I have some site example.biz. I redirect all http request to https, but how redirect with subdomains(Excluding one host that is in a different configuration file)? I need something like this: If i write bla-bla.example.biz i must redirected to example.biz. But if ololo.bla-bla.example.biz - error. And all this redirection must be to https. To all this, I can not add *.example.biz to ServerAlias, because i have another site adm.example.biz. Now If I write something like any.example.biz, i left on the home page.
Config of example.com:
<VirtualHost *:80>
ServerAdmin i#example.com
ServerName example.biz
ServerAlias www.example.biz
UseCanonicalName On
DocumentRoot /var/www/example/webapps
LogLevel warn
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
ErrorLog ${APACHE_LOG_DIR}/example-error.log
CustomLog ${APACHE_LOG_DIR}/example-access.log combined
</VirtualHost>
https config:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin i#example.com
ServerName example.biz
ServerAlias www.example.biz
UseCanonicalName On
DocumentRoot /var/www/example/webapps/
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/example-error.log
CustomLog ${APACHE_LOG_DIR}/example-access.log combined
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/rockfutur/webapps/rockfutur/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.pem
SSLCertificateKeyFile /etc/ssl/private/example.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
Related
I am using WAMP Server with the following configuration:
Apache 2.4.54
PHP 8.1.8
MySQL 8.0.29
and the Virtualhost at httpd-hosts.conf is:
<VirtualHost *:80>
ServerName localhost
ServerAlias localhost
DocumentRoot "${INSTALL_DIR}/www"
<Directory "${INSTALL_DIR}/www/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</VirtualHost>
and at httpd-ssl.conf is:
<VirtualHost _default_:443>
DocumentRoot "${INSTALL_DIR}/www"
ServerName localhost
ServerAdmin webmaster#example.com
ErrorLog "${SRVROOT}/logs/error.log"
TransferLog "${SRVROOT}/logs/access.log"
SSLEngine on
SSLCertificateFile "${SRVROOT}/conf/key/localhost.crt"
SSLCertificateKeyFile "${SRVROOT}/conf/key/localhost.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${SRVROOT}/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
CustomLog "${SRVROOT}/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
With the above configuration my WAMP Server opens from the URL:
https://localhost
I have also installed Apache Tomcat 9.0 where it opens from the URL:
http://localhost:8080
My intention is to create a virtualhost i.e.: https://mylocaltomcat with a configuration like the following:
<VirtualHost *:80>
ServerName mylocaltomcat
ServerAlias mylocaltomcat
DocumentRoot "${INSTALL_DIR}/www/tomcat/"
<Directory "${INSTALL_DIR}/www/tomcat/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
# ProxyRequests off
# ProxyPass /.well-known/acme-challenge !
# ProxyPass "${INSTALL_DIR}/www/tomcat" ajp://127.0.0.1:8009/
# ProxyPassReverse "${INSTALL_DIR}/www/tomcat" ajp://127.0.0.1:8009/
</VirtualHost>
and
<VirtualHost _default_:443>
DocumentRoot "${INSTALL_DIR}/www/tomcat"
RewriteEngine On
ServerName mylocaltomcat
ServerAdmin webmaster#example.com
ErrorLog "${SRVROOT}/logs/error.log"
TransferLog "${SRVROOT}/logs/access.log"
SSLEngine on
SSLCertificateFile "${SRVROOT}/conf/key/localhost.crt"
SSLCertificateKeyFile "${SRVROOT}/conf/key/localhost.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${SRVROOT}/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0
CustomLog "${SRVROOT}/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
# ProxyRequests off
# ProxyPass /.well-known/acme-challenge !
# ProxyPass "${INSTALL_DIR}/www/tomcat" ajp://127.0.0.1:8009/
# ProxyPassReverse "${INSTALL_DIR}/www/tomcat" ajp://127.0.0.1:8009/
</VirtualHost>
The Proxy lines are commented (#) as it was my effort to make the whole thing to work, but unfortunately it didn't.
The modules I have activated in Apache are:
I think I am missing something or even more stuff, but I cannot figure out how to proceed.
