You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by YUSUI T <yu...@gmail.com> on 2015/02/08 04:30:15 UTC
[users@httpd] Redirection via HTTPS
Hello.
I have a question about 301 redirection of https.
My website is accessible with both of non-subdomain http(s)://mydomain.com
and subdomain-www http(s)://www.mydomain.com. Both have the same IP address.
I would like to change https://mydomain.com/ to redirection for
https://www.mydomain.com/.
To change for redirecting all web contents under mydomain.com including
user directory /~user and so on, I tried to add the following to
/etc/apache2/mods-available/ssl.conf or
/etc/apache2/sites-available/default-ssl.conf.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(mydomain\.com)(:443)?
RewriteRule (.*) https://www.mydomain.com$1 [R=301]
</IfModule>
After this, I did do "service apache2 restart" of course.
But it looks like the redirection does not work.
What should I do?
In case of normal http, it works by adding the above to
/etc/apache2/sites-available/000-default.conf and
/etc/apache2/mods-available/userdir.conf.
Environments:
Apache version:2.4.7
OS:Ubuntu 14.04.1 LTS
Kernel:Linux 2.6.32-042stab093.5 #1 SMP
Thank you for your time and assistance.
Yusui Tomikawa
Re: [users@httpd] Redirection via HTTPS
Posted by YUSUI T <yu...@gmail.com>.
2015-02-09 5:15 GMT+09:00 Yann Ylavic <yl...@gmail.com>:
> On Sun, Feb 8, 2015 at 9:03 PM, Yann Ylavic <yl...@gmail.com> wrote:
>> On Sun, Feb 8, 2015 at 7:36 AM, YUSUI T <yu...@gmail.com> wrote:
>>>
>>> root@hostname:~# tail -n 6 /etc/apache2/mods-available/ssl.conf
>>> <VirtualHost *:443>
>>> ServerName www.mydomain.com
>>> Redirect / https://www.mydomain.com/
>>> </VirtualHost>
>>
>> You probably want to redirect to https when the request is plain http, hence :
>> <VirtualHost *:80>
>> above.
>
> Sorry, I completely misread your issue, please ignore this.
Thank you for the reply kindly. You don't need to say sorry.
Yusui
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Redirection via HTTPS
Posted by YUSUI T <yu...@gmail.com>.
2015-02-09 16:31 GMT+09:00 Daniel <df...@gmail.com>:
>
>
> 2015-02-08 21:15 GMT+01:00 Yann Ylavic <yl...@gmail.com>:
>>
>> On Sun, Feb 8, 2015 at 9:03 PM, Yann Ylavic <yl...@gmail.com> wrote:
>> > On Sun, Feb 8, 2015 at 7:36 AM, YUSUI T <yu...@gmail.com>
>> > wrote:
>> >>
>> >> root@hostname:~# tail -n 6 /etc/apache2/mods-available/ssl.conf
>> >> <VirtualHost *:443>
>> >> ServerName www.mydomain.com
>> >> Redirect / https://www.mydomain.com/
>> >> </VirtualHost>
>> >
>> > You probably want to redirect to https when the request is plain http,
>> > hence :
>> > <VirtualHost *:80>
>> > above.
>>
>> Sorry, I completely misread your issue, please ignore this.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
> This is the list of virtualhosts you need. It could be reduced, but for
> educational purposes here is how all virtualhosts should look to represent
> your scenario more or less as I have understood you were asking. As you will
> see there is no need for mod_rewrite at all for this case.
>
> I assumed you want to redirect port 80 to SSL too, if not, ignore the first
> non-ssl virtualhost examples.
>
> ###
> # domain.com port 80 redirects to SSL www.domain.com
> <VirtualHost *:80>
> ServerName domain.com
> DocumentRoot /path/to/docroot
> Redirect / https://www.domain.com/
> </VirtualHost>
>
> ###
> # www.domain.com port 80 redirects to SSL www.domain.com
> <VirtualHost *:80>
> ServerName www.domain.com
> DocumentRoot /path/to/docroot
> Redirect / https://www.domain.com/
> </VirtualHost>
>
> ###
> # domain.com port 443 SSL redirects to SSL www.domain.com
> <VirtualHost *:443>
> ServerName domain.com
> DocumentRoot /path/to/docroot
> SSLEngine on
> SSLCertificateKeyFile /my/path/to/domain.com.key
> SSLCertficicateFile /my/path/do/domain.com.crt
> Redirect / https://www.domain.com/
> </VirtualHost>
>
> ####
> # www.domain.com port 443 SSL
> <VirtualHost *:443>
> ServerName www.domain.com
> DocumentRoot /path/to/docroot
> SSLEngine on
> SSLCertificateKeyFile /my/path/to/www.domain.com.key
> SSLCertificateFile /my/path/do/www.domain.com.crt
>
> ###
> # And your actual configuration from here on
> </VirtualHost>
>
>
> Hope this helps
Thank you all so much for the help.
