We Keep Coding

Apache2 redirect https://www to https://non-www

I want to redirect https://www.mydom.com to http://mydom.com
I have an mydom.conf into apache2/sites-available/
mydom.conf:
#HTTP(www/non-www) -> HTTPS(non-www)
<VirtualHost *:80>
ServerName mydom.com
ServerAlias www.mydom.com
Redirect permanent / https://mydom.com/
</VirtualHost>
#ACTIVATE HTTPS AND REVERSE PROXY -> test-1.0.0
<VirtualHost _default_:443>
SSLEngine On
SSLCertificateFile /opt/ssl/new/mydom_com.crt
SSLCertificateKeyFile /opt/ssl/new/mydom_com.key
SSLCertificateChainFile /opt/ssl/new/mydom_com.ca-bundle
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
ServerName mydom.com
ServerAlias www.mydom.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/test-1.0.0/
ProxyPassReverse / http://127.0.0.1:8080/test-1.0.0/
</VirtualHost>
With this mydom.conf It works partial.
Domains http://mydom.com and http://www.mydom.com are redirected to https://mydom.com . This is good.
My problem is at https://www.mydom.com it is not redirected to https://mydom.com, but show the content from https://mydom.com
How I can redirect https://www.mydom.com to https://mydom.com?

Simply create a .htaccess file using vi command in the public_html folder or document root of your website. Add the code below in your .htacess file.
RewriteCond %{HTTP_HOST} ^www.mydom.com$
RewriteCond %{SERVER_PORT} ^443
RewriteRule ^(.*)$ https://mydom.com/$1 [R=301]
If you have an existing .htaccess file in the public_html folder, try to make a backup using the command below:
$ mv .htaccess .htaccess.bak
or
$ cp .htaccess .htaccess.bak
Hope this helps.

You can use multiple vhosts block
<VirtualHost _default_:443>
SSLEngine On
SSLCertificateFile /opt/ssl/new/mydom_com.crt
SSLCertificateKeyFile /opt/ssl/new/mydom_com.key
SSLCertificateChainFile /opt/ssl/new/mydom_com.ca-bundle
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
ServerName mydom.com
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/test-1.0.0/
ProxyPassReverse / http://127.0.0.1:8080/test-1.0.0/
</VirtualHost>
<VirtualHost _default_:443>
SSLEngine On
SSLCertificateFile /opt/ssl/new/mydom_com.crt
SSLCertificateKeyFile /opt/ssl/new/mydom_com.key
SSLCertificateChainFile /opt/ssl/new/mydom_com.ca-bundle
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
ServerName www.mydom.com
Redirect permanent / https://mydom.com/
</VirtualHost>
The only thing you need make sure is that certificate is valid for both example.com and www.example.com, so that you don't get https exception before the redirect.

Exclude path from SSLVerifyClient require

I have Apache 2.4.18 (Ubuntu) running as a reverse proxy. To protect my personal environment, I have added a SSLVerifyClient require and so far no problems.
However, Jira wants to access itself to load some languages strings. According to the logging of Jira it's https://{DOMAIN_URL}/rest/gadgets/1.0/g/messagebundle/nl_NL/gadget.common%2Cgadget.project where gadget.common%2Cgadget.project can be different, depending on which module it wants some translation string.
Ok, fine. So to solve this solution, I thought of making this URL available to Jira and therefor skip SSLVerifyClient for only this specific URL.
My current config:
<VirtualHost *:80>
ServerName {DOMAIN}
Redirect permanent / https://{DOMAIN}
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin info#{DOMAIN}
ServerName {DOMAIN}
<Location / >
Options FollowSymLinks
AllowOverride None
</Location>
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
SSLEngine on
SSLCompression Off
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLCertificateFile {SSL}/fullchain.pem
SSLCertificateKeyFile {SSL}/privkey.pem
SSLCACertificateFile {PATH}/ca.crt
SSLVerifyClient require
SSLStrictSNIVHostCheck on
SSLVerifyDepth 1
ProxyPreserveHost On
ProxyRequests off
ProxyPass / http://localhost/
ProxyPassReverse / http://localhost/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>
I tried to add the following two snippets after SSLVerifyDepth 1
<Directory "/rest/gadgets">
SSLVerifyClient none
</Directory>
And
<Location /rest/gadgets>
SSLVerifyClient none
</Location>
I did however check https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html (Client Authentication and Access Control), however both are not working. I'm not quite sure, but I perhaps the specified path in Location and Directory is not the right one. I wanted to make it universal and just check if the first part of the URL contains /rest/gadgets.
I hope my question is somewhat clear.

