This question already has answers here:
http to https through .htaccess
(17 answers)
Closed 6 years ago.
How to tell if http://ttt.com or http://www.ttt.com is used by the user, redirect it to https://www.ttt.com ?
httpd.conf:
<VirtualHost *:80>
ServerName www.ttt.com
ServerAlias ttt.com
DocumentRoot /home/www/html/ttt/public
<Directory /home/www/html/ttt/public>
#Options ExecCGI
#AddDefaultCharset utf-8
DirectoryIndex index.php
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
.htaccess :
RewriteEngine On
############################################
## always send 404 on missing files in these folders
#RewriteCond %{REQUEST_URI} !^/(files)/
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
Try the following Code at the main directory .htaccess file :
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R]
You can do it from the httpd.conf with the following:
<VirtualHost *:80>
ServerName www.ttt.com
Redirect "/" "https://www.ttt.com/"
</VirtualHost>
<VirtualHost *:443>
ServerName www.ttt.com
...
...
</VirtualHost>
Or from the .htaccess file:
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Here you go: https://wiki.apache.org/httpd/RedirectSSL
Redirect Request to SSL
Let's say you want http://www.example.com/secure/ to always be sent
over SSL (I presume here that both the normal and the SSL vhost have
the same content). You could do this by linking to the correct page
from within your HTML pages... but there will always be some user who
will sneak by it that way.
Using virtual hosts (using redirect)
When using SSL, you will frequently have at least two virtual hosts:
one on port 80 to serve ordinary requests, and one on port 443 to
serve SSL. If you wish to redirect users from the non-secure site to
the SSL site, you can use an ordinary Redirect directive inside the
non-secure VirtualHost:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName mysite.example.com
DocumentRoot /usr/local/apache2/htdocs
Redirect permanent /secure https://mysite.example.com/secure
</VirtualHost>
<VirtualHost _default_:443>
ServerName mysite.example.com
DocumentRoot /usr/local/apache2/htdocs
SSLEngine On
# etc...
</VirtualHost>
When redirecting everything you don't even need a DocumentRoot:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.example.com
Redirect permanent / https://secure.example.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName secure.example.com
DocumentRoot /usr/local/apache2/htdocs
SSLEngine On
# etc...
</VirtualHost>
Note: redirect can also be used inside .htaccess files or to address
particular URLs, as in:
Example:
Redirect permanent /login https://mysite.example.com/login
Using mod_rewrite
While the solution is recommended because it is simpler
and safer, you can also use mod_rewrite to get the same effect as
described here: RewriteHTTPToHTTPS
From https://httpd.apache.org/docs/trunk/mod/mod_alias.html#redirect:
# Redirect to a URL on a different host Redirect "/service" "http://foo2.example.com/service"
# Redirect to a URL on the same host Redirect "/one" "/two"
If the client requests http://example.com/service/foo.txt, it will be
told to access http://foo2.example.com/service/foo.txt instead. This
includes requests with GET parameters, such as
http://example.com/service/foo.pl?q=23&a=42, it will be redirected to
http://foo2.example.com/service/foo.pl?q=23&a=42. Note that POSTs will
be discarded. Only complete path segments are matched, so the above
example would not match a request for
http://example.com/servicefoo.txt. For more complex matching using the
expression syntax, omit the URL-path argument as described below.
Alternatively, for matching using regular expressions, see the
RedirectMatch directive.
If you want both the www.example.com/* and the example.com/* to be redirected you could make two VirtualHost with different ServerName or you can use the Rewrite plugin.
Related
I have an issue redirecting from the http site to the https site.
This index.php file is in the root folder, redirecting to a suburl:
<?php
header("Location: /news/");
?>
the url https://www.example.com is correctly redirecting to https://www.example.com/news/
the url https://www.example.com/index.php is correctly redirecting to https://www.example.com/news/
the url http://www.example.com/index.php is correctly redirecting to https://www.example.com/news/
however the url http://www.example.com is showing an empty directory, as in the image below:
these are the config files:
/etc/apache2/sites-available/www.example.com.conf
<VirtualHost *:*>
ServerName www.example.com
DocumentRoot /var/www/vhosts/example.com/httpdocs
ServerAlias example.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com [OR]
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
/etc/apache2/sites-available/www.example.com-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.example.com
DocumentRoot /var/www/vhosts/example.com/httpdocs
ServerAlias example.com
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
</IfModule>
How can I correctly redirect from http://www.example.com to https://www.example.com/news/ ?