I finally understand what it means, and it now works as expected
thanks to the helps of everyone!
Here's the configurations I want.
root@hostname:~# cat /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname
and port that
#ServerName www.example.com
ServerName www.mydomain.com
ServerAdmin contact@mydomain.com
DocumentRoot /var/www/html
<Directory "/var/www/html">
AllowOverride All
Options +ExecCGI
Require all granted
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
<VirtualHost *:80>
ServerName mydomain.com
DocumentRoot /var/www/html
Redirect / http://www.mydomain.com/
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
root@hostname:~#
root@hostname:~# cat /etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin contact@mydomain.com
ServerName www.mydomain.com
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug,
info, notice, warn,
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be
created by installing
# SSLCertificateFile directive is needed.
SSLCertificateFile
/etc/ssl/CA/certs/www.mydomain.com/server.crt
SSLCertificateKeyFile
/etc/ssl/CA/certs/www.mydomain.com/server.key
# Server Certificate Chain:
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
#SSLVerifyDepth 10
# SSL Engine Options:
# Translate the client X.509 into a Basic
Authorisation. This means that
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
<VirtualHost _default_:443>
ServerName mydomain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile
/etc/ssl/CA/certs/www.mydomain.com/server.crt
SSLCertificateKeyFile
/etc/ssl/CA/certs/www.mydomain.com/server.key
Redirect / https://www.mydomain.com/
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
root@hostname:~#
Yusui
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Redirection via HTTPS
Posted by YUSUI T <yu...@gmail.com>.
2015-02-10 0:36 GMT+09:00 Jason Cillo <ci...@yahoo.com.invalid>:
> In case this is helpful to someone, a book I bought on .htaccess recommends
> this to require SSL/HTTPS by port:
>
> <IfModule mod_rewrite.c>
> RewriteCond %{SERVER_PORT} ^80$
> RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301, L]
> </IfModule>
>
> ...Jason
Thank you and I am sorry I am late.
I tried with .htaccess at first. But I take another way because it was
disabled on /~user.
Yusui
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Redirection via HTTPS
Posted by Jason Cillo <ci...@yahoo.com.INVALID>.
In case this is helpful to someone, a book I bought on .htaccess recommends this to require SSL/HTTPS by port:
<IfModule mod_rewrite.c> RewriteCond %{SERVER_PORT} ^80$ RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301, L]</IfModule>
...Jason
From: YUSUI T <yu...@gmail.com>
To: users@httpd.apache.org
Sent: Monday, February 9, 2015 9:53 AM
Subject: Re: [users@httpd] Redirection via HTTPS
2015-02-09 16:31 GMT+09:00 Daniel <df...@gmail.com>:
>
>
> 2015-02-08 21:15 GMT+01:00 Yann Ylavic <yl...@gmail.com>:
>>
>> On Sun, Feb 8, 2015 at 9:03 PM, Yann Ylavic <yl...@gmail.com> wrote:
>> > On Sun, Feb 8, 2015 at 7:36 AM, YUSUI T <yu...@gmail.com>
>> > wrote:
>> >>
>> >> root@hostname:~# tail -n 6 /etc/apache2/mods-available/ssl.conf
>> >> <VirtualHost *:443>
>> >> ServerName www.mydomain.com
>> >> Redirect / https://www.mydomain.com/
>> >> </VirtualHost>
>> >
>> > You probably want to redirect to https when the request is plain http,
>> > hence :
>> > <VirtualHost *:80>
>> > above.
>>
>> Sorry, I completely misread your issue, please ignore this.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
> This is the list of virtualhosts you need. It could be reduced, but for
> educational purposes here is how all virtualhosts should look to represent
> your scenario more or less as I have understood you were asking. As you will
> see there is no need for mod_rewrite at all for this case.
>
> I assumed you want to redirect port 80 to SSL too, if not, ignore the first
> non-ssl virtualhost examples.
