I have installed an SSL certificate today, and it works perfectly, pages sought through https:// work fine.
I have put a redirect in my website.conf to redirect port 80 to https, but it is not working.
Also if I go to http://www.example.org (the root), it gets stuck in a redirect loop.
going to http://www.example.org/test.htm goes to the same url minus the last /. eg http://www.example.orgtest.htm/ (slash moves to end)
This is really busting my balls, i really hope you guys have some clues.
here is my .conf file
NameVirtualHost *:80
<VirtualHost *:80>
ServerName example.org
Redirect permanent / https://www.example.org
</VirtualHost>
<VirtualHost _default_:443>
# Admin email, Server Name (domain name), and any aliases
ServerAdmin richard#example.org
ServerName example.org
ServerAlias www.example.org
# Index file and Document Root (where the public files are located)
DirectoryIndex index.html index.org
DocumentRoot /var/www/example.org/html
# SSL settings
SSLEngine on
SSLCertificateFile /etc/ssl/certs/www_example_org.crt
SSLCertificateKeyFile /etc/ssl/digicert/example.key
SSLCACertificateFile /etc/ssl/certs/DigiCertCA.crt
# Log file locations
LogLevel warn
ErrorLog /var/www/example.org/log/error.log
CustomLog /var/www/example.org/log/access.log combined
</VirtualHost>
Your config looks fine for me. Maybe, you should append a / like this: Redirect permanent / https://www.example.org/
Instead of using Redirect permanent, you could also use mod_rewrite:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
For this to work, you must have installed the mod_rewrite module.
If you would like for force https, another approach is so set the HSTS-Header in your Apache config. Then, a browser knows that your website is available with https and will automatically redirect all traffic to your https-address. You can set this header with the following command:
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
In general, I would recommend reviewing your SSL-config with SSLLabs. If your config is fine, you should get an A+-Rating. I hope this helps.
well i worked it out after much tears, i was missing
ServerAlias www.example.org
for port 80, Thanks to Ben for the HSTS header though, i will def use that. cheers
Related
I have a website where I'm wanting 1 file (version.txt) to be accessible via regular HTTP, but I want everything else to redirect to https. To do this, I added the "RedirectMatch" line below in my /etc/httpd/conf.d/somewhere.com.conf file (running centos7). Before I wanted to serve this file via HTTP, the line was a "Redirect permanent" type line. When I first made this change, I did some tests and it appeared to work; I was definitely able to access version.txt with plain HTTP, and I thought other accesses were being redirected to https. However, I just navigated to the website today and noticed it was all coming over HTTP. I have very little knowledge with websites, so I'm guessing that my testing for the redirect was faulty due to browser caching or something that tricked me into thinking it was working.
The question: in my conf.d file below, why doesn't the website redirect everything except version.txt to https? How can I change it so that it allows HTTP access of version.txt, but redirects everything else to HTTPS?
<VirtualHost *:80>
ServerName somewhere.com
ServerAdmin somebody#somewhere.com
DocumentRoot /var/www/somewhere.com
ErrorLog /etc/httpd/logs/error_log_somewhere
CustomLog /etc/httpd/logs/access_log_somewhere combined
RedirectMatch permanent "^(/*version.txt/.*)" https://somewhere.com$1
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/somewhere.com_ssl_certificate.cer
SSLCertificateKeyFile /etc/pki/tls/private/_.somewhere.com_private_key.key
SSLCertificateChainFile /etc/pki/tls/certs/_.somewhere.com_ssl_certificate_INTERMEDIATE.cer
ServerName somewhere.com
ServerAlias www.somewhere.com
ServerAdmin somebody#somewhere.com
DocumentRoot /var/www/somewhere.com
ErrorLog /etc/httpd/logs/error_log_somewheres
CustomLog /etc/httpd/logs/access_log_somewheres combined
</VirtualHost>
ServerSignature Off
ServerTokens Prod
Header always append X-Frame-Options SAMEORIGIN
edit: bonus if you have any ideas on what fooled me into thinking it was working at first
You can use the below redirection inside <VirtualHost *:80>.
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R,L]
Above rule will redirect any context to https with context.
Apache shows default page and doesn't load site configuration. OS: Debian 10.
Site is enabled but somehow it doesn't show files from public_html folder. Any help is appreciated.
<VirtualHost *:443>
SSLEngine On
ServerAdmin admin#abc.com
ServerName abc.com
ServerAlias *.abc.com
DocumentRoot /home/xx/public_html
SSLEngine on
SSLCertificateFile /home/xx/ssl.cert
SSLCertificateKeyFile /home/xx/ssl.key
<Directory /home/xx/public_html>
Require all granted
</Directory>
ErrorLog /home/xx/logs/error.log
CustomLog /home/xx/logs/access.log common
LogLevel debug
</VirtualHost>
No enough reputation to comment, so I’m trying with an answer and will clean it up if useful.
