httpd redirects with SSL and subdomains/vhosts - apache

I'm trying to setup http -> https redirected subdomains on my website, which is being served by Apache (Version: 2.2.31). I purchased a wildcard SSL certificate that is installed correctly for my main site (www.domain.com) because I get a green lock next to the address, so that part should be done.
The issue: browsing to subdomain.domain.com redirects to www.domain.com and I can't figure out why. I've been reading and following this page as well as several others with similar content, but I'm missing the key ingredient.
The main site is served from /var/www/html and the subdomain is served from /var/www/vhosts/subdomain. Also, I'm getting this error:
[warn] _default_ VirtualHost overlap on port 443, the first has precedence
Here's the vhost section of /etc/httpd/conf/httpd.conf:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.domain.com
ServerAlias www.domain.com
#Redirect permanent / https://www.domain.com
Redirect 302 / https://www.domain.com
</VirtualHost>
<VirtualHost *:80>
ServerName subdomain.domain.com
ServerAlias subdomain.domain.com
#Redirect permanent / https://subdomain.domain.com
Redirect 302 / https://subdomain.domain.com
</VirtualHost>
And here's /etc/httpd/conf.d/ssl.conf:
<VirtualHost *:443>
ServerName www.domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/html
...
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /path/to/cert
SSLCertificateKeyFile /path/to/key
SSLCertificateChainFile /path/to/bundle
</VirtualHost>
<VirtualHost *:443>
ServerName subdomain.domain.com
ServerAlias subdomain.domain.com
DocumentRoot /var/www/vhosts/subdomain
...
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /path/to/cert
SSLCertificateKeyFile /path/to/key
SSLCertificateChainFile /path/to/bundle
</VirtualHost>
And here's apachectl -S output (with my domain name redacted/substituted):
Any help would be greatly appreciated.
=======================================================================
Edit: I removed the word permanent, cleared my cache, and the problem persists. It seems like it has to do with the warning, right?
Also, I get a successful response regardless of which subdomain I use even when it doesn't exist. I can literally type whatever I want for subdomain and it goes to the main site. http://<anything>.domain.com and https://<anything>.domain.com both load the main site with https.

The problem was simple, but elusive, at least to me. In /etc/httpd/conf.d/ssl.conf, I needed to add the following line for the VirtualHost configurations to be distinct:
NameVirtualHost *:443
Now everything works as expected.

Related

HTTP and HTTPS redirection

I'm trying to configure my Apache Server to redirect both:
Non-SSL http://support.nile.sd and SSL https://support.nile.sd to the link https://support.nile.sd/otrs/customer.pl, HTTP requests are well redirected via this force-redirect.conf:
$ vim /etc/httpd/conf.d/force-redirect.conf
<VirtualHost *:80>
ServerName support.nile.sd
Redirect permanent / https://support.nile.sd/otrs/customer.pl
</VirtualHost>
But HTTPS aren't redirected!! it goes to a strange page as follows:
Index of /
Name Last modified Size Description
Could you please tell me how to redirect HTTPS also, without having the "Too many redirects ERROR"
Now it works, I used the RedirectMatch expression, on both HTTP and HTTPS Virtual hosts as follows in the same force-redirect.conf file:
<VirtualHost *:80>
ServerName support.nile.sd
RedirectMatch permanent (.*)/$ https://support.nile.sd/otrs/customer.pl
</VirtualHost>
<VirtualHost *:443>
ServerName support.nile.sd
RedirectMatch permanent (.*)/$ https://support.nile.sd/otrs/customer.pl
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/support.nile.sd/certificate.pem
SSLCertificateKeyFile /etc/letsencrypt/live/support.nile.sd/privatekey.pem
SSLCertificateChainFile /etc/letsencrypt/live/support.nile.sd/chainofgod.pem
</VirtualHost>
You only have a rule for port 80, which is regular http:// protocol
I don't see a rule for port 443, which is https
you need to add the following
<VirtualHost *:443>
ServerName support.nile.sd
DocumentRoot /var/www/site
SSLEngine on
SSLCertificateFile /path/to/www_yoursite_com.crt
SSLCertificateKeyFile /path/to/www_yoursite_com.key
SSLCertificateChainFile /path/to/DigiCertCA.crt
Redirect permanent / https://support.nile.sd/otrs/customer.pl
</VirtualHost>