>
> ###
> # domain.com port 80 redirects to SSL www.domain.com
> <VirtualHost *:80>
> ServerName domain.com
> DocumentRoot /path/to/docroot
> Redirect / https://www.domain.com/
> </VirtualHost>
>
> ###
> # www.domain.com port 80 redirects to SSL www.domain.com
> <VirtualHost *:80>
> ServerName www.domain.com
> DocumentRoot /path/to/docroot
> Redirect / https://www.domain.com/
> </VirtualHost>
>
> ###
> # domain.com port 443 SSL redirects to SSL www.domain.com
> <VirtualHost *:443>
> ServerName domain.com
> DocumentRoot /path/to/docroot
> SSLEngine on
> SSLCertificateKeyFile /my/path/to/domain.com.key
> SSLCertficicateFile /my/path/do/domain.com.crt
> Redirect / https://www.domain.com/
> </VirtualHost>
>
> ####
> # www.domain.com port 443 SSL
> <VirtualHost *:443>
> ServerName www.domain.com
> DocumentRoot /path/to/docroot
> SSLEngine on
> SSLCertificateKeyFile /my/path/to/www.domain.com.key
> SSLCertificateFile /my/path/do/www.domain.com.crt
>
> ###
> # And your actual configuration from here on
> </VirtualHost>
>
>
> Hope this helps
Thank you for great list of virtualhosts.
What I want to do are 2 things;
1st: redirect from http://mydomain.com(:80) to http://www.mydomain.com(:80)
2nd: redirect from https://mydomain.com(:443) to https://www.mydomain.com(:443)
Your list is great help for me.
I exchanged redirect for rewrite on
/etc/apache2/sites-available/000-default.conf.
But my Google Chrome said an error "ERR_TOO_MANY_REDIRECTS".
Additionally it shows another error when I added # mydomain.com port
443 SSL redirects to SSL www.mydomain.com to
/etc/apache2/mods-available/ssl.conf and restarted apache.
root@hostname:~# service apache2 restart
* Restarting web server apache2 [fail]
* The apache2 configtest failed.
Output of config test was:
AH00526: Syntax error on line 95 of /etc/apache2/mods-enabled/ssl.conf:
Invalid command 'SSLCertficicateFile', perhaps misspelled or defined
by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
root@hostname:~#
My configurations already have some <VirtualHost>. And I am not sure
where I should add that list...
The followings are my /etc/apache2/sites-available/000-default.conf
and /etc/apache2/mods-available/ssl.conf.
root@hostname:~# cat /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname
and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin contact@mydomain.com
DocumentRoot /var/www/html
# mydomain.com port 80 redirects to www.mydomain.com port 80
Redirect / http://www.mydomain.com/
<Directory "/var/www/html">
AllowOverride All
Options +ExecCGI
Require all granted
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
root@hostname:~#
------------------------------------------------------
root@hostname:~# cat /etc/apache2/mods-available/ssl.conf
<IfModule mod_ssl.c>
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
# (The mechanism dbm has known memory leaks and should not be used).
#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
# (Disabled by default, the global Mutex directive
consolidates by default
# this)
#Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate. See the
# ciphers(1) man page from the openssl package for list of
all available
# options.
# Enable only secure ciphers:
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# Speed-optimized SSL Cipher configuration:
# If speed is your main concern (on busy HTTPS servers e.g.),
# you might want to force clients to specific, performance
# optimized ciphers. In this case, prepend those ciphers
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
# Caveat: by giving precedence to RC4-SHA and AES128-SHA
# (as in the example below), most connections will no longer
# have perfect forward secrecy - if the server's key is
# compromised, captures of past or future traffic must be
# considered compromised, too.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on
# The protocols to enable.
# Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
# SSL v2 is no longer supported
SSLProtocol all
# Allow insecure renegotiation with clients which do not yet
support the
# secure renegotiation protocol. Default: Off
#SSLInsecureRenegotiation on
# Whether to forbid non-SNI clients to access name based
virtual hosts.
# Default: Off
#SSLStrictSNIVHostCheck On
</IfModule>
# mydomain.com port 443 SSL redirects to SSL www.mydomain.com
<VirtualHost *:443>
ServerName mydomain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateKeyFile /etc/ssl/CA/certs/www.mydomain.com/server.key
SSLCertficicateFile /etc/ssl/CA/certs/www.mydomain.com/server.crt
Redirect / https://www.mydomain.com/
</VirtualHost>
#test for redirect https
#<VirtualHost *:443>
# ServerName www.mydomain.com
# Redirect / https://www.mydomain.com/
#</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
root@hostname:~#
Yusui
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Redirection via HTTPS
Posted by YUSUI T <yu...@gmail.com>.
