httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From YUSUI T <yusui.tomik...@gmail.com>
Subject Re: [users@httpd] Redirection via HTTPS
Date Wed, 11 Feb 2015 08:13:18 GMT
2015-02-09 16:31 GMT+09:00 Daniel <dferradal@gmail.com>:
>
>
> 2015-02-08 21:15 GMT+01:00 Yann Ylavic <ylavic.dev@gmail.com>:
>>
>> On Sun, Feb 8, 2015 at 9:03 PM, Yann Ylavic <ylavic.dev@gmail.com> wrote:
>> > On Sun, Feb 8, 2015 at 7:36 AM, YUSUI T <yusui.tomikawa@gmail.com>
>> > wrote:
>> >>
>> >> root@hostname:~# tail -n 6 /etc/apache2/mods-available/ssl.conf
>> >> <VirtualHost *:443>
>> >>         ServerName www.mydomain.com
>> >>         Redirect / https://www.mydomain.com/
>> >> </VirtualHost>
>> >
>> > You probably want to redirect to https when the request is plain http,
>> > hence :
>> >   <VirtualHost *:80>
>> > above.
>>
>> Sorry, I completely misread your issue, please ignore this.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
> This is the list of virtualhosts you need. It could be reduced, but for
> educational purposes here is how all virtualhosts should look to represent
> your scenario more or less as I have understood you were asking. As you will
> see there is no need for mod_rewrite at all for this case.
>
> I assumed you want to redirect port 80 to SSL too, if not, ignore the first
> non-ssl virtualhost examples.
>
> ###
> # domain.com port 80 redirects to SSL www.domain.com
> <VirtualHost *:80>
> ServerName domain.com
> DocumentRoot /path/to/docroot
> Redirect / https://www.domain.com/
> </VirtualHost>
>
> ###
> # www.domain.com port 80 redirects to SSL www.domain.com
> <VirtualHost *:80>
> ServerName www.domain.com
> DocumentRoot /path/to/docroot
> Redirect / https://www.domain.com/
> </VirtualHost>
>
> ###
> # domain.com port 443 SSL redirects to SSL www.domain.com
> <VirtualHost *:443>
> ServerName domain.com
> DocumentRoot /path/to/docroot
> SSLEngine on
> SSLCertificateKeyFile /my/path/to/domain.com.key
> SSLCertficicateFile /my/path/do/domain.com.crt
> Redirect / https://www.domain.com/
> </VirtualHost>
>
> ####
> # www.domain.com port 443 SSL
> <VirtualHost *:443>
> ServerName www.domain.com
> DocumentRoot /path/to/docroot
> SSLEngine on
> SSLCertificateKeyFile /my/path/to/www.domain.com.key
> SSLCertificateFile /my/path/do/www.domain.com.crt
>
> ###
> # And your actual configuration from here on
> </VirtualHost>
>
>
> Hope this helps

Thank you all so much for the help.
I finally understand what it means, and it now works as expected
thanks to the helps of everyone!
Here's the configurations I want.

root@hostname:~# cat /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname
and port that
        #ServerName www.example.com

        ServerName www.mydomain.com
        ServerAdmin contact@mydomain.com
        DocumentRoot /var/www/html

        <Directory "/var/www/html">
            AllowOverride All
            Options +ExecCGI
            Require all granted
        </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>
<VirtualHost *:80>
        ServerName mydomain.com
        DocumentRoot /var/www/html
        Redirect / http://www.mydomain.com/
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
root@hostname:~#

root@hostname:~# cat /etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin contact@mydomain.com
                ServerName www.mydomain.com

                DocumentRoot /var/www/html

                # Available loglevels: trace8, ..., trace1, debug,
info, notice, warn,
                #LogLevel info ssl:warn

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                # For most configuration files from conf-available/, which are
                #Include conf-available/serve-cgi-bin.conf

                #   SSL Engine Switch:
                #   Enable/Disable SSL for this virtual host.
                SSLEngine on

                #   A self-signed (snakeoil) certificate can be
created by installing
                #   SSLCertificateFile directive is needed.
                SSLCertificateFile
/etc/ssl/CA/certs/www.mydomain.com/server.crt
                SSLCertificateKeyFile
/etc/ssl/CA/certs/www.mydomain.com/server.key

                #   Server Certificate Chain:
                #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

                #   Certificate Authority (CA):
                #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt

                #   Certificate Revocation Lists (CRL):
                #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl

                #   Client Authentication (Type):
                #SSLVerifyDepth  10

                #   SSL Engine Options:
                #        Translate the client X.509 into a Basic
Authorisation.  This means that
                #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                #   SSL Protocol Adjustments:
                #   "force-response-1.0" for this.
                BrowserMatch "MSIE [2-6]" \
                                nokeepalive ssl-unclean-shutdown \
                                downgrade-1.0 force-response-1.0
                # MSIE 7 and newer should be able to use keepalive
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

        </VirtualHost>
        <VirtualHost _default_:443>
                ServerName mydomain.com
                DocumentRoot /var/www/html
                SSLEngine on
                SSLCertificateFile
/etc/ssl/CA/certs/www.mydomain.com/server.crt
                SSLCertificateKeyFile
/etc/ssl/CA/certs/www.mydomain.com/server.key
                Redirect / https://www.mydomain.com/
        </VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
root@hostname:~#

Yusui

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message