I have an issue using mod_rewrite to force redirection of HTTP requests to HTTPS using Apache 2.2.22 on Ubuntu Server 12.04.
My /etc/apache2/sites-available/default file is as follows:
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
The HTTPS host is defined in default-ssl in the same directory.
Visiting the server's local IP address, the redirect appears to work fine. However, accessing it via the FQDN, it doesn't. Using the FQDN, the site is available at port 5443, which is mapped in the firewall to 443 on the server, so perhaps that has something to do with the problem. I cannot just use port 443 directly, as it is in use on this IP address by another server.
To further clarify, the following are valid links:
https://website:5443
https://192.168.200.80:443
The redirect works here:
http://192.168.200.80
But the following gives a 400 Bad Request, and this is where the redirect is needed:
http://website:5443/
"Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please."
This is totally possible. The following redirects all http to the https url.
<VirtualHost *:80>
ServerName mydomainname.com
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
make sure you load the rewrite module mod_rewrite and enable it.
Your problem here is the initial HTTP request: This won't work as the server won't understand it receiving the request on port 443 (as the response code suggests).
If no port is given, the protocol http defaults to port 80, https to port 443.
This is also the reason why your local redirect works. I bet, if you access the page through http://website/ (with proper port forwarding of port 80), it will work as well. Also note that your VirtualHost is only defined for port 80 anyway, so it won't be valid for requests sent to website:5443 (or website:443).
In general, you'd need a server accepting both HTTP and HTTPS requests on a single port. Not sure any popular server actually supports something like that, because (I think) it essentially violates the specs.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
if u want to redirect your site from http:// anything.example.com to https: //anything.example.com ... Just create a dedicated hosting .conf file as /etc/httpd/conf.d/dedicated.conf and other conf file as virtual.conf ... entries for dedicated.conf are as follows....
this is dedicated server hosting conf file for redirecting it to https...
<virtualhost *:80>
servername host.example.com
documentroot /var/www/html
rewriteengine on
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
sslcertificatefile /etc/pki/tls/certs/name.crt
sslcertificatekeyfile /etc/pki/tls/private/name.key
</virtualhost>
<directory /var/www/html>
allowoverride all
require all granted
</directory>
Alternatively as mentioned in comment below, we can use redirect also:
<virtualhost *:80>
servername host.example.com
documentroot /var/www/html
RedirectMatch / https://host.example.com:ANY_PORT/ #if there is specific port
sslcertificatefile /etc/pki/tls/certs/name.crt
sslcertificatekeyfile /etc/pki/tls/private/name.key
</virtualhost>
<directory /var/www/html>
allowoverride all
require all granted
</directory>
Related
I think I know the reason this is happening but I don't know how to fix it. I have a reverse proxy set up on one server and it's proxying from port 443 to my mattermost server (not on the same machine) on the default port of 8065.
I have SSL set up on the proxy with a let's encrypt certificate.
Port 8065 is opened on my firewall to the mattermost server but also on that same public IP I have port 80 and 443 opened to a completely different server.
What is happening is that when I hit the url for my mattermost server the certificate for that other server is being presented to my browser instead of the one that is configured on the proxy. I have no idea why this is happening. Here is my virtual host section:
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot "/var/www/html"
ServerName chat.example.com
<Directory "/var/www/html">
allow from all
Options None
Require all granted
</Directory>
ProxyPreserveHost On
RewriteEngine On
RewriteCond %{REQUEST_URI} /api/v[0-9]+/(users/)?websocket [NC]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} \bUpgrade\b [NC]
RewriteRule .* ws://x.x.x.x:8065%{REQUEST_URI} [P,QSA,L]
ProxyPass / http://x.x.x.x:8065/ timeout=31536000
ProxyPassReverse / http://x.x.x.x:8065/
SSLCertificateFile /etc/letsencrypt/live/chat.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/chat.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/chat.example.com/chain.pem
</VirtualHost>
</IfModule>
Let me know if more information is required.
Rich
I ended up doing this a different way - not sure why it wasn't working. I'm calling it worked around.
Apache shows default page and doesn't load site configuration. OS: Debian 10.
Site is enabled but somehow it doesn't show files from public_html folder. Any help is appreciated.