2015-02-09 16:31 GMT+09:00 Daniel <df...@gmail.com>:
>
>
> 2015-02-08 21:15 GMT+01:00 Yann Ylavic <yl...@gmail.com>:
>>
>> On Sun, Feb 8, 2015 at 9:03 PM, Yann Ylavic <yl...@gmail.com> wrote:
>> > On Sun, Feb 8, 2015 at 7:36 AM, YUSUI T <yu...@gmail.com>
>> > wrote:
>> >>
>> >> root@hostname:~# tail -n 6 /etc/apache2/mods-available/ssl.conf
>> >> <VirtualHost *:443>
>> >> ServerName www.mydomain.com
>> >> Redirect / https://www.mydomain.com/
>> >> </VirtualHost>
>> >
>> > You probably want to redirect to https when the request is plain http,
>> > hence :
>> > <VirtualHost *:80>
>> > above.
>>
>> Sorry, I completely misread your issue, please ignore this.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
> This is the list of virtualhosts you need. It could be reduced, but for
> educational purposes here is how all virtualhosts should look to represent
> your scenario more or less as I have understood you were asking. As you will
> see there is no need for mod_rewrite at all for this case.
>
> I assumed you want to redirect port 80 to SSL too, if not, ignore the first
> non-ssl virtualhost examples.
>
> ###
> # domain.com port 80 redirects to SSL www.domain.com
> <VirtualHost *:80>
> ServerName domain.com
> DocumentRoot /path/to/docroot
> Redirect / https://www.domain.com/
> </VirtualHost>
>
> ###
> # www.domain.com port 80 redirects to SSL www.domain.com
> <VirtualHost *:80>
> ServerName www.domain.com
> DocumentRoot /path/to/docroot
> Redirect / https://www.domain.com/
> </VirtualHost>
>
> ###
> # domain.com port 443 SSL redirects to SSL www.domain.com
> <VirtualHost *:443>
> ServerName domain.com
> DocumentRoot /path/to/docroot
> SSLEngine on
> SSLCertificateKeyFile /my/path/to/domain.com.key
> SSLCertficicateFile /my/path/do/domain.com.crt
> Redirect / https://www.domain.com/
> </VirtualHost>
>
> ####
> # www.domain.com port 443 SSL
> <VirtualHost *:443>
> ServerName www.domain.com
> DocumentRoot /path/to/docroot
> SSLEngine on
> SSLCertificateKeyFile /my/path/to/www.domain.com.key
> SSLCertificateFile /my/path/do/www.domain.com.crt
>
> ###
> # And your actual configuration from here on
> </VirtualHost>
>
>
> Hope this helps
Thank you for great list of virtualhosts.
What I want to do are 2 things;
1st: redirect from http://mydomain.com(:80) to http://www.mydomain.com(:80)
2nd: redirect from https://mydomain.com(:443) to https://www.mydomain.com(:443)
Your list is great help for me.
I exchanged redirect for rewrite on
/etc/apache2/sites-available/000-default.conf.
But my Google Chrome said an error "ERR_TOO_MANY_REDIRECTS".
Additionally it shows another error when I added # mydomain.com port
443 SSL redirects to SSL www.mydomain.com to
/etc/apache2/mods-available/ssl.conf and restarted apache.
root@hostname:~# service apache2 restart
* Restarting web server apache2 [fail]
* The apache2 configtest failed.
Output of config test was:
AH00526: Syntax error on line 95 of /etc/apache2/mods-enabled/ssl.conf:
Invalid command 'SSLCertficicateFile', perhaps misspelled or defined
by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
root@hostname:~#
My configurations already have some <VirtualHost>. And I am not sure
where I should add that list...
The followings are my /etc/apache2/sites-available/000-default.conf
and /etc/apache2/mods-available/ssl.conf.
