In case this is helpful to someone, a book I bought on .htaccess recommends
this to require SSL/HTTPS by port:
<IfModule mod_rewrite.c> RewriteCond %{SERVER_PORT} ^80$ RewriteRule
^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301, L]</IfModule>
...Jason
From: YUSUI T <yusui.tomik...@gmail.com>
To: users@httpd.apache.org
Sent: Monday, February 9, 2015 9:53 AM
Subject: Re: [users@httpd] Redirection via HTTPS
2015-02-09 16:31 GMT+09:00 Daniel <dferra...@gmail.com>:
>
>
> 2015-02-08 21:15 GMT+01:00 Yann Ylavic <ylavic....@gmail.com>:
>>
>> On Sun, Feb 8, 2015 at 9:03 PM, Yann Ylavic <ylavic....@gmail.com> wrote:
>> > On Sun, Feb 8, 2015 at 7:36 AM, YUSUI T <yusui.tomik...@gmail.com>
>> > wrote:
>> >>
>> >> root@hostname:~# tail -n 6 /etc/apache2/mods-available/ssl.conf
>> >> <VirtualHost *:443>
>> >> ServerName www.mydomain.com
>> >> Redirect / https://www.mydomain.com/
>> >> </VirtualHost>
>> >
>> > You probably want to redirect to https when the request is plain http,
>> > hence :
>> > <VirtualHost *:80>
>> > above.
>>
>> Sorry, I completely misread your issue, please ignore this.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>
> This is the list of virtualhosts you need. It could be reduced, but for
> educational purposes here is how all virtualhosts should look to represent
> your scenario more or less as I have understood you were asking. As you will
> see there is no need for mod_rewrite at all for this case.
>
> I assumed you want to redirect port 80 to SSL too, if not, ignore the first
> non-ssl virtualhost examples.
>
> ###
> # domain.com port 80 redirects to SSL www.domain.com
> <VirtualHost *:80>
> ServerName domain.com
> DocumentRoot /path/to/docroot
> Redirect / https://www.domain.com/
> </VirtualHost>
>
> ###
> # www.domain.com port 80 redirects to SSL www.domain.com
> <VirtualHost *:80>
> ServerName www.domain.com
> DocumentRoot /path/to/docroot
> Redirect / https://www.domain.com/
> </VirtualHost>
>
> ###
> # domain.com port 443 SSL redirects to SSL www.domain.com
> <VirtualHost *:443>
> ServerName domain.com
> DocumentRoot /path/to/docroot
> SSLEngine on
> SSLCertificateKeyFile /my/path/to/domain.com.key
> SSLCertficicateFile /my/path/do/domain.com.crt
> Redirect / https://www.domain.com/
> </VirtualHost>
>
> ####
> # www.domain.com port 443 SSL
> <VirtualHost *:443>
> ServerName www.domain.com
> DocumentRoot /path/to/docroot
> SSLEngine on
> SSLCertificateKeyFile /my/path/to/www.domain.com.key
> SSLCertificateFile /my/path/do/www.domain.com.crt
>
> ###
> # And your actual configuration from here on
> </VirtualHost>
>
>
> Hope this helps
Thank you for great list of virtualhosts.
What I want to do are 2 things;
1st: redirect from http://mydomain.com(:80) to http://www.mydomain.com(:80)
2nd: redirect from https://mydomain.com(:443) to https://www.mydomain.com(:443)
Your list is great help for me.
I exchanged redirect for rewrite on
/etc/apache2/sites-available/000-default.conf.
But my Google Chrome said an error "ERR_TOO_MANY_REDIRECTS".
Additionally it shows another error when I added # mydomain.com port
443 SSL redirects to SSL www.mydomain.com to
/etc/apache2/mods-available/ssl.conf and restarted apache.
root@hostname:~# service apache2 restart
* Restarting web server apache2 [fail]
* The apache2 configtest failed.
Output of config test was:
AH00526: Syntax error on line 95 of /etc/apache2/mods-enabled/ssl.conf:
Invalid command 'SSLCertficicateFile', perhaps misspelled or defined
by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
root@hostname:~#
My configurations already have some <VirtualHost>. And I am not sure
where I should add that list...
The followings are my /etc/apache2/sites-available/000-default.conf
and /etc/apache2/mods-available/ssl.conf.
root@hostname:~# cat /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname
and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin cont...@mydomain.com
DocumentRoot /var/www/html
# mydomain.com port 80 redirects to www.mydomain.com port 80
Redirect / http://www.mydomain.com/
<Directory "/var/www/html">
AllowOverride All
Options +ExecCGI
Require all granted
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
root@hostname:~#
------------------------------------------------------
root@hostname:~# cat /etc/apache2/mods-available/ssl.conf
<IfModule mod_ssl.c>
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
# (The mechanism dbm has known memory leaks and should not be used).
#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
# (Disabled by default, the global Mutex directive
consolidates by default
# this)
#Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate. See the
# ciphers(1) man page from the openssl package for list of
all available
# options.
# Enable only secure ciphers:
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# Speed-optimized SSL Cipher configuration:
# If speed is your main concern (on busy HTTPS servers e.g.),
# you might want to force clients to specific, performance
# optimized ciphers. In this case, prepend those ciphers
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
# Caveat: by giving precedence to RC4-SHA and AES128-SHA
# (as in the example below), most connections will no longer
# have perfect forward secrecy - if the server's key is
# compromised, captures of past or future traffic must be
# considered compromised, too.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on
# The protocols to enable.
# Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
# SSL v2 is no longer supported
SSLProtocol all
# Allow insecure renegotiation with clients which do not yet
support the
# secure renegotiation protocol. Default: Off
#SSLInsecureRenegotiation on
# Whether to forbid non-SNI clients to access name based
virtual hosts.
# Default: Off
#SSLStrictSNIVHostCheck On
</IfModule>
# mydomain.com port 443 SSL redirects to SSL www.mydomain.com
<VirtualHost *:443>
ServerName mydomain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateKeyFile /etc/ssl/CA/certs/www.mydomain.com/server.key
SSLCertficicateFile /etc/ssl/CA/certs/www.mydomain.com/server.crt
Redirect / https://www.mydomain.com/
</VirtualHost>
#test for redirect https
#<VirtualHost *:443>
# ServerName www.mydomain.com
# Redirect / https://www.mydomain.com/
#</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
root@hostname:~#
Yusui
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