<VirtualHost *:443>
SSLEngine On
ServerAdmin admin#abc.com
ServerName abc.com
ServerAlias *.abc.com
DocumentRoot /home/xx/public_html
SSLEngine on
SSLCertificateFile /home/xx/ssl.cert
SSLCertificateKeyFile /home/xx/ssl.key
<Directory /home/xx/public_html>
Require all granted
</Directory>
ErrorLog /home/xx/logs/error.log
CustomLog /home/xx/logs/access.log common
LogLevel debug
</VirtualHost>
No enough reputation to comment, so I’m trying with an answer and will clean it up if useful.
No mention of what you’re finding, if anything, in your logs. I assume you’re accessing using HTTPS to be sure your requests are going to port 443, but if per chance you were not I would try that first by specifying the protocol when entering the URL in your browser - otherwise you are probably making your request to the server on port 80 and not 443 where your VirtualHost is listening.
http://example.com ====> browser sends request to port 80, default port for http
https://example.com ====> browser sends request to port 443, default port for https
Is there also a VirtualHost entry for port 80 to redirect those requests to 443? If your browser is trying to load it as http using port 80 first then perhaps that’s why you’re seeing the Apache default page as I believe the server will be attempting to serve from /var/www/html/ for requests on port 80 unless you have already pointed these elsewhere with another VirtualHost, etc.
An example of what I mean that I have in use; either the ReWriteEngine or the Redirect permanent may be redundant, but I can confirm it functions fine for me as follows:
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
Redirect permanent / https://www.example.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com [OR]
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
For my setup, I preferred that the www subdomain be default and set up DNS intentionally to treat it as such, so the bare domain is ServerAlias in my instance.
I need help about a configuration. I have an .htaccess for my frontend webserver which is so configured:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/?(dir_a|dir_b|dir_c)
RewriteCond %{QUERY_STRING} !^/?(dir_a|dir_b|dir_c)
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
DirectoryIndex index.php
So, dir_a, dir_b and dir_c, which are on the frontend server, are not redirected to https. Everything on the frontend server is correctly redirected to https if https is omitted or using http when one inputs an URL of my website. This does not happen for a location pointing to an internal webserver, i.e I have in my apache2.conf:
<VirtualHost *:443>
...
ServerName example.com
SSLEngine on
SSLProxyEngine On
...
</VirtualHost>
...
<Location /backsrvdir>
SSLRequireSSL
ProxyPass http://192.168.x.y/backsrvdir
ProxyPassReverse http://192.168.x.y/backsrvdir
</Location>
In backsrvdir I have another .htaccess with its DirectoryIndex bsindex.php.
It works only if the link already contains https:, so if I write or click on https://example.com/backsrvdir it's ok, if omit https: or using http: the frontend server responds with a "403 Forbidden: You don't have permission to access /backsrvdir/ on this server. Apache/2.2.22 (Debian) Server at example.com Port 80".
As I stated above, port 80 is open only for dir_a dir_b and dir_c.
Any idea to solve the problem and have http://example.com/backsrvdir redirected to https://example.com/backsrvdir?
Thanks in advance.
Try something like this:
<VirtualHost *:80>
...
Redirect permanent /backsrvdir https://example.com/backsrvdir
# Remove the other 3 lines:
# SSLRequireSSL
# ProxyPass http://192.168.x.y/backsrvdir
# ProxyPassReverse http://192.168.x.y/backsrvdir
...
</VirtualHost>
Also remove anything related to https redirection from .htaccess
How to configure Apache to redirect all requests from port 80 to a port 8080? For example http://google.com.localhost must redirect to a http://google.com.localhost:8080 but for all requests.
<VirtualHost *:80>
ServerName proxy.localhost
ServerAlias *.localhost
Redirect permanent / *:8080
</VirtualHost>
You cannot use Redirect for this, because Redirect does not allow for variables.
Inspired by the examples using mod_rewrite from the Apache documentation:
RewriteEngine On
RewriteRule "^/?(.*)" "http://%{HTTP_HOST}:8080/$1" [L,R,NE]
Note that you need mod_rewrite enabled for this to work.
I have installed TURN server. And APACHE is also installed there. SSL Certificates are also installed. The site is running fine where I am typing https://www.domain.com or https://domain.com
But if I type only www.domain.com or domain.com it is saying "TURN Server
use https connection for the admin session".
All I want, if someone types the URL without HTTPS, it will redirect it to HTTPS URL.
It is a server where TURN Server is also installed ( Repeating it again )
I think this link can help.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
The Apache doc recommend this:
<VirtualHost *:80>
ServerName www.example.com
Redirect / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
# ... SSL configuration goes here
</VirtualHost>