root@hostname:~# cat /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname
and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin contact@mydomain.com
DocumentRoot /var/www/html
# mydomain.com port 80 redirects to www.mydomain.com port 80
Redirect / http://www.mydomain.com/
<Directory "/var/www/html">
AllowOverride All
Options +ExecCGI
Require all granted
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
root@hostname:~#
------------------------------------------------------
root@hostname:~# cat /etc/apache2/mods-available/ssl.conf
<IfModule mod_ssl.c>
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
##
## SSL Global Context
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase
# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
# (The mechanism dbm has known memory leaks and should not be used).
#SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache
SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
SSLSessionCacheTimeout 300
# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
# (Disabled by default, the global Mutex directive
consolidates by default
# this)
#Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate. See the
# ciphers(1) man page from the openssl package for list of
all available
# options.
# Enable only secure ciphers:
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
# Speed-optimized SSL Cipher configuration:
# If speed is your main concern (on busy HTTPS servers e.g.),
# you might want to force clients to specific, performance
# optimized ciphers. In this case, prepend those ciphers
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
# Caveat: by giving precedence to RC4-SHA and AES128-SHA
# (as in the example below), most connections will no longer
# have perfect forward secrecy - if the server's key is
# compromised, captures of past or future traffic must be
# considered compromised, too.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on
# The protocols to enable.
# Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
# SSL v2 is no longer supported
SSLProtocol all
# Allow insecure renegotiation with clients which do not yet
support the
# secure renegotiation protocol. Default: Off
#SSLInsecureRenegotiation on
# Whether to forbid non-SNI clients to access name based
virtual hosts.
# Default: Off
#SSLStrictSNIVHostCheck On
</IfModule>
# mydomain.com port 443 SSL redirects to SSL www.mydomain.com
<VirtualHost *:443>
ServerName mydomain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateKeyFile /etc/ssl/CA/certs/www.mydomain.com/server.key
SSLCertficicateFile /etc/ssl/CA/certs/www.mydomain.com/server.crt
Redirect / https://www.mydomain.com/
</VirtualHost>
#test for redirect https
#<VirtualHost *:443>
# ServerName www.mydomain.com
# Redirect / https://www.mydomain.com/
#</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
root@hostname:~#
Yusui
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Redirection via HTTPS
Posted by Daniel <df...@gmail.com>.
2015-02-08 21:15 GMT+01:00 Yann Ylavic <yl...@gmail.com>:
> On Sun, Feb 8, 2015 at 9:03 PM, Yann Ylavic <yl...@gmail.com> wrote:
> > On Sun, Feb 8, 2015 at 7:36 AM, YUSUI T <yu...@gmail.com>
> wrote:
> >>
> >> root@hostname:~# tail -n 6 /etc/apache2/mods-available/ssl.conf
> >> <VirtualHost *:443>
> >> ServerName www.mydomain.com
> >> Redirect / https://www.mydomain.com/
> >> </VirtualHost>
> >
> > You probably want to redirect to https when the request is plain http,
> hence :
> > <VirtualHost *:80>
> > above.
>
> Sorry, I completely misread your issue, please ignore this.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
This is the list of virtualhosts you need. It could be reduced, but for
educational purposes here is how all virtualhosts should look to represent
your scenario more or less as I have understood you were asking. As you
will see there is no need for mod_rewrite at all for this case.
I assumed you want to redirect port 80 to SSL too, if not, ignore the first
non-ssl virtualhost examples.
###
# domain.com port 80 redirects to SSL www.domain.com
<VirtualHost *:80>
ServerName domain.com
DocumentRoot /path/to/docroot
Redirect / https://www.domain.com/
</VirtualHost>
###
# www.domain.com port 80 redirects to SSL www.domain.com
<VirtualHost *:80>
ServerName www.domain.com
DocumentRoot /path/to/docroot
Redirect / https://www.domain.com/
</VirtualHost>
###
# domain.com port 443 SSL redirects to SSL www.domain.com
<VirtualHost *:443>
ServerName domain.com
DocumentRoot /path/to/docroot
SSLEngine on
SSLCertificateKeyFile /my/path/to/domain.com.key
SSLCertficicateFile /my/path/do/domain.com.crt
Redirect / https://www.domain.com/
</VirtualHost>
####
# www.domain.com port 443 SSL
<VirtualHost *:443>
ServerName www.domain.com
DocumentRoot /path/to/docroot
SSLEngine on
SSLCertificateKeyFile /my/path/to/www.domain.com.key
SSLCertificateFile /my/path/do/www.domain.com.crt
###
# And your actual configuration from here on
</VirtualHost>
Hope this helps
--
*Daniel Ferradal*
IT Specialist
email dferradal@gmail.com
linkedin es.linkedin.com/in/danielferradal
Re: [users@httpd] Redirection via HTTPS
Posted by Yann Ylavic <yl...@gmail.com>.
On Sun, Feb 8, 2015 at 9:03 PM, Yann Ylavic <yl...@gmail.com> wrote:
> On Sun, Feb 8, 2015 at 7:36 AM, YUSUI T <yu...@gmail.com> wrote:
>>
>> root@hostname:~# tail -n 6 /etc/apache2/mods-available/ssl.conf
>> <VirtualHost *:443>
>> ServerName www.mydomain.com
>> Redirect / https://www.mydomain.com/
>> </VirtualHost>
>
> You probably want to redirect to https when the request is plain http, hence :
> <VirtualHost *:80>
> above.
