Am 18.09.2017 um 17:56 schrieb Daniel:
I tried to read and understand the whole thread and what we are trying
to solve here, but I can't help to think this is an attempt at a new
".htaccess" wildcard thing for SSL that will end in greater confusion.
in Freenode #httpd we generally try to teach people to not be afraid
of defining the necessary virtualhosts. Everyone seems inclined, due
to the amount of trash they have found through google, to define a
single .htaccess files that will solve all their cases, redirections,
and whatnot, and 90% are frustrated on how complicated it is.
The generic solution we give is, (the iconic simplest way), one
virtualhost for each:
<Virtualhost *:80>
ServerName whatever.example.com
Redirect / https://whatever.example.com/
</Virtualhost>
<Virtualhost *:443>
ServerName whatever.example.com
SSLEngine on
etc..
</Virtualhost>
Isn't this much better than any other attempt at reducing it to
"another minimum expression" in a complicated kind of way?
no it is not - have fun define two hosts with all options and i would
have much more samples with much more php-options which needs to be
included in both in doubt
yes, the software fetching lyrics likely had a problem with self-signed
certificates which was the case until short ago but that don't make the
config unreasonable exclude specific locations from enforced https
the only problem cuurently is that $_SERVER['HTTP_PORT'] is wrong for
such a vhost with 80 while it should be 443 in case of a https-connection
<VirtualHost *:80 *:443>
DocumentRoot "/mnt/data/www/example.rhsoft.net"
ServerName example.rhsoft.net
ServerAlias example.test.rh example example.rh.thelounge.net
Alias "/usage" "/var/www/usage/example"
CustomLog "/var/log/apache_example.log" combined
<Directory "/mnt/data/www/example.rhsoft.net">
php_admin_value open_basedir
"/mnt/data/www/example.rhsoft.net:/Volumes/dune/www-servers/phpincludes:/usr/share/php:/usr/share/pear:/mnt/data/audio:/media/WALKMAN/music"
php_admin_value upload_tmp_dir
"/mnt/data/www/example.rhsoft.net/uploadtemp"
php_admin_value soap.wsdl_cache_dir
"/mnt/data/www/example.rhsoft.net/uploadtemp"
php_flag session.cookie_secure "1"
Require all granted
</Directory>
<Directory "/mnt/data/www/example.rhsoft.net/modules/pchart">
Require all denied
</Directory>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !lyrics.php
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>
<IfModule mod_ratelimit.c>
SetOutputFilter RATE_LIMIT
SetEnv rate-limit 2800
</IfModule>
RedirectMatch 404 ^/modules/karaoke\-download\.php$
RedirectMatch 404 ^/modules/music/copy\-cli\.php$
RedirectMatch 404 ^/modules/music/validate\-all\-id3\-tags\.php$
SSLEngine Optional
SSLUseStapling On
SSLCertificateFile
"/var/lib/letsencrypt/certs/rhsoft-example.conf_rsa.pem"
SSLCertificateFile
"/var/lib/letsencrypt/certs/rhsoft-example.conf_ecdsa.pem"
</VirtualHost>
