3

ubuntu 14.04

Apache/2.4.7

I am posting here conf file for my virtual host and default ssl host. not able to figure what am I doing wrong.

http://<website_url> shows the index of the folder. I want to redirect this to https.

https://<website_url> opens fine.

IMPORTANT: I have not enabled the default SSL site.

 cat default-ssl.conf|grep -v "#"

<IfModule mod_ssl.c>
      <VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCertificateFile  /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    </VirtualHost>
</IfModule>

And here is mywebsite configuration file:

cat www.mywebsite.com.conf|grep -v "#"

<VirtualHost *:443>
    ServerName www.mywebsite.com:443
    ServerAlias www.mywebsite.com
    ServerAdmin abc@mywebsite.com
    DocumentRoot /var/www/www.mywebsite.com/html

    Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
     <IfModule mod_rewrite.c>
      RewriteEngine On
      RewriteCond %{HTTPS} off
      RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    </IfModule>

SSLEngine on   
    SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
        SSLOptions +StdEnvVars
    </Directory>

    BrowserMatch "MSIE [2-6]" \
        nokeepalive ssl-unclean-shutdown \
        downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    ErrorLog ${APACHE_LOG_DIR}/ssl.error.log
    CustomLog ${APACHE_LOG_DIR}/ssl.access.log combined
</VirtualHost>
Thomas Ward
  • 72,494
  • 30
  • 173
  • 237
rajeev
  • 163
  • 1
  • 1
  • 9

2 Answers2

8

If you want that http://www.mywebsite.com/ is always be sent over https you should use redirect because use mod_rewrite isn't the recommended behavior.

According to Redirect Request to SSL Apache wiki page:

When using SSL, you will frequently have at least two virtual hosts: one on port 80 to serve ordinary requests, and one on port 443 to serve SSL. If you wish to redirect users from the non-secure site to the SSL site, you can use an ordinary Redirect directive inside the non-secure VirtualHost

So, try to add this directive in your non-secure VirtualHost:

Redirect permanent / https://www.mywebsite.com/

If you want anyway use rewrite rule, you should add these lines in non-secure VirtualHost:

RewriteEngine On
# This will enable the Rewrite capabilities

RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e.  http://www.mywebsite.com/foo/ to https://www.mywebsite.com/foo/

as described in HTTP to HTTPS Apache wiki page.

Your configuration doen't work, because it is not defined a non-secure VirtualHost (usually on port 80) that handles http requests and redirect them to secure VirtualHost.

Try adding these lines:

<VirtualHost *:80>
   ServerName dev.dom1.com
   Redirect permanent / https://dev.dom1.com/
</VirtualHost>

In this case you don't need a DocumentRoot because this VirtualHost is redirecting everything.

Rewrite rule shown in your configuration file protect secure VirtualHost from being accessed via http protocol, for example http://www.mywebsite.com:443/ will be https://www.mywebsite.com:443/

You should also check that your site linking to the correct page (https) from within your HTML pages.

Lety
  • 5,994
  • 2
  • 28
  • 36
  • This looks promising. i am running 3 different virtual hosts on same box. 2 are on port 80, and one on 443. Their FQDN are different, but they resolve to same IP and their config files are different. So how can i resolve this? – rajeev Nov 16 '14 at 16:46
  • You should add directive in those `VirtualHost` that is the same as 443 `VirtualHost`. I guess non-secure `VirtualHost` with `ServerName www.mywebsite.com` and `DocumentRoot /var/www/www.mywebsite.com/html`. If you need to redirect both, you need to define two 443 VirtualHost. – Lety Nov 16 '14 at 16:57
  • Hello Letizia, 443 VirtualHost does not have a corresponding VirtualHost. Sites are like this: `http://www.dom1.com, https://dev.dom1.com, and http://www.dom2.com`. All hosted on same apache server. I am scratching my head and pulling my hairs at the moment. sorry, I am just not getting this virtual-host thing. – rajeev Nov 17 '14 at 05:24
  • Sorry, maybe I didn't understand what you are doing :(. I thought you wanted to change protocol for a certain VirtualHost. Could you explain what is your goal? – Lety Nov 17 '14 at 11:43
  • goal is to give https access with authentication to developers, but normal www access for rest of the world. and anybody choosing to go to dev.dom1.com should be presented the https site. – rajeev Nov 17 '14 at 21:36
  • Let's see if I understand. There are two `VirtualHost` on port 80, one have `ServerName www.dom1.com` and the other have `ServerName www.dom2.com` with different DocumentRoot content. Normal user access these sites with http a see the content. The third `VirtualHost` is on port 443 and `ServerName` is `dev.dom1.com`, developers access this site with https protocol and see `DocumentRoot` content. Please tell me if this assertion are right and what does not work or you can not achieve. – Lety Nov 17 '14 at 22:22
  • yes totally correct. `site 1: ServerName www.dom1.com ServerAlias www.dom1.com ServerAdmin rpxx@xx.com DocumentRoot /var/www/www.dom1.com/html` ... `site 2: ServerName dev.dom1.com:443 ServerAlias dev.dom1.com ServerAdmin rpxx@xx.com DocumentRoot /var/www/dev.dom1.com/html` ... `site 3: ServerName www.dom2.com ServerAlias www.dom2.com ServerAdmin rpxx@xx.com DocumentRoot /var/www/www.dom2.com/html` ... thx for help @Letizia – rajeev Nov 18 '14 at 16:56
  • You are welcome, but now, I don't see where is the problem and how can I help you :) – Lety Nov 18 '14 at 17:06
  • Maybe you would like that access to `http://dev.dom1.com` are redirected to `https://dev.dom1.com`. Is this what you are trying to do? – Lety Nov 18 '14 at 20:03
  • yes. correct. . – rajeev Nov 19 '14 at 15:09
  • Answer updated. – Lety Nov 19 '14 at 21:20
  • Thank you for sticking to it @Letizia. I created a dummy virtual host with "same name(dev.dom1.com)" with only redirection in it. and that resolved the issue. – rajeev Nov 20 '14 at 01:24
  • Can't believe this doesn't have more votes! – xyz May 20 '15 at 08:20
0

This is an old post, but in Ubuntu 14.04 the original rewrite works, you just have to change it to:

<Directory /var/www/>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Directory>
Paul Bauer
  • 1
  • 1