No mention of what you’re finding, if anything, in your logs. I assume you’re accessing using HTTPS to be sure your requests are going to port 443, but if per chance you were not I would try that first by specifying the protocol when entering the URL in your browser - otherwise you are probably making your request to the server on port 80 and not 443 where your VirtualHost is listening.
http://example.com ====> browser sends request to port 80, default port for http
https://example.com ====> browser sends request to port 443, default port for https
Is there also a VirtualHost entry for port 80 to redirect those requests to 443? If your browser is trying to load it as http using port 80 first then perhaps that’s why you’re seeing the Apache default page as I believe the server will be attempting to serve from /var/www/html/ for requests on port 80 unless you have already pointed these elsewhere with another VirtualHost, etc.
An example of what I mean that I have in use; either the ReWriteEngine or the Redirect permanent may be redundant, but I can confirm it functions fine for me as follows:
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
Redirect permanent / https://www.example.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com [OR]
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
For my setup, I preferred that the www subdomain be default and set up DNS intentionally to treat it as such, so the bare domain is ServerAlias in my instance.
I'm setting up a Virtual Hosts file on my CentOS 7 box and I'm having trouble getting my domain to resolve correctly.
Here's what my current /etc/httpd/conf.d/vhost.conf file looks like
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin webmaster#domain.com
ServerName www.domain.com
ServerAlias domain.com
DocumentRoot /var/www/html/domain.com/public_html/
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain.com [OR]
RewriteCond %{SERVER_NAME} =domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
It seems the the correct redirects are happening. For exmaple:
domain.com redirects to https: //www.domain.com
www works fine
BUT
https: //domain.com doesn't work
http ://domain.com doesn't work
In fact, if I remove the redirects I have set, domain.com ins't working at all, so it looks like the ServerAlias is broken?
I'm wondering if I need another redirect or is there some other step I'm missing?
Also, don't mind the spaces between http and the domain name. StackOverflow made me format it that way.
As presented, no request to anything https will ever work. Normal, you only have a VirtualHost on port 80. You do have a Listen directive for that port right?
For your redirections. It says: if you ask for http://www.example.com or http://example.com, redirect to https://<WHAT THE USER ASKED FOR>. In essence you are forcing your users to use https all the time, no problem there. But you do not have a VirtualHost on port 443, hence no response.
So:
Listen *:80
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
ErrorLog /var/log/httpd/80_error.log
CustomLog /var/log/httpd/80_access.log combined
RewriteEngine on
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
Listen *:443
<VirtualHost *:443>
ServerName www.example.com
# in case users do directly to https
ServerAlias example.com
DocumentRoot /var/www/html/domain.com/public_html/
DocumentIndex index.html
ErrorLog /var/log/httpd/443_error.log
CustomLog /var/log/httpd/443_access.log combined
# SSL CONFIGURATIONS, TODO!
</VirtualHost>
In your *:443 VH, you will have to configure certificates and SSL.
Your certificates will have to be valid for both www.example.com and example.com to avoid browser complaints.
Careful there might be an ssl.conf included file under conf.d that defines some of this. Make sure you only set it once to avoid confusion.
No need to define DocumentRoot in *:80 VH since it only redirects and does not respond content to client.
Have fun!
I solved the issue. I had my local hosts file configured to point to an old out of date IP address……
domain.com *bad ip address*
I'm so embarrassed. I must have set that up months ago and forgot.
I have a problem to redirect some request to an other port. Here's my configuration:
I have a public domain like XXXX.ddns.net
I have a Rapsbian server with apache and files in my /var/www folders are correctly served (angular website)
On the same Raspbian server there is a REST server running on the 3000 port
This is running on HTTPS with SSL(letsencrypt)
I would like that all requests to XXXX.ddns.net/api/* to be redirected to the 3000 port.
I change the .htaccess file and the rewrite rule seems to works on local but I can't make it working from my internet site. API requests achieve with a error 500.
Here is my current .htaccess file:
RewriteEngine On
RewriteRule ^api/(.*) https://localhost:3000/api/$1 [QSA]
# not sure if it should be http or https in the rule but nothing works
#RewriteRule ^api/(.*) http://localhost:3000/api/$1 [QSA]
# If an existing asset or directory is requested go to it as it is
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -f [OR]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} -d
RewriteRule ^ - [L]
# If the requested pattern is file and file doesn't exist, send 404
RewriteCond %{REQUEST_URI} ^(\/[a-z_\-\s0-9\.]+)+\.[a-zA-Z]{2,4}$
RewriteRule ^ - [L,R=404]
Here is my current 000-default-le-ssl.conf file (in /etc/apache2/sites-available):
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ServerName XXXX.ddns.net
SSLCertificateFile /etc/letsencrypt/live/XXXX.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XXXX.ddns.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
<Location /api>
ProxyPass http://127.0.0.1:3000/api
ProxyPassReverse http://127.0.0.1:3000/api
</Location>
</VirtualHost>
</IfModule>
If someone could help me to achieve it...
