We have a client server hosting our web application using Apache 2.2 & Tomcat 6 in RHEL. I have setup apache re-write rule for http to https redirection and it works fine. We have two DNS names that are used to access the same application. Test1.com and Test2.com. I want all the users trying to access http:// test1.com or https:// test1.com to https:// test2.com. As mentioned, http:// test1.com to https:// test2.com redirection is working fine. I am not able to implement https://test1.com to https://test2.com.
I have tried Virtual Hosts, ServerAlias, NameVirtualHost, but nothing works. Any suggestions if we can handles this via re-write would help. Any other pointers that might lead to the resolution of this issue will be appreciated.
Thanks
I solved this issue with redirect, but I had to setup virtual host for https redirect with all necessary ssl settings.
<VirtualHost *:80>
ServerName test1.com
Redirect "/" "https://test2.com/"
</VirtualHost>
<VirtualHost *:443>
ServerName test1.com
Redirect "/" "https://test2.com/"
SSLEngine on
# SSLProxyEngine On
SSLCertificateFile /path/site.crt
SSLCertificateKeyFile /path/site.key
SSLCertificateChainFile /path/DigiCertCA.crt
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
</VirtualHost>
<VirtualHost *:443>
ServerName test2.com
...
SSLEngine on
# SSLProxyEngine On
SSLCertificateFile /path/site.crt
SSLCertificateKeyFile /path/site.key
SSLCertificateChainFile /path/DigiCertCA.crt
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
</VirtualHost>
Try the following:
RewriteEngine On
RewriteCond %{HTTP_HOST} test1.com$
RewriteRule ^(.*)$ https://test2.com$1 [L,NC,R=301]
If you have a <VirualHost> for both :80 and :443, this redirect should go in both configurations.
I had site1 with https (certificate) and site2 with http (without certificate), both on the same IP (virtual hosts.
Then I noteiced that site2 was getting incorrectly indexed by Google for https, using site1's content.
Whilst for RewriteCond listening
for port 80, the redirect needs to
sit in the .htaccess for site2,
for port 443, the redirect needs to
sit in the .htaccess for site1.
But then the discrimination no longer goes by port but by HTTP_HOST (the DNS name).
For me, site1 = shop.smartgart.com, site2 = one0.com.
I put this into site1's .htaccess:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^shop.smartgart.com$
RewriteRule ^(.*)$ https://shop.smartgart.com/$1 [R=301,L]
That is: If the HTTP_HOST being handled is not site1, then redirect to site1, using the supplied suffix ($1).
Works for me!
I solved this issue with MULTIPLE redirects, not the same as #A Kunin 's answer.
Because I use different certificates for both site, and it will report certificate error if I just redirect from httpS://test1.com to httpS://test2.com.
My solution is: httpS://test1.com --> http://test1.com --> httpS://test2.com
<VirtualHost *:80>
ServerName test1.com
Redirect "/" "https://test2.com/"
</VirtualHost>
<VirtualHost *:443>
ServerName test1.com
#### The Tricky ####
Redirect "/" "http://test2.com/"
SSLEngine on
# SSLProxyEngine On
SSLCertificateFile /path/site1.crt
SSLCertificateKeyFile /path/site1.key
SSLCertificateChainFile /path/DigiCertCA1.crt
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
</VirtualHost>
<VirtualHost *:443>
ServerName test2.com
...
SSLEngine on
# SSLProxyEngine On
SSLCertificateFile /path/site2.crt
SSLCertificateKeyFile /path/site2.key
SSLCertificateChainFile /path/DigiCertCA2.crt
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
</VirtualHost>
Related
My setting is done and it works. Is it the correct way?
I have a Windows server and I installed XAMPP on it. Different domain would point to different IP address to the server. Also, every site runs https on this server. I go through a lot of tutorials and set up self-signed cert to each site.
Then, I configed the server with below setting.
These config works but I am not sure is it secure enough. I afraid that I missed something important.
I need the site to be reachable by below URL:
http://sitea.com (Will redirect to https://sitea.com)
http://www.sitea.com (Will also redirect to https://sitea.com)
https://sitea.com (This great)
https://www.sitea.com (Will force to use non-www version due to program needed- https://sitea.com)
My configuration is listed below. May I ask if it is good enough or if I missed something?