It seems like this is an answer to my question:
<VirtualHost *:80>
ServerName {DOMAIN}
Redirect permanent / https://{DOMAIN}
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin info#{DOMAIN}
ServerName {DOMAIN}
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
SSLEngine on
SSLCompression Off
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLCertificateFile {SSL}/fullchain.pem
SSLCertificateKeyFile {SSL}/privkey.pem
SSLCACertificateFile {PATH}/ca.crt
SSLStrictSNIVHostCheck on
<Location / >
SSLVerifyClient require
SSLVerifyDepth 1
Options FollowSymLinks
AllowOverride None
</Location>
<Location /rest/gadgets>
SSLVerifyClient none
</Location>
ProxyPreserveHost On
ProxyRequests off
ProxyPass / http://localhost/
ProxyPassReverse / http://localhost/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
</IfModule>
The trick was to extend the current Location and move SSLVerifyClient. Afterwards add an extra Location-directive with the excluded path, rest/gadgets in this case.

Apache Http.conf subdomain

Http.conf file working fine for main domain, but I'm trying to create a subdomain and it keeps sending them both to the test page. I'm sure the problem is here (httpd.conf) but I'm not 100% on what all of this is doing.
ServerName 1.2.3.4 #hidden
<VirtualHost *:3304>
ServerName mydomain.com
ServerAlias mydomain.com
DocumentRoot "/var/www/html"
LogLevel warn
SSLEngine on
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /cert/mydomain_com.crt
SSLCertificateKeyFile /cert/mydomain_com.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
UserDir "html/"
</VirtualHost>
SSLEngine off
SSLVerifyClient none
KeepAlive on
#the new sub domain - adding this causes the error
<VirtualHost 1.2.3.4>
ServerName testsite.mydomain.com
ServerAlias testsite.mydomain.com
DocumentRoot "/var/www_demo/public_html"
</VirtualHost>
Both are running a PHP framework but only the main domain requires SSL protection.
Thanks in advance

Using SSL on two VirtualHosts

So I got an SSL from GoDaddy.
It works for my public site mysite.com.
I would like now to have an SSL connection for my administrator.mysite.com
So I created a self signed certificate using openssl because I don't mind managing my own site with a red mark on the lock.
inside httpd-ssl.conf
<VirtualHost *:443>
ServerName mysite.com:443
ServerAlias www.mysite.com
DocumentRoot /opt/lampp/htdocs/MySite/
ServerAdmin admin#mysite.com
ErrorLog /opt/lampp/htdocs/MySite/logfiles/ssl_errors.log
TransferLog /opt/lampp/htdocs/MySite/logfiles/ssl_access.log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /opt/lampp/etc/ssl.crt/mysite.com.crt
SSLCertificateKeyFile /opt/lampp/etc/ssl.key/server_nopwd.key
SSLCertificateChainFile /opt/lampp/etc/ssl.crt/gd_bundle.crt
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /opt/lampp/htdocs/MySite/logfiles/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/opt/lampp/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
<VirtualHost *:443>
ServerName administrator.mysite.com:443
DocumentRoot "/opt/lampp/htdocs/"
ServerAdmin admin#mysite.com
ErrorLog /opt/lampp/htdocs/MySite/logfiles/ssl_errors_admin.log
TransferLog /opt/lampp/htdocs/MySite/logfiles/ssl_access_admin.log
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /opt/lampp/etc/ssl.crt/admin.crt
SSLCertificateKeyFile /opt/lampp/etc/ssl.key/admin.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /opt/lampp/htdocs/MySite/logfiles/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/opt/lampp/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
And I get this warning:
[warn] Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
What happens is that the administrator host is redirected to the regular host, which is very annoying