Thanks!
Your self-found solution looks strange to me. You switch on the SSLProxyEngine and than disable all security measures. Is the backend API running under HTTPS and HTTP at port 3000 at the same time? This is not possible.
I use this setup (apache as proxy to backend application) pretty often and would suggest the following configuration:
As I did not understand the purpose of the rewrite directives I left them out. The VirtualHost at port 80 always redirects HTTP requests to HTTPS. If this works add permanent to the directive (permanent is cached by some browsers, see comment in VirtualHost *:80).
The VirtualHost for HTTPS serves content from your DocumentRoot at /var/www/html. The Directory directive takes care that only correctly addressed files are served (no lookups possible). The VirtualHost also provides the proxy for the /api on the same server on port 3000.
It should work for apache 2.4 if your letsencrypt configuration is correct (fill-in the XXXX). Both VirtualHost configurations can be written into a single file, usually located in /etc/apache2/sites-available with a symlink to /etc/apache2/sites-enabled. Please remove/rename your .htaccess file and other configurations before testing this configuration. If you need access control through apache this could also be configured directly in the VirtualHost configuration.
<VirtualHost *:80>
ServerName XXXX.ddns.net
# Always https
Redirect / https://XXXX.ddns.net/
# Redirect permanent / https://XXXX.ddns.net/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName XXXX.ddns.net
# These are your SSL settings; your responsibility
SSLCertificateFile /etc/letsencrypt/live/XXXX.ddns.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/XXXX.ddns.net/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
# Your document root; where the JavaScript application lives
DocumentRoot /var/www/html
<Directory /var/www/html/ >
Options -Indexes +FollowSymLinks -MultiViews
AllowOverride None
Order Allow,Deny
Allow From All
</Directory>
# Reverse proxy settings for api
ProxyRequests Off
ProxyPreserveHost On
<Location /api >
ProxyPass http://127.0.0.1:3000/api
ProxyPassReverse http://127.0.0.1:3000/api
</Location>
</VirtualHost>
Thanks for your help. I don't really know how but it works now!
I dont rember exactly what i did, but the last one was to modify my 000-default-le-ssl.conf file like this:
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
<Location /api>
ProxyPass http://127.0.0.1:3000/api/
ProxyPassReverse http://127.0.0.1:3000/api/
ProxyPass https://127.0.0.1:3000/api/
ProxyPassReverse https://127.0.0.1:3000/api/
</Location>
I have a Plone site called example.com located at /var/www/Plone (I think). I have the following settings for the site located in sites-available for vhosts (excerpt):
<VirtualHost 10.0.1.4:8082>
ServerAdmin webmaster#localhost
ServerName wiedhas.noip.me
DocumentRoot /var/www/Plone
When I try to reach my site wiedhas.noip.me, apache loads the Plone directory tree and not my Plone site. I can browse through the file system of /var/www/Plone but it is not loading the site. I must not have set the documentroot to the correct directory of my site? Any help much appreciated.
This an excellent docu about running plone behind apache and more.
http://docs.plone.org/manage/deploying/front-end/apache.html
A simple example with ssl, how a vhost could look like:
<VirtualHost $IP:80>
ServerName my.domain.com
Redirect / https://my.domain.com
</VirtualHost>
<VirtualHost $IP:443>
ServerName my.domain.com
ErrorLog logs/my.domain.com-http-error.log
CustomLog logs/my.domain.com-http-access.log combined
Include vhosts.d/....ssl.inc
RewriteEngine On
RewriteRule ^/(.*) http://127.0.0.1:$PORT_OF_PLONE/VirtualHostBase/https/%{SERVER_NAME}:%{SERVER_PORT}/zodb/path/top/plone/VirtualHostRoot/$1 [P,L]
</VirtualHost>
The most important part is the rewrite rule:
RewriteRule ^/(.*) http://127.0.0.1:$PORT_OF_PLONE/VirtualHostBase/https/%{SERVER_NAME}:%{SERVER_PORT}/zodb/path/top/plone/VirtualHostRoot/$1 [P,L]
$PORT_OF_PLONE = Port of your running plone instance
/zodb/path/top/plone = That's where you added the plone site in zope.
Took me a while to get mine going so maybe this helps:
My vhosts looks like this (where my plone site is called 'mywebsite'):
#---------------------------------
# www.mywebsite.com
#---------------------------------
<VirtualHost *:80>
ServerName www.mywebsite.com
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^/(.*)$ http://127.0.0.1:8081/VirtualHostBase/http/%{SERVER_NAME}:80/mywebsite/VirtualHostRoot/$1 [L,P]
</IfModule>
</VirtualHost>
Hope that helps :)
As you see in the first and correct answer you do not need DocumentRoot. DocumentRoot points to a directory with files to render by Apache. But Plone brings it's own server, the Zope application server, which runs on a different port than Apache. The RewriteRule redirects the incoming request to the application server and modifies the response in a way that the redirection is hidden for the client.