running website with no http show different content

Im running 3 sites in one server the same IP in Ubuntu/Apache using vhost.
I bought an SSL certificate and installed it in one of my sites successfully. The problem is when I run the site with no https it shows content from my other site.
Ex.
www.aaaaa.com
www.bbbbb.com (SSL)
www.ccccc.com
when I run https://bbbbb.com there is no problem but
when I run http://bbbbb.com it shows the content of www.aaaaa.com
I know the ssl is working correctly coz I have tested it sslchecker.
This is the first time I installed SSL, I hope someone knows something about this problem.
ok just got the Answer from this link
https://www.namecheap.com/support/knowledgebase/article.aspx/9821/38/redirect-to-https-on-apache
You just need to Redirect HTTPS on Apache. Solution is I added vhost port 80 on my conf file in apache to redirect it to https when accessing the site with no https.
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#example.com
ServerName example.com.ca
ServerAlias www.example.com
DocumentRoot /var/www/example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/example.com/example.ca.crt
SSLCertificateKeyFile /etc/ssl/example.com/example.key
SSLCertificateChainFile /etc/ssl/example.com/example.ca.ca-bundle
</VirtualHost>

Apache VirtualHost multiple domain multiple SSL

Hi I have the following use case, I have an application (let's call it foobar) on a remote server /var/www/foobar and I have the following Apache VirtualHost conf
<VirtualHost *:80>
DocumentRoot /var/www
# This is to redirect http traffic to https
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/example.com.crt
SSLCertificateKeyFile /etc/ssl/private/example.com.key
SSLCertificateChainFile /etc/ssl/certs/example.com.bundle.crt
ServerName example.com:443
DocumentRoot /var/www/foobar
</VirtualHost>
And its working all fine. Now suppose I have another domain example2.com and I want it to point to the same foobar application. My current thinking is create another VirtualHost below, something like this
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/example2.com.crt
SSLCertificateKeyFile /etc/ssl/private/example2.com.key
SSLCertificateChainFile /etc/ssl/certs/example2.com.bundle.crt
ServerName example2.com:443
DocumentRoot /var/www/foobar
</VirtualHost>
But I was wondering is this the correct way of doing stuff like this? I need both domains to be "independent" so I didn't make a permanent redirect from example2.com to example.com
You can do something like below,You can use the server alias for this, Also I don't see anything wrong in having 2 virtual hosts as well.
<VirtualHost *:443>
ServerName example1.com
ServerAlias example2.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/testlink
</VirtualHost>
If you are getting unable to get a certificate error, you can create a certificate with a wildcard CN. e.g : *.comthis will match both example1.com and example2.com.

Running SSL and non-SSL sites simultaneously with MAMP (4.0.6)

To enable SSL, I've uncommented this line in httpd.conf:
# Secure (SSL/TLS) connections
Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf
The httpd-ssl.conf file itself I've left untouched, and created .crt and .key files for a self-signed SSL certificate in the places it's expecting to see them by default:
SSLCertificateFile "/Applications/MAMP/conf/apache/server.crt"
SSLCertificateKeyFile "/Applications/MAMP/conf/apache/server.key"
Back in the main httpd.conf, I've created a VirtualHost for a site I want to use SSL, and configured like this to eventually get it working:
NameVirtualHost *
<VirtualHost *>
DocumentRoot "/Users/jonnott/Documents/sslsite1.dev"
ServerName sslsite1.dev:443
ServerAlias www.sslsite1.dev
SSLEngine on
SSLCertificateFile "/Applications/MAMP/conf/apache/server.crt"
SSLCertificateKeyFile "/Applications/MAMP/conf/apache/server.key"
</VirtualHost>
This SSL site now works fine.
However, the problem I have is that now whenever I try to visit any local non-SSL hosts, I get this error:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
These other non-SSL sites are configured in httpd.conf like this:
<VirtualHost *>
DocumentRoot "/Users/jonnott/Documents/site2.dev"
ServerName site2.dev
ServerAlias www.site2.dev
</VirtualHost>
What am I missing / doing wrong?
I think I've pretty much figured it out after reading this:
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts2
I needed BOTH of these in my httpd.conf before the start of my VirtualHost directives:
NameVirtualHost *:80
NameVirtualHost *:443
..and then each VirtualHost needed to be port-specific:
<VirtualHost *:80>
DocumentRoot "/Users/jonnott/Documents/Projects/site1"
ServerName site1.dev:80
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/Users/jonnott/Documents/Projects/site1"
ServerName site1.dev:443
SSLEngine on
SSLCertificateFile "/Applications/MAMP/conf/apache/server.crt"
SSLCertificateKeyFile "/Applications/MAMP/conf/apache/server.key"
</VirtualHost>

