httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr James Smith <...@sanger.ac.uk>
Subject Re: [users@httpd] redirect port from 80 to 443
Date Sat, 18 Feb 2017 20:02:27 GMT
As I only run HTTPS - I have the following on port 80 - (this can't be 
done with redirect)

<VirtualHost *:80>

   ...
   ...
   ...

   RewriteEngine on
   RewriteCond   %{REQUEST_URI} !^/.well-known/acme-challenge
   RewriteRule   ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} 
[R=permanent,L,NE]
</VirtualHost>

So I only have one port 80 configuration - even tho' I'm running 
something like 30 sub-domains on one machine and 70 sub-domains on the 
other...

{There is some other stuff associated with this - and I've got HTST 
headers set - and preloaded where I can - so most browsers won't hit the 
port 80 anyway!}


On 18/02/2017 19:00, Daniel wrote:
> Yes please, let's stay away of convoluted and most times innecessary 
> mod_rewrite examples to do simpleton configurations.
>
> If you are in virtualhost 80, you have specified servername correctly 
> and you just want to redirect to ssl, why not a single Redirect statement?
>
> As Yann's refered document says:
> Redirect / https://something.example.com/
>
> Most people here knows this but there are gazillions web pages 
> refering to bad advice, duck and tape solutions and convolued ways of 
> using mod_rewrite for a simple redirection when placed in proper 
> context, we need to finish with that trend, and the best way is to 
> give simple, straight to the point examples "first".
>
> The mod_rewrite example given,lets slice it out:
> > RewriteCond %{HTTP_HOST} =www.example.com <http://www.example.com/>
> > RewriteCond %{SERVER_PORT} =80
> > RewriteRule ^(.*)$https://www.example.com/$1 [R]
>
> This clearly assumes it is a generic recipe in a .htaccess somewhere 
> which can be read from a non-SSL virtualhost or non-SSL virtualhost 
> (just to be ignored).
>
> 1º It checks the host name, but why? if you have defined a VirtualHost 
> with that servername and there are no conflicts the request is already 
> landing there.
> 2º It checks for port 80. But we are redirecting to SSL, so we are 
> already on port 80, why check it?
> 3º Can be replaced with a Redirect as mentioned above.
>
> So instead of giving out recipes for .htaccess thought out for an 
> aging era or shared virtualhosting, lets recommend the ideal 
> virtualhost context recipe first as Yann proposed earlier:
>
> Define the virtualhost with the names you serve.
> <VirtualHost *:80>
> ServerName something.example.com <http://something.example.com>
> Redirect / https://something.example.com/
> </VirtualHost>
>
> There is no guessing here, no unnecessary directives and it's hard to 
> miss or confuse with other directives and the context where it resides 
> is crystal clear.
>
> Later on, when things need to be complicated, then I guess we can use 
> "If" or "mod_rewrite", and recommend it as needed.
>
>
> 2017-02-18 19:38 GMT+01:00 Richard <lists-apache@listmail.innovate.net 
> <mailto:lists-apache@listmail.innovate.net>>:
>
>
>
>     > Date: Saturday, February 18, 2017 11:04:34 -0700
>     > From: James Moe <jimoe@sohnen-moe.com <mailto:jimoe@sohnen-moe.com>>
>     >
>     > On 02/18/2017 05:08 AM, Rodrigo Cunha wrote:
>     >> i want redirect all request from port 80 to 443.
>     >> what is better setting for fix this?
>     >>
>     >   Better than what?
>     >   Fix? Is it broken?
>     >
>     > RewriteCond %{HTTP_HOST} =www.example.com <http://www.example.com>
>     > RewriteCond %{SERVER_PORT} =80
>     > RewriteRule ^(.*)$ https://www.example.com/$1 [R]
>
>     Perhaps, better than using a "rewrite"? See the documentation
>     reference, given in an earlier post:
>
>       <https://httpd.apache.org/docs/2.4/rewrite/avoid.html#redirect
>     <https://httpd.apache.org/docs/2.4/rewrite/avoid.html#redirect>>
>
>     that has this as a specific example of when/why to use a "redirect"
>     rather than a "rewrite".
>
>
>
>     ---------------------------------------------------------------------
>     To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>     <mailto:users-unsubscribe@httpd.apache.org>
>     For additional commands, e-mail: users-help@httpd.apache.org
>     <mailto:users-help@httpd.apache.org>
>
>
>
>
> -- 
> *Daniel Ferradal*
> IT Specialist
>
> email         dferradal at gmail.com <http://gmail.com>
> linkedin es.linkedin.com/in/danielferradal 
> <http://es.linkedin.com/in/danielferradal>




-- 
 The Wellcome Trust Sanger Institute is operated by Genome Research 
 Limited, a charity registered in England with number 1021457 and a 
 company registered in England with number 2742969, whose registered 
 office is 215 Euston Road, London, NW1 2BE. 
Mime
View raw message