On 04/01/2016 09:00 PM, Brandon L. Wisenburg wrote: > Hi Everyone! > I have converted my website to SSL, and I go the virtual host setup > and SSL working in Apache. When someone uses http://domain.com they > get a connection refused, because of course the server isn't listening > on 80, as i have it setup for SSL (443) > > How would I make apache listen on http(80), but re-direct anyone that > hits http to https. > > Is it possible to have apache listen on both 80 and 443? Yes, absolutely. I do this routinely for all my sites. I have a highly compartmentalized configuration but hopefully you'll get the gist of it. This is what I use at the top level for parts-unknown.org:
Listen 50.250.218.163:80
Listen 50.250.218.163:443
<VirtualHost 50.250.218.163:80>
Include sites-available/parts-unknown.org-common
Include sites-available/force-ssl-common
Include sites-available/parts-unknown.org-log-common
</VirtualHost>
<VirtualHost 50.250.218.163:443>
Include sites-available/parts-unknown.org-common
Include sites-available/ssl-common
Include sites-available/parts-unknown.org-log-common
</VirtualHost>
As you can see, I have multiple Listen declarations and multiple virtual
hosts. But the real magic (which probably isn't so magical if you
actually understand this stuff) is in force-ssl-common:
<IfModule mod_rewrite.c>
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</IfModule>
I don't use SNI basically because I started hosting these sites before
SNI was widely available and even when it started becoming widely
available it seemed broken (I gather this is no longer the case). I
don't know how or if that would change this configuration.
--
David Benfell, Ph.D.
benf...@parts-unknown.org
signature.asc
Description: OpenPGP digital signature
