Hello, Here is the output of "apachectl -S" command:
# apachectl -S # And I changed the config as below: <VirtualHost *:80> RequestHeader unset X-is-ssl RewriteEngine on RewriteRule ^(.*)$ https://www.example.net%{REQUEST_URI} [R=permanent,L,NE] </VirtualHost> ## Send all traffic on port 443 which isn't the primary domain to the primary domain ## This implicitly picks up the IP for the host, the actual hostname OR the unqualified domain name example.com <VirtualHost *:443> RewriteEngine on RewriteRule ^(.*)$ https://www.example.net/%{REQUEST_URI} [R,L,NE] </VirtualHost> <VirtualHost *:443> Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" ServerAdmin root@localhost ServerName www.example.net ServerAlias www.example.net ## Do not use Server Alias here for alternative domains - only use for test/dev sites... DocumentRoot /var/www/wp <Directory "/var/www/wp"> Options Indexes FollowSymLinks AllowOverride all Require all granted </Directory> ErrorLog /var/log/httpd/wordpress_error.log CustomLog /var/log/httpd/wordpress_access.log common RewriteEngine on RewriteCond %{SERVER_NAME} =example.net [OR] RewriteCond %{SERVER_NAME} =www.example.net [OR] RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] Redirect permanent / https://www.example.net TraceEnable off ServerSignature Off </VirtualHost> But, when I restarted Apache service and visit my website then it show me an error about privacy and after it the Apache test page shown. I have a SSL conf file too: <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin root@localhost ServerName example.net ServerAlias www.example.net DocumentRoot /var/www/wp <Directory "/var/www/wp"> Options Indexes FollowSymLinks AllowOverride all Require all granted </Directory> ErrorLog /var/log/httpd/wordpress_error.log CustomLog /var/log/httpd/wordpress_access.log common SSLEngine On Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/example.net/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.net/privkey.pem </VirtualHost> </IfModule> Need it any change too? Thank you. On Monday, October 12, 2020, 11:11:11 PM GMT+3:30, Frank <thu...@apache.org> wrote: Yes, it does: Redirect 301 or RedirectPermanent. Please review the docs before answering. On 12/10/20 02:04 PM, James Smith wrote: > Redirect doesn't allow you to distinguish between 301s and 302s which you can > do with mod_rewrite {very useful feature tbh when it comes to bits like this} > - the user is using WordPress so will almost certainly be using mod_rewrite > to handle the nice URLs.... > > As for the issue without a server name - you don't need one in the 800 unless > you are doing something clever - as for the redirects it doesn't break but > you can put one in - just make sure that it is included first! > -----Original Message----- > From: Frank <thu...@apache.org> > Sent: 12 October 2020 18:10 > To: users@httpd.apache.org > Subject: Re: [users@httpd] Forwarding IP to HTTPS. [EXT] > > James, > > Unless the user has many hosts, I would recommend against using mod_rewrite > here. It isn't needed. And your vhost should include an explicity ServerName > directive. > > On 12/10/20 11:56 AM, James Smith wrote: >> So I would do this for the virtual host sections – assuming you are >> only running ONE externally facing website – there are other things >> you would need to do if you were running multiple ones >> >> ## Send all traffic on port 80 to the primary domain over SSL… >> >> >> <VirtualHost *:80> >> >> RequestHeader unset X-is-ssl >> >> RewriteEngine on >> >> RewriteRule ^(.*)$ >>https://urldefense.proofpoint.com/v2/url?u=https-3A__www.example.com-25-257BREQUEST-5FURI-257D&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=ERvrDk3V3OmOKQ_c29so3_jWrThxEfgCkxLIfX3sIvw&s=cugyNGRH0HsECtkleCMZbzrYIt0BcYfZk-Y6c00UdxE&e= >> >> [R=permanent,L,NE] >> >> </VirtualHost> >> >> >> >> ## Send all traffic on port 443 which isn't the primary domain to the >> primary domain ## This implicitly picks up the IP for the host, the >> actual hostname OR the unqualified domain name example.com >> >> >> >> <VirtualHost *:443> >> >> RewriteEngine on >> >> RewriteRule ^(.