Redirect HTTP to HTTPS Apache2

im trying to redirect http to https.
I've found a lot answers, but nothing works for me.
I dont know why, maybe its a apache2 config error?
I tryin it also in the .htaccess and there also nothing happens.
Just this Error:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Here's my Virtual Host File.
#Redirect HTTP TO HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]
#VHOSTS
<VirtualHost *:443>
Servername www.latoya.eu
ServerAlias latoya.eu www.latoya.eu
Documentroot /var/www/latoya
ErrorLog /path/to/log/error.log
CustomLog /path/to/log/access.log combined
SSLEngine on
SSLCertificateFile /path/to/ssl/files/pem.crt
SSLCertificateKeyFile /path/to/ssl/files/private.key
SSLCertificateChainFile /path/to/ssl/files/pem.ca-bundle
</VirtualHost>
<VirtualHost *:443>
Servername board.latoya.eu
Documentroot /var/www/latoya
ErrorLog /path/to/log/error.log
CustomLog /path/to/log/access.log combined
SSLEngine on
SSLCertificateFile /path/to/ssl/files/pem.crt
SSLCertificateKeyFile /path/to/ssl/files/private.key
SSLCertificateChainFile /path/to/ssl/files/pem.ca-bundle
</VirtualHost>
<VirtualHost *:443 *:80>
Servername secure.latoya.eu
Documentroot /var/www/latoya
ErrorLog /path/to/log/error.log
CustomLog /path/to/log/access.log combined
SSLEngine on
SSLCertificateFile /path/to/ssl/files/pem.crt
SSLCertificateKeyFile /path/to/ssl/files/private.key
SSLCertificateChainFile /path/to/ssl/files/pem.ca-bundle
</VirtualHost>
<VirtualHost *:80 *:443>
Servername static.kritzelpixel.com
Documentroot /var/www/static.kritzelpixel.com
ErrorLog /path/to/log/error.log
CustomLog /path/to/log/access.log combined
SSLCertificateFile /path/to/ssl/files/pem.crt
SSLCertificateKeyFile /path/to/ssl/files/private.key
SSLCertificateChainFile /path/to/ssl/files/pem.ca-bundle
</VirtualHost>
Using "VirtualHost *:80 *:443" or the opposite in the same virtualhost tag is completely incorrect since one virtualhost can't be SSL and not be SSL at the same time.
The fact that Apache HTTPD is not screaming in pain about it is because you "can" use different ports in the same virtualhost but that was certainly not designed to have a SSL port and a non-SSL port together.
So my suggestion is you correct your configuration to look sane, that is, having specific virtualhost *:80 and virtualhost *:443 separately.
In the VirtualHost *:80 entries you can then Redirect / https://example.com/ with the specific hostnames for your case to redirect from 80 to 443 a single line and without the need to use mod_rewrite.
To redirect to SSL mod_rewrite is not needed and overkill.
Briefly:
<VirtualHost *:80>
ServerName example.com
Redirect / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
SSLEngine on
#other directives here
</VirtualHost>
And the same with the rest of the names if they have different configurations.