Ok, as I read the code a bit more, there is a tangle of things that can influence port/scheme selection. But what I can see, the version in *trunk* should do the right thing *iff*
a) you use "SSLEngine *:443" instead of "Optional" b) you use "ServerName xxx.yyy" *without* a port name the a <VirtualHost *:80 *:443> ServerName xxx.yyy SSLEngine *:443 ... </VirtualHost> should do the right thing here. Internal methods used to generator Redirect Location headers, namely ap_construct_url() ap_get_server_port() ap_http_scheme() should give back the correct values for each connection and als fill the Env Variables with the correct values. -Stefan > Am 14.09.2017 um 15:46 schrieb Reindl Harald <h.rei...@thelounge.net>: > > > > Am 14.09.2017 um 15:40 schrieb Stefan Eissing: >> Harald, >> could you check if a configuration like: >> UseCanonicalPhysicalPort on >> in the server or vhost mitigates the problem? > > it makes it even more terrible and the resulting http:// protocol instead > https// on port 443 here even tiggers mod_security > > even if it would mitigate that issue - having ports in redirect urls easily > leads to a lot of other problems when proxy-servers are part of the game > > [harry@srv-rhsoft:/mnt/data/downloads]$ curl --head --insecure > https://contentlounge/cms > HTTP/1.1 301 Moved Permanently > Date: Thu, 14 Sep 2017 13:43:06 GMT > X-DNS-Prefetch-Control: off > X-Content-Type-Options: nosniff > X-Response-Time: D=1561 us > Location: http://contentlounge:443/cms/ > Cache-Control: max-age=0 > Expires: Thu, 14 Sep 2017 13:43:06 GMT > Content-Type: text/html; charset=iso-8859-1 > >>> Am 14.09.2017 um 12:00 schrieb Reindl Harald <h.rei...@thelounge.net>: >>> >>> >>> >>> Am 10.08.2017 um 18:22 schrieb Reindl Harald: >>>>> If you want to experiment... >>>>> <VirtualHost IP:80 IP:443> >>>>> is already recognized >>>> but with "SSLEngine On" and "SSLCertificateFile" configured non-https no >>>> longer would work >>> >>> OK, figured it out >>> >>> * you need the *first* vhost with "SSLEngine On" >>> * others can have "SSLEngine optional" and listen to 80 and 443 >>> >>> but there is a bug: https://bz.apache.org/bugzilla/show_bug.cgi?id=61519 >>> >>> if the trailing slash is missing in the url the automatic redirect to the >>> full qualified folder-path points to http:// instead https:// and that does >>> not happen within a vhost dedicated to :443 and "SSLEngine On" >>> >>> i was trapped in a endless loop because the php script making a redirect to >>> https:// had a bug and missed the traling / too >>> >>> <VirtualHost *:80 *:443> >>> DocumentRoot "/www/contentlounge" >>> ServerName contentlounge.rhsoft.net >>> SSLEngine optional >>> SSLCertificateFile "conf/ssl/rhsoft.net.pem" >>> </VirtualHost> >>> >>> [harry@srv-rhsoft:~]$ curl --head --insecure https://contentlounge/cms >>> HTTP/1.1 301 Moved Permanently >>> Date: Thu, 14 Sep 2017 09:40:27 GMT >>> X-DNS-Prefetch-Control: off >>> X-Content-Type-Options: nosniff >>> X-Response-Time: D=1311 us >>> Location: http://contentlounge/cms/ >>> Cache-Control: max-age=0 >>> Expires: Thu, 14 Sep 2017 09:40:27 GMT >>> Content-Type: text/html; charset=iso-8859-1