Sorry, I completely misread your issue, please ignore this.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Redirection via HTTPS
Posted by Yann Ylavic <yl...@gmail.com>.
On Sun, Feb 8, 2015 at 7:36 AM, YUSUI T <yu...@gmail.com> wrote:
>
> root@hostname:~# tail -n 6 /etc/apache2/mods-available/ssl.conf
> <VirtualHost *:443>
> ServerName www.mydomain.com
> Redirect / https://www.mydomain.com/
> </VirtualHost>
You probably want to redirect to https when the request is plain http, hence :
<VirtualHost *:80>
above.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Redirection via HTTPS
Posted by YUSUI T <yu...@gmail.com>.
2015-02-09 4:43 GMT+09:00 Chris Arnold <ca...@electrichendrix.com>:
>
>> Server should be SSL-aware but has no certificate configured [Hint:
>> SSLCertificateFile] ((null):0)
>> [Sun Feb 08 13:31:27.595849 2015] [ssl:emerg] [pid 7124] AH02312:
>> Fatal error initialising mod_ssl, exiting.
>
> Are you sure you have a cert configured? Double check ssl config
Yes, I think I have configured a certificate with SSLCertificateFile
and SSLCertificateKeyFile on
/etc/apache2/sites-available/default-ssl.conf. The certificate is
self-certification by OpenSSL. Do my configurations have something
wrong or lacking?
root@hostname:~# cat /etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin contact@mydomain.com
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug,
info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host.
For example the
# following line enables the CGI configuration for
this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be
created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2/README.Debian.gz for more info.
# If both key and certificate are stored in the same
file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile
/etc/ssl/CA/certs/www.mydomain.com/server.crt
SSLCertificateKeyFile
/etc/ssl/CA/certs/www.mydomain.com/server.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files.
Use the provided
# Makefile to update the hash symlinks
after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files.
Use the provided
# Makefile to update the hash symlinks
after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic
Authorisation. This means that
# the standard Auth/DBMAuth methods can be used
for access control. The
# user name is the `one line' version of the
client's X.509 certificate.
# Note that no password is obtained from the
user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment
variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the
PEM-encoded certificates of the
# server (always existing) and the client (only
existing when client
# authentication is used). This can be used to
import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related
`SSL_*' environment variables.
# Per default this exportation is switched off
for performance reasons,
# because the extraction step is an expensive
operation and is usually
# useless for serving static content. So one
usually enables the
# exportation for CGI and SSI requests only.
# o OptRenegotiate:
# This enables optimized SSL connection
renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard
compliant shutdown
# approach is that mod_ssl sends the close notify
alert but doesn't wait for
# the close notify alert from client. When you need
a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the
connection is closed, i.e. no
# SSL close notify alert is send or allowed to
received. This violates
# the SSL/TLS standard but is needed for some
brain-dead browsers. Use
# this when you receive I/O errors because of
the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the
connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl
waits for the close notify
# alert of the client. This is 100% SSL/TLS
standard compliant, but in
# practice often causes hanging connections
with brain-dead browsers. Use
# this only for browsers where you know that
their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also
related to the HTTP
# keep-alive facility, so you usually additionally
want to disable
# keep-alive for those clients, too. Use variable
"nokeepalive" for this.
# Similarly, one has to force some clients to use
HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use
variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
root@hostname:~# ls -l /etc/ssl/CA/certs/www.mydomain.com/
total 28
-rw-r--r-- 1 root root 4630 Jan 1 08:40 newcert.pem
-rw-r----- 1 root root 1679 Jan 1 08:41 newkey_nopass.pem
-rw-r----- 1 root root 1834 Jan 1 08:40 newkey.pem
-rw-r--r-- 1 root root 1054 Jan 1 08:40 newreq.pem
-rw-r--r-- 1 root root 1428 Jan 1 08:41 server.crt
-rw-r--r-- 1 root root 1679 Jan 1 08:41 server.key
root@hostname:~#
Yusui
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Redirection via HTTPS
Posted by Chris Arnold <ca...@electrichendrix.com>.
> Server should be SSL-aware but has no certificate configured [Hint:
> SSLCertificateFile] ((null):0)
> [Sun Feb 08 13:31:27.595849 2015] [ssl:emerg] [pid 7124] AH02312:
> Fatal error initialising mod_ssl, exiting.