Any help would be greatly appreciated.
Edited - Fixed!
I figured out what the correct lines were for the proxy in order for it to work:
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
and I thought about sharing it.
Now it works as expected!
I'm using apache v.2.4.38 (on windows) and, when I enable mod_security/owasp with "SecRuleEngine On", the redirection rule from http to https stop working.
What I'm doing wrong?
Here my redirection:
<VirtualHost _default_:80>
ServerName my.site.com
Redirect permanent / https://my.site.com/
</VirtualHost>
<VirtualHost _default_:443>
DocumentRoot "C:/my/site"
ServerName my.site.com
ServerAdmin support#magicleaer.com
ErrorLog "${SRVROOT}/logs/error.log"
TransferLog "${SRVROOT}/logs/access.log"
SSLEngine on
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "${SRVROOT}/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "${SRVROOT}/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLProtocol TLSv1.2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4
SSLCertificateFile "..."
SSLCertificateKeyFile "..."
SSLCertificateChainFile "..."
SSLCACertificateFile "..."
Alias /.well-known C:/magicleader/php/.well-known
<Directory "C:/my/site">
DirectoryIndex index.php
AllowOverride All
</Directory>
</VirtualHost>
Everytime I try to access https://sub.myproject.test/ this message pops up:
Object not found!
The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again.
If you think this is a server error, please contact the webmaster.
Error 404
sub.myproject.test
Apache/2.4.38 (Unix) OpenSSL/1.0.2q PHP/7.2.15 mod_perl/2.0.8-dev Perl/v5.16.3
On httpd-vhosts.conf I have:
<VirtualHost *:80>
DocumentRoot "/mnt/data/myproject/sub.myproject.com/public_html"
ServerName sub.myproject.test
ServerAlias www.sub.myproject.test
<Directory "/mnt/data/myproject/sub.myproject.com/public_html/">
AllowOverride All
Require local
</Directory>
</VirtualHost>
and on httpd-ssl.conf I have:
# catalog config
<VirtualHost *:443>
DocumentRoot "/mnt/data/myproject/sub.myproject.com/public_html"
ServerName sub.myproject.test:443
ServerAlias www.sub.myproject.test:443
ErrorLog "/opt/lampp/logs/error_log"
TransferLog "/opt/lampp/logs/access_log"
SSLEngine on
SSLCertificateFile "/opt/lampp/etc/ssl.crt/server.crt"
SSLCertificateKeyFile "/opt/lampp/etc/ssl.key/server.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/mnt/data/myproject/sub.myproject.com/public_html/">
SSLOptions +StdEnvVars +FakeBasicAuth
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Allow from all
Require all granted
</Directory>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/opt/lampp/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
And of course in /mnt/data/myproject path I have the sub.myproject.com folder
If you could help me fix this, it'd be very appreciated
Your VirtualHost is ok (except you do not need to put :443 in ServerName and ServerAlias directives), but you never tell Apache which page to display by default, when not specified in the request.
Define DirectoryIndex in each VirtualHost.
Ex: DirectoryIndex index.html
When the request is https://example.com/
,hence nothing after the domain name, Apache will display index.html, from the DocumentRoot directory.
Unrelated to your question, you should put ServerTokens Prod and ServerSignature Off in your configuration, your error message is displaying way to much information.
I am trying to redirect ME.com or www.ME dot com to https://NOTME dot com.
The code below works but when i type https://ME dot com it doesn't go to https://NOTME dot com. i get an error that page is unsecure.
code below:
<VirtualHost *:80>
ServerAdmin admin#ME dot com
ServerName ME dot com
ServerAlias www dot ME dot com
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www dot ME dot com
RewriteRule ^/(.*)$ http://NOTME dot com/$1 [L,R=301]
Redirect permanent / https://NOTME dot com/
DocumentRoot /var/www/xxx/xxx/
<Directory />
Options FollowSymLinks
AllowOverride all
</Directory>
<Directory /var/www/xxxx/xxxxx/>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
Also note that i set ME.com had an https certificate that i removed which was set at virtual host port 443. Can i also still return the certificate to it?