I had the same issue. Strangely some report it works for them like a charm but for others not. I even tried using SNI via SSLStrictSNIVHostCheck apache directive but no luck.
When using the ServerAlias directive with a wildcard domain like eg. *.snakeoil.com then order of the VirtualHost configs matters. If the VirtualHost with the wildcard domain alias:
ServerAlias *.snakeoil.com
is the first one it will be processed first and avoids resolution of other vhosts. Try to reverse vhosts so that this catch all is the last one eg.
<IfModule mod_ssl.c>
# first vhost
<VirtualHost *:443>
ServerName vhost1.snakeoil.com
[...]
</VirtualHost>
# second vhost
<VirtualHost *:443>
ServerName vhost2.snakeoil.com
[...]
</VirtualHost>
# Attention!
# All other vhost requests end up here
# Order matters, keep this entry to be the last one
# as a last resort if any of the above don't apply
<VirtualHost *:443>
ServerName snakeoil.com
ServerAlias *.snakeoil.com
[...]
</VirtualHost>
</IfModule>
Worked for me at least with with apache 2.2.14

That should work fine for newer browsers, although it might be worth checking your htaccess rules incase one of them is inadvertently redirecting admin.mysite.com to mysite.com.
The warning message you're getting is explained more here: https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI (essentially older browsers can only view the default virtualhost).

How do I use https (SSL) in XAMPP while using virtual hosts

I am writing a php app on my local machine and would like to test to see if SSL is working. Bear with me because this is the first time I've ever used SSL.
So far this is what I've done:
Created a SSL Certificate. I followed the first part of this this tutorial to create the certificate.
I imported the server.crt file into chrome.
Removed the semicolon in front of ;extension=php_openssl.dll in php.ini (reference)
Edited my httpd-vhosts.conf file based on this page. The relevant section of that file is below. This is the full file: http://pastebin.com/k6Jh2eR6
<VirtualHost *>
DocumentRoot "C:\Users\user_name\Documents\project_one"
ServerName project_one.localhost
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
<Directory "C:\Users\user_name\Documents\project_one">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
I would usually access my project by typing in http://project_one.localhost
When trying to access my project by typing https://project_one.localhost into chrome I automatically get forwarded to https://project_one.localhost/xampp/ (as if XAMPP doesn't recognize https://project_one.localhost as a subdomain at all and treats it as if I'm typing in https://localhost) Any idea where I'm screwing up?
NOTE:
LoadModule ssl_module modules/mod_ssl.so was uncommented in httpd.conf file

SSL, of the HTTPS://url.here/ variety, is entirely handled by Apache and has nothing to do with PHP, or any of PHP's extensions/modules, or any php.ini settings.
A typical SSL Enabled VirtualHost looks like this and contains at least these parts...
<VirtualHost *:443>
DocumentRoot "C:/WampDeveloper/Websites/www.example.com/webroot"
ServerName www.example.com
ServerAlias example.com
SSLEngine On
SSLCertificateFile "C:/WampDeveloper/Websites/www.example.com/certs/public.crt"
SSLCertificateKeyFile "C:/WampDeveloper/Websites/www.example.com/certs/private.key"
<Directory "C:/WampDeveloper/Websites/www.example.com/webroot">
Options All
AllowOverride All
order allow,deny
allow from all
</Directory>
</VirtualHost>
(The paths above are from my WampDeveloper Pro set up, Xampp's will be slightly different)
Your <VirtualHost *> line is faulty. It needs a port number, which is always 443 for an HTTPS:// URL, in combination with either an IP address or a star before it. And if using a star, also a NameVirtualHost *:443 line...
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
DocumentRoot "C:\xampp\htdocs"
ServerName localhost
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "C:\Users\user_name\Documents\project_one"
ServerName project_one.localhost
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
<Directory "C:\Users\user_name\Documents\project_one">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "C:\Users\user_name\Documents\project_two"
ServerName project_two.localhost
<Directory "C:\Users\user_name\Documents\project_two">
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