Are you sure you have a cert configured? Double check ssl config
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Redirection via HTTPS
Posted by YUSUI T <yu...@gmail.com>.
2015-02-08 20:30 GMT+09:00 Chris Arnold <ca...@electrichendrix.com>:
> You probably could have left that entry in and just added the Redirect statement (not sure what flavor of OS you are using).
OS I am using is Ubuntu 14.04.1 LTS (GNU/Linux 2.6.32-042stab093.5 x86_64).
> root@hostname:~# tail -n 6 /etc/apache2/mods-available/ssl.conf
> <VirtualHost *:443>
> ServerName www.mydomain.com
> Redirect / https://www.mydomain.com/
> </VirtualHost>
>
> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
> root@hostname:~# service apache2 restart
> * Restarting web server apache2 Action 'start' failed.
> The Apache error log may have more information.
> [fail]
> * The apache2 instance did not start within 20 seconds. Please read the log files to discover problems
> root@hostname:~# tail -n 5 /var/log/apache2/error.log
> [Sun Feb 08 06:12:22.767055 2015] [mpm_prefork:notice] [pid 5874] AH00169: caught SIGTERM, shutting down
> [Sun Feb 08 06:12:23.818133 2015] [ssl:emerg] [pid 5950] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
> [Sun Feb 08 06:12:23.818204 2015] [ssl:emerg] [pid 5950] AH02312: Fatal error initialising mod_ssl, exiting.
> [Sun Feb 08 06:14:23.209329 2015] [ssl:emerg] [pid 6028] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
> [Sun Feb 08 06:14:23.209419 2015] [ssl:emerg] [pid 6028] AH02312: Fatal error initialising mod_ssl, exiting.
>
>
> Add Debug to your loglevel and try to restart. That should give a little more info.
I exchanged "LogLevel warn" for "LogLevel debug" in /etc/apache2/apache2.conf.
And I restarted apache.
root@hostname:~# service apache2 restart
* Restarting web server apache2
Action 'start' failed.
The Apache error log may have more information.
[fail]
* The apache2 instance did not start within 20 seconds. Please read
the log files to discover problems
root@hostname:~# tail -n 3 /var/log/apache2/error.log
[Sun Feb 08 13:31:27.595792 2015] [ssl:info] [pid 7124] AH02200:
Loading certificate & private key of SSL-aware server
'www.mydomain.com:443'
[Sun Feb 08 13:31:27.595843 2015] [ssl:emerg] [pid 7124] AH02240:
Server should be SSL-aware but has no certificate configured [Hint:
SSLCertificateFile] ((null):0)
[Sun Feb 08 13:31:27.595849 2015] [ssl:emerg] [pid 7124] AH02312:
Fatal error initialising mod_ssl, exiting.
root@hostname:~#
It looks like I could get only line of [ssl:info] in addition to previous log.
Yusui
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Redirection via HTTPS
Posted by Chris Arnold <ca...@electrichendrix.com>.
On Feb 8, 2015, at 1:38 AM, YUSUI T <yu...@gmail.com>> wrote:
The error.log says nothing.
Next, I exchanged <IfModule mod_rewrite.c> for the "Redirect". But it shows the following errors.
You probably could have left that entry in and just added the Redirect statement (not sure what flavor of OS you are using).
root@hostname:~# tail -n 6 /etc/apache2/mods-available/ssl.conf
<VirtualHost *:443>
ServerName www.mydomain.com<http://www.mydomain.com>
Redirect / https://www.mydomain.com/
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
root@hostname:~# service apache2 restart
* Restarting web server apache2 Action 'start' failed.
The Apache error log may have more information.
[fail]
* The apache2 instance did not start within 20 seconds. Please read the log files to discover problems
root@hostname:~# tail -n 5 /var/log/apache2/error.log
[Sun Feb 08 06:12:22.767055 2015] [mpm_prefork:notice] [pid 5874] AH00169: caught SIGTERM, shutting down
[Sun Feb 08 06:12:23.818133 2015] [ssl:emerg] [pid 5950] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
[Sun Feb 08 06:12:23.818204 2015] [ssl:emerg] [pid 5950] AH02312: Fatal error initialising mod_ssl, exiting.
[Sun Feb 08 06:14:23.209329 2015] [ssl:emerg] [pid 6028] AH02240: Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)
[Sun Feb 08 06:14:23.209419 2015] [ssl:emerg] [pid 6028] AH02312: Fatal error initialising mod_ssl, exiting.