Also both ME.com and NOTME.com are on the same server IP.
This is how i solved this problem:
<VirtualHost *:443>
ServerAdmin x#ME.com
ServerName ME.com
ServerAlias www.ME.com
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www.ME.COM/$
RewriteRule ^/(.*)$ https://NOTME.COM/$1 [L,R=301]
Redirect permanent / https://NOTME.COM/
SSLEngine on
SSLCertificateFile /xxxxxxxxxxxx.crt
SSLCertificateKeyFile /xxxxxxxxxxxx.key
SSLCertificateChainFile /xxxxxxxxxxxxxx.crt
Actually the solution was a permanent redirect to NOTME dot com
Recently I have been trying to get Elasticsearch to be usable over SSL. This has taken me on a fun route between apache to nginx to apache to nginx and now finally back to apache.
I needed LDAP for authentication which is why I stopped using nginx. I followed this https://gist.github.com/jerrac/0a8bd96e6c42eb84b6f2 for configuring my apache web server. The good thing is that I am able to access it. The bad thing is elasticsearch doesn't work when trying to look for indices. I use elasticsearch-head to make sure it wasn't anything else but it seems like elasticsearch is still being blocked even though I can reach the kibana webpage. Any help would be appreciated.
<VirtualHost *:80>
ServerAdmin systems#example.com
ServerName logstash.example.com
DocumentRoot /var/www/kibana/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/kibana/>
Options -Indexes FollowSymLinks -MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
#RewriteRule ^/(.*)$ https://logstash.example.com/$1 [R,L]
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin systems#example.com
ServerName logstash.example.com
SSLEngine on
SSLCertificateFile /etc/ssl/certs/wildcard.example.com.crt
SSLCertificateKeyFile /etc/ssl/private/wildcard.example.com.key
SSLCACertificateFile /etc/ssl/certs/ca-example.cert
#RewriteEngine on
#RewriteCond %{SERVER_NAME} !=logstash.example.com
#RewriteRule ^/(.*)$ https://logstash.eaxmple.com/$1 [R,L]
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
DocumentRoot /var/www/kibana/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/kibana/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [7-9]" ssl-unclean-shutdown
#ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
#<Directory "/usr/lib/cgi-bin">
# AllowOverride None
# Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
# Order allow,deny
# Allow from all
#</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Proxy http://127.0.0.1:9200>
#<Proxy http://logstash.example.com:9200>
ProxySet connectiontimeout=5 timeout=90
</Proxy>
# Proxy for _aliases and .*/_search
<LocationMatch "^(/_aliases|.*/_search|.*/_mapping|/_nodes)$">
#ProxyPassMatch http://logstash.example.com:9200
#ProxyPassReverse http://logstash.example.com:9200
ProxyPassMatch http://127.0.0.1:9200
ProxyPassReverse http://127.0.0.1:9200
</LocationMatch>
# Proxy for kibana-int/{dashboard,temp} stuff (if you don't want auth on /, then you will want these to be protected)
<LocationMatch "^(/kibana-int/dashboard/|/kibana-int/temp).*$">
#ProxyPassMatch http://logstash.example.com:9200
#ProxyPassReverse http://logstash.example.com:9200
ProxyPassMatch http://127.0.0.1:9200
ProxyPassReverse http://127.0.0.1:9200
</LocationMatch>
</VirtualHost>
</IfModule>
You should be able to do https://myserver/index_name/_search/ with the above configuration, if Kibana is working.
Your LocationMatches only allow very small subsets of information. You can either explicitly list your indexes (e.g., /index1/.*|/index2/.*) or come up with a more flexible mapping (e.g., have a known pattern in the index's name).
<LocationMatch "^/(_aliases|index1/.*|index2/.*|_nodes)$">
It is probably worth noting that it is very dangerous to expose your Elasticsearch database, even if it is using SSL because once you allow unfettered access, then they can fetch all data from them (among other risky operations), which defeats the purpose of encrypting the traffic for the most part.