One has two options -- Virtual Host Redirection, and Request Rewriting. Adapt the following configuration fragments to your needs.
Virtual Host Redirection
To be prefered as being simpler and safer. Redirect an HTTP virtual host (Port 80) to a HTTPS virtual host (Port 443) via the virtual hosts configuration:
# Listening for HTTP connections
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
# permanently redirects to the site's HTTPS version
Redirect permanent / https://www.example.com/
</VirtualHost>
# Listening for HTTPS connections
<VirtualHost _default_:443>
ServerName www.example.com
ServerAlias example.com
DocumentRoot /usr/local/apache2/htdocs
SSLEngine On
# Further configurations...
</VirtualHost>
Request Rewriting
Alternatively -- usually, when the virtual hosts config is not accessible -- one can edit the .htaccess file (create it, if necessary) to rewrite HTTP to HTTPS requests. For that the module mod_rewrite has to be enabled, so
LoadModule rewrite_module modules/mod_rewrite.so
in httpd.conf has to be set (and usually is, by default). Then add to the .htaccess file:
# Enable rewriting
RewriteEngine On
# Check for HTTPS, if no, execute next line
RewriteCond %{HTTPS} off
# Redirect to HTTPS with status code 301 (moved permanently)
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [L,R=301]
I used:
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
</virtualHost>
Type the code into the conf file.
This is essentially the same question as htaccess force https and redirect www to non-www, but no other subdomains (i.e., I want to configure Apache to redirect all non-HTTPS and/or "www" URLs to HTTPS non-www URLs), but I want to configure Apache via a Virtual Host rather than an .htaccess file (since I read that avoiding .htaccess has some benefits).
I was able to get the following answer to work when using an .htaccess file: https://stackoverflow.com/a/34333450/1468130 But it did not work when I tried transferring that answer's configuration to my Virtual Hosts configuration; "https://www.domain.com" never redirected to "https://domain.com".
I read up on the differences between .htaccess and Virtual Host .conf files, and found this http://tltech.com/info/rewriterule-in-htaccess-vs-httpd-conf/ and this: https://www.digitalocean.com/community/questions/can-you-use-virtual-host-config-conf-to-redirect-www-domain-to-non-www?answer=15129 which seemed to hint that I could just wrap the configuration in a <Directory> block and it would work. Unfortunately, it doesn't ("https://www.domain.com" is still never redirected to "https://domain.com"), so I'm wondering if the Internet knew what I was doing wrong:
<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin admin#domain.com
DocumentRoot /var/www/domain.com/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/domain.com/>
RewriteEngine On
# match any URL with www and rewrite it to https without the www
RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]
# match urls that are non https (without the www)
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^(www\.)(.*) [NC]
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</Directory>
</VirtualHost>
I've also tried configuring <VirtualHost *:443> as Dusan Bajic suggested in the comments, but that has no effect either; https://www.domain.com still won't redirect to https://domain.com:
<VirtualHost *:443>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin admin#domain.com
DocumentRoot /var/www/domain.com/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem
<Directory /var/www/domain.com/>
RewriteEngine On
# match any URL with www and rewrite it to https without the www
RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]
</Directory>
</VirtualHost>
Also per the comments, I have tried the above *:443 configuration paired with a *:80 configuration with the <Directory> block changed to only redirect HTTP to HTTPS. But when I do that, "www" never gets removed.