Add Debug to your loglevel and try to restart. That should give a little more info.
Re: [users@httpd] Redirection via HTTPS
Posted by YUSUI T <yu...@gmail.com>.
2015-02-08 12:42 GMT+09:00 Chris Arnold <ca...@electrichendrix.com>:
> >Hello.
> I> have a question about 301 redirection of https.
>
> >My website is accessible with both of >non-subdomain http(s)://
> mydomain.com and >subdomain-www http(s)://www.mydomain.com. >Both have
> the same IP address.
> I> would like to change https://mydomain.com/ to >redirection for
> https://www.mydomain.com/.
> >To change for redirecting all web contents under >mydomain.com
> <http://mydomain.com/> including user directory /~user and >so on, I
> tried to add the following to /etc/apache2/mods-available/ssl.conf or
> /etc/apache2/sites-available/default-ssl.conf.
>
> ><IfModule mod_rewrite.c>
> > RewriteEngine On
> > RewriteCond %{HTTP_HOST} >^(mydomain\.com)(:443)?
> > RewriteRule (.*) https://www.mydomain.com$1 >[R=301]
> ></IfModule>
>
> What does your log say? I am trying to much the same but with a redirect
> instead of a rewrite and found this helpful:
>
> http://httpd.apache.org/docs/2.4/rewrite/avoid.html
>
Thank you for the reply.
My log access.log says only this:
XXX.XXX.XXX.XX - - [08/Feb/2015:03:58:03 +0000] "HEAD / HTTP/1.1" 200 2142
"-" "Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0
(Chrome)"
XXX.XXX.XXX.XX - - [08/Feb/2015:03:58:04 +0000] "GET / HTTP/1.1" 200 4104
"-" "Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0
(Chrome)"
The error.log says nothing.
Next, I exchanged <IfModule mod_rewrite.c> for the "Redirect". But it shows
the following errors.
root@hostname:~# tail -n 6 /etc/apache2/mods-available/ssl.conf
<VirtualHost *:443>
ServerName www.mydomain.com
Redirect / https://www.mydomain.com/
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
root@hostname:~# service apache2 restart
* Restarting web server apache2
Action 'start' failed.
The Apache error log may have more information.
[fail]
* The apache2 instance did not start within 20 seconds. Please read the
log files to discover problems
root@hostname:~# tail -n 5 /var/log/apache2/error.log
[Sun Feb 08 06:12:22.767055 2015] [mpm_prefork:notice] [pid 5874] AH00169:
caught SIGTERM, shutting down
[Sun Feb 08 06:12:23.818133 2015] [ssl:emerg] [pid 5950] AH02240: Server
should be SSL-aware but has no certificate configured [Hint:
SSLCertificateFile] ((null):0)
[Sun Feb 08 06:12:23.818204 2015] [ssl:emerg] [pid 5950] AH02312: Fatal
error initialising mod_ssl, exiting.
[Sun Feb 08 06:14:23.209329 2015] [ssl:emerg] [pid 6028] AH02240: Server
should be SSL-aware but has no certificate configured [Hint:
SSLCertificateFile] ((null):0)
[Sun Feb 08 06:14:23.209419 2015] [ssl:emerg] [pid 6028] AH02312: Fatal
error initialising mod_ssl, exiting.
I think I already installed SSL certificate...
Yusui
RE: [users@httpd] Redirection via HTTPS
Posted by Chris Arnold <ca...@electrichendrix.com>.
>Hello.
I> have a question about 301 redirection of https.
>My website is accessible with both of >non-subdomain http(s)://mydomain.com<http://mydomain.com/> and >subdomain-www http(s)://www.mydomain.com<http://www.mydomain.com/>. >Both have the same IP address.
I> would like to change https://mydomain.com/ to >redirection for https://www.mydomain.com/.
>To change for redirecting all web contents under >mydomain.com<http://mydomain.com/> including user directory /~user and >so on, I tried to add the following to /etc/apache2/mods-available/ssl.conf or /etc/apache2/sites-available/default-ssl.conf.
><IfModule mod_rewrite.c>
> RewriteEngine On
> RewriteCond %{HTTP_HOST} >^(mydomain\.com)(:443)?
> RewriteRule (.*) https://www.mydomain.com<https://www.mydomain.com/>$1 >[R=301]
></IfModule>
What does your log say? I am trying to much the same but with a redirect instead of a rewrite and found this helpful:
http://httpd.apache.org/docs/2.4/rewrite/avoid.html