Here is simple step.
Go to C:\xampp\apache\conf
Open httpd.conf
And enable the ssl extensions (Remove # from line)
LoadModule ssl_module modules/mod_ssl.so
Go to C:\xampp\apache\conf\extra
Open httpd-vhosts.conf
Add new virtual hosts or edit existing
<VirtualHost *:443>
DocumentRoot "C:/xampp/htdocs/PROJECTNAME"
ServerName www.pl.f24sdev.com
<Directory C:/xampp/htdocs/PROJECTPATH>
AllowOverride All
Order Deny,Allow
Allow from all
</Directory>
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
</VirtualHost>

This may be an old question, but i am putting my answer here anyway for future reference
i'm Using XAMPP 3.2.1, Compiled May,7 2013
to enable VirtualHost with SSL at the same time here is what i did. (I'm using windows 7)
your windows HOST file must already be setup
Go to httpd-ssl.conf located at xampp\apache\conf\extra
I just copied the _default_ virtualhost and added my config. I removed all comments for shorter one and pasted this just below the default virtualHost just change the DocumentRoot and servername then Restart apache.
<VirtualHost *:443>
DocumentRoot "***path/to/your/project}***"
ServerName ***yourdomain***
ServerAdmin admin#example.com
ErrorLog "C:/xampp/apache/logs/error.log"
TransferLog "C:/xampp/apache/logs/access.log"
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "C:/xampp/apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "C:/xampp/apache/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

Which version of Apache are you using ? NameVirtualHost is not available in 2.4 version.
Uncomment the line Include conf/extra/httpd-ssl.conf in httpd.conf and add the following contents (fix the paths according to xampp's path). This will enable https://localhost
<IfModule ssl_module>
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crlss phrase on stdout.
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:E:/PROGRA\~1/AMPPS/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
Mutex default
<VirtualHost _default_:443>
DocumentRoot "E:/Program Files/AMPPS/www"
ServerName localhost:443
ServerAdmin you#127.0.0.1
ErrorLog "E:/Program Files/AMPPS/apache/logs/ssl_error.log"
TransferLog "E:/Program Files/AMPPS/apache/logs/ssl_access.log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "E:/Program Files/AMPPS/apache/conf/ssl_crt/server.crt"
#SSLCertificateFile "E:/Program Files/AMPPS/apache/conf/server-dsa.crt"
SSLCertificateKeyFile "E:/Program Files/AMPPS/apache/conf/ssl_key/server.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "E:/Program Files/AMPPS/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "E:/Program Files/AMPPS/apache/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfModule>
If you want other domain like project_one.localhost have secured http connection then add the following virtualhost in httpd.conf or httpd-vhosts.conf(must be included in httpd.conf)
<IfModule ssl_module>
<VirtualHost 127.0.0.1:443>
<Directory "e:/program files/ampps/www/project_one.localhost">
Options FollowSymLinks Indexes
AllowOverride All
Order deny,allow
allow from All
</Directory>
ServerName project_one.localhost
ServerAlias project_one.localhost
ScriptAlias /cgi-bin/ "e:/program files/ampps/www/project_one.localhost/cgi-bin/"
DocumentRoot "e:/program files/ampps/www/project_one.localhost"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "E:\Program Files\AMPPS/apache/conf/ssl_crt/project_one.localhost.crt"
SSLCertificateKeyFile "E:\Program Files\AMPPS/apache/conf/ssl_key/project_one.localhost.key"
ErrorLog "E:/Program Files/AMPPS/apache/logs/project_one.localhost_ssl_error.log"
TransferLog "E:/Program Files/AMPPS/apache/logs/project_one.localhost_ssl_access.log"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "e:/program files/ampps/www/project_one.localhost/cgi-bin/">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "E:/Program Files/AMPPS/apache/logs/project_one.localhost_ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfModule>
Note : You will have to add an entry in hosts file 127.0.0.1 project_one.localhost

# to use ssl
<VirtualHost *:443>
DocumentRoot "D:/xampp/htdocs/httpsProject"
DirectoryIndex index.php
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
<Directory "D:/xampp/htdocs/httpsProject"
Options All
AllowOverride All
Require all grated
</Directory>
</VirtualHost>