymLinks
Require all granted
</Directory>
</VirtualHost>
Now, as you can see, I do a permanent redirection to https like
Redirect permanent / https://example.com/
But this redirection add www with the domain name by default. So the redirected url becomes https://www.example.com/. Obviously my website can not be accessed from with www since it is registered without www. So please tell me how can make the redirect to work and go to https://example.com/ without the https.
Add an Alias
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
</VirtualHost>
This requires that the www.yourdomain.com points to the same place as yourdomain.com. However the www might not work with your SSL certificate, it depends on the certificates specificity.
I generally allow both on my sites as some people insist on including the www whenever they enter an address.
Apache's documentation can help out with more specifics https://httpd.apache.org/docs/2.2/vhosts/name-based.html
As far as the redirect issue you're having:
Make sure you don't have some RewriteEngine rules that are rewriting your non www requests to www. You might have an .htaccess file in your site directory that is doing the rewrite/redirect.
It might look something like:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://www.%{SERVER_NAME}/$1 [R,L]
Which would mean you should remove the www in the last Rewrite Rule
I have a SAAS in which I need to create multiple subdomains dynamically (Note: There are a lot of subdomains, I don't know which ones will be auto generated ). So I canĀ“t repeat this for each one:
<VirtualHost *:80>
ServerName a1.app.example.com
Redirect / https://a1.app.example.com
</VirtualHost>
Is there a way to redirect each one of the subdomains in http to https?. Something like " Redirect / https://*.app.example.com "
<VirtualHost *:80>
ServerName app.example.com
Redirect / https://*.app.example.com
</VirtualHost>
<VirtualHost *:80>
ServerName app.example.com
ServerAlias *.app.example.com
DirectoryIndex index.php
DocumentRoot /var/www/xxxxxxx
SSLEngine on
SSLCertificateFile /etc/ssl/xxxxx.crt
SSLCertificateKeyFile /etc/ssl/xxxx.key
SSLCertificateChainFile /etc/ssl/xxxx.crt
</VirtualHost>
Add that to your main vhost:
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,QSA,R=301]
And make sure mod_rewrite is active. You can activate it using the a2enmod rewrite command.