*)$ >>https://urldefense.proofpoint.com/v2/url?u=https-3A__www.example.com_-25-257BREQUEST-5FURI-257D&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=ERvrDk3V3OmOKQ_c29so3_jWrThxEfgCkxLIfX3sIvw&s=m4O1DurIDDG4G-kw46brnnEEXNZ9c4pJi52RMgXto3Y&e= >> [R,L,NE] >> >> </VirtualHost> >> >> >> >> <VirtualHost *:443> >> >> Header always set Strict-Transport-Security "max-age=63072000; >> includeSubdomains; preload" >> >> ServerAdmin root@localhost >> >> ServerName >> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.example.com&d= >> DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oD >> X0XM7vQ&m=ERvrDk3V3OmOKQ_c29so3_jWrThxEfgCkxLIfX3sIvw&s=mw3MrVOeeCL66Y >> rcxABO8NMrnnmzLmHQBeAdm0m8VYA&e= >> >> ## Do not use Server Alias here for alternative domains - only use >> for test/dev sites... >> >> DocumentRoot /var/www/wp >> >> <Directory "/var/www/wp"> >> >> Options Indexes FollowSymLinks >> >> AllowOverride all >> >> Require all granted >> >> </Directory> >> >> >> >> ## Put the rest of your wordpress stuff here... >> >> </VirtualHost> >> >> >> >> *From:*Jason Long <hack3r...@yahoo.com.INVALID> >> *Sent:* 12 October 2020 16:39 >> *To:* users@httpd.apache.org >> *Subject:* Re: [users@httpd] Forwarding IP to HTTPS. [EXT] >> >> >> >> Excuse me, >> >> Can you clean my configuration? >> >> >> >> On Monday, October 12, 2020, 07:06:17 PM GMT+3:30, Frank >> <thu...@apache.org <mailto:thu...@apache.org>> wrote: >> >> >> >> >> >> James, >> >> Omitting an explicit ServerName in name-based vhosts is a bad idea as >> well. You can create conflicts or ambiguities. >> >> >> On 12/10/20 11:22 AM, James Smith wrote: >>> This would be my set-up in your case - note as someone said it was too >>> complex I've removed the extra security bits I'd left in by accident... >>> >>> ## Port 80 && 443 default configs... >>> >>> <VirtualHost *:80> >>> RequestHeader unset X-is-ssl >>> RewriteEngine on >>> RewriteRule ^(.*)$ >>>https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com-25&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=ERvrDk3V3OmOKQ_c29so3_jWrThxEfgCkxLIfX3sIvw&s=A8EKvfUUPo1cemy_DRQyzWH7n8UvFx5myg5M7r0b380&e= >>> [mydomain.com%] >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com >> -25&d=DwMFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1 >> ecj4oDX0XM7vQ&m=aSXzAFTQK2MqTd4h8-yDESDKjJwJfq6x0sy97DB2Dlg&s=rP2yXysk >> ai3avho4gNa3ivaQdP6NyvIGOONKga7UWLA&e=>{REQUEST_URI} >> [R=permanent,L,NE] >>> </VirtualHost> >>> >>> <VirtualHost *:443> >>> RewriteEngine on >>> RewriteRule ^(.*)$ >>>https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com_-25&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=ERvrDk3V3OmOKQ_c29so3_jWrThxEfgCkxLIfX3sIvw&s=ueoNZtVbLE1sHVM3T0rcs5Nc_sLHgqvUtNtezSaLZIo&e= >>> [mydomain.com] >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com >> _-25&d=DwMFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge >> 1ecj4oDX0XM7vQ&m=aSXzAFTQK2MqTd4h8-yDESDKjJwJfq6x0sy97DB2Dlg&s=0xY2vrA >> mBv9NS93So6uL5BSAVrWQQPPc8fQe6cF_oHo&e=>{REQUEST_URI} >> [R,L,NE] >>> </VirtualHost> >>> >>> ## Port 443 default - this is our main server...... so your main apache >>> config stuff should be in here with SSL configured correctly.. >>> >>> <VirtualHost *:443> >>> ServerName >>> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.mydomain.com&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=ERvrDk3V3OmOKQ_c29so3_jWrThxEfgCkxLIfX3sIvw&s=Pq870e0oOU5bb6s-jPfEyYU__hJUeQOHvv1AZX--fP0&e= >>> >>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.mydomain.com&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=ERvrDk3V3OmOKQ_c29so3_jWrThxEfgCkxLIfX3sIvw&s=Pq870e0oOU5bb6s-jPfEyYU__hJUeQOHvv1AZX--fP0&e= >>> > ... >>> ... >>> ... >>> ... >>> ... >>> </VirtualHost> >>> >>> If you have more than one domain then you will need to add rules on >>> port 80 to preserve the hostname & also blocks for each additional >>> domain >>> >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org >> <mailto:users-unsubscr...@httpd.apache.org> >> For additional commands, e-mail: users-h...@httpd.apache.org >> <mailto:users-h...@httpd.apache.org> >> >> -- The Wellcome Sanger Institute is operated by Genome Research >> Limited, a charity registered in England with number 1021457 and a >> company registered in England with number 2742969, whose registered >> office is >> 215 Euston Road, London, NW1 2BE. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