<Directory /var/www/paradoxmayhem.com/>
RewriteEngine On
RewriteCond %{SERVER_NAME} =www.paradoxmayhem.com [OR]
RewriteCond %{SERVER_NAME} =paradoxmayhem.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</Directory>
Got it! Apparently, when I used letsencrypt (certbot) to configure SSL, it automatically created another virtual host file (at /etc/apache2/sites-enabled/domain.com-le-ssl.conf), which has its own definition for the domain.com *:443 Virtual Host, and seems to have taken precedence over any of the *:443 configuration I tried to set up before. I added the following code to the -le-ssl.conf file, and now my redirects finally work in all the cases I desired, using 100% Apache Virtual Host configuration:
<Directory /var/www/domain.com/>
RewriteEngine On
# match any URL with www and rewrite it to https without the www
RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]
</Directory>
I'm setting up Virtual Hosts in my Apache web server and already have rules in place that just do a simple 301 redirect from one URL to another. However, I've now been asked if I can write a rule that redirects to another page while keeping the URL the same and I've tried this:
<VirtualHost *:80>
ServerName ZZZ.com
ServerAlias YYY.com ZZZ.com
Redirect / YYY.com
</VirtualHost>
And this:
<VirtualHost *:80>
ServerName ZZZ.com
RewriteEngine on
RewriteRule ^/(.*) YYY.com/$1 [R]
</VirtualHost>
Neither did what I expected of them. They look wrong to me but I'm just not finding any helpful information anywhere. I've looked at http://httpd.apache.org/docs/2.4/vhosts/examples.html and http://httpd.apache.org/docs/current/mod/mod_rewrite.html - Neither of them were very helpful.
<VirtualHost *:80>
ServerName YYY.com
ServerAlias ZZZ.com
RewriteEngine on
RewriteCond %{HTTP_HOST} !^yyy\.com$ [NC]
RewriteRule (.*) YYY.com$1 [R=302,L]
</VirtualHost>
You were missing a condition to prevent it from redirecting correct urls.
I want to make sure all my traffic is on ssl even if they type http. But I also want it to pass the folders so mod_rewrite will still work. I tried this poor example but it does not work. Basicly I if they type http://mydomain.com/apage it will redirect to https://mydomain.com/apage
Server: Apache2, LAMP stack.
.htaccess
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^(/) https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
I am open to tweaking a virtual host files for Apache but I have not seen it done like that before. This is my first adventure into ssl hosting.
Just replacing http with https
RewriteCond %{HTTPS} !on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
I suggest not using mod_rewrite or htaccess if you have access to httpd.conf.
If you want to force all users to use https (a good idea) you can add something like this to httpd.conf:
<VirtualHost 1.2.3.4:80>
ServerName SSL.EXAMPLE.COM
CustomLog /var/log/httpd/EXAMPLE.access_log combined
ErrorLog /var/log/httpd/EXAMPLE.error_log
Redirect / https://ssl.example.com/
</VirtualHost>
<VirtualHost 1.2.3.4:443>
ServerName ssl.example.com
DocumentRoot /var/www/html
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM
.
.
.
</VirtualHost>
<Directory /var/www/html>
#If all else fails, this will ensure nothing can get in without being encrypted.
SSLRequireSSL
</Directory>
Just an off the wall question today. Is it posible to vary DocumentRoot of a virtualhost based on the subdomain requested like so?
<VirtualHost *>
ServerName ^VARIABLE$.example.com
DocumentRoot ~/Sites/^VARIABLE$
</VirtualHost>
Yes it is possible:
Step1: Setting up Wildcard DNS
You have to add an A Record that points to your server's IP like that:
*.example.com. IN A 192.168.1.1
Step2: Set up apache VirtualHost
<VirtualHost *>
ServerName www.example.com
ServerAlias *.example.com
DirectoryIndex index.html
DocumentRoot /home/www/www.example.com/htdocs
....
</VirtualHost>
Notice the important line: ServerAlias *.example.com. This will tell Apache that any host with the .example.com suffix will match this virtual host too.
Step3: Setting up Rewrite Rules
You have to add this lines in your .htaccess file located in your web root folder (eg. /home/www/www.example.com/htdocs):
RewriteEngine on
RewriteCond %{http_host} .
RewriteCond %{http_host} !^www.example.com [NC]
RewriteCond %{http_host} ^([^.]+)\.example.com [NC]
RewriteRule ^(.*) http://www.example.com/%1/ [R=301,L,QSA]
That way a request for foo.example.com will redirect visitors to example.com/foo and so on. Good luck.
(Reference: http://www.debian-administration.org/articles/358)