C:\xampp\apache\conf\extra\httpd-vhosts.conf:
<VirtualHost 192.168.242.121:80>
ServerName sitea.com
ServerAlias www.sitea.com
Redirect permanent / https://sitea.com/
</VirtualHost>
<VirtualHost 192.168.242.121:443>
DocumentRoot "S:/websites/sitea/"
ServerName sitea.com
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]
SSLEngine on
SSLCertificateFile "ssl/sitea.com/server.crt"
SSLCertificateKeyFile "ssl/sitea.com/server.key"
AccessFileName .htaccess
ErrorLog "S:/websites/sitea/logs/error.log"
CustomLog "S:/websites/sitea/logs/access.log" common
<Directory S:/websites/sitea/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
<VirtualHost 192.168.242.120:80>
ServerName siteb.com
ServerAlias www.siteb.com
Redirect permanent / https://siteb.com/
</VirtualHost>
<VirtualHost 192.168.242.120:443>
DocumentRoot "S:/websites/siteb/"
ServerName siteb.com
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]
SSLEngine on
SSLCertificateFile "ssl/siteb.com/server.crt"
SSLCertificateKeyFile "ssl/siteb.com/server.key"
AccessFileName .htaccess
ErrorLog "S:/websites/siteb/logs/error.log"
CustomLog "S:/websites/siteb/logs/access.log" common
<Directory S:/websites/siteb/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
C:\Windows\System32\drivers\etc\hosts:
192.168.242.121 sitea.com www.sitea.com
192.168.242.120 siteb.com www.siteb.com
Thank you!
Enabling HTTPS on a website does not stop website vulnerabilities, it only secures data which is being transferred between the website server and client i.e. someone can not eaves drop on what the server and client are saying to each other. If a website has a vulnerability people will still be able to exploit it.
In your Apache configuration it looks like some of your apache configurations can be bypassed by accessing your website directly i.e. type it's IP address into a web browser. This would allow someone to bypass your mandated HTTPS for example. You should set up a redirect rule if you want to prevent against this.
I have a webserver with nagios, nagios is the only service working in this vm, so I want when I go to the root https://mymachine to redirect directly to https://mymachine/nagios.
I have made a configuration like this
<VirtualHost *:443>
ServerName mymachine.mydomain
ServerAdmin root#mymachine.mydomain
Redirect / https://mymachine.mydomain/nagios
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/nagios1.mymachine.mydomain.crt
SSLCertificateKeyFile /etc/pki/tls/private/nagios1mymachine.mydomain.key
SSLCACertificateFile /etc/pki/tls/certs/mymachine.mydomain.crt
</VirtualHost>
Restart http and..disaster! Firefox open the page
https://nagios1.mymachine.mydomain/nagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagiosnagios
and give the "redirect loop" error.
Consider I have also a redirect from http to https
active
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
If I remove it is the same thing.
Any solution?
Thanks
Solution found.
<VirtualHost *:80>
ServerName nagios1.mymachine.mydomain
ServerAdmin root#mymachine.mydomain
Redirect "/" "https://nagios1.mymachine.mydomain/nagios"
</VirtualHost>
<VirtualHost *:443>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/nagios1.mymachine.mydomain.crt
SSLCertificateKeyFile /etc/pki/tls/private/nagios1mymachine.mydomain.key
SSLCACertificateFile /etc/pki/tls/certs/mymachine.mydomain.crt
</VirtualHost>
Problem
I am trying to setup a live environment with laravel websockets library behind an apache server.
The Websocket server is running on port 6001 (unreachable from outside).
The Apache VHost is configured for ws.example.com
I cannot get the Apache to proxy the wss:// requests correctly.
The request to wss://ws.example.com/request/path?protocol=7&client=js&version=5.1.1&flash=false fails.
(Error during WebSocket handshake: Invalid status line)
I think there is a problem with my vhost configuration. Am I missing something? Any advice is appreciated.
vhost configuration
<VirtualHost *:443>
ServerName ws.example.com
ServerAlias www.ws.example.com.com
DocumentRoot /srv/vhost/example.com/domains/ws.example.com/public_html
ErrorLog /var/log/virtualmin/ws.example.com_error_log
CustomLog /var/log/virtualmin/ws.example.com_access_log combined
ScriptAlias /cgi-bin/ /srv/vhost/example.com/domains/ws.example.com/cgi-bin/
DirectoryIndex index.php index.html
RewriteEngine on
ProxyRequests off
ProxyVia on
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://localhost:6001/$1 [P,L]
ProxyPass /request/path http://localhost:6001/request/path
ProxyPassReverse /request/path http://localhost:6001/request/path
SSLCertificateFile /etc/letsencrypt/path/ws.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/path/ws.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
Create a subdomain for websockets. Then edit your virtualhost configs (Apache 2.4) as below. Use pusher-php-server 5.0.3
<VirtualHost *:443>
ServerAdmin admin#example.com
ServerName socket.website.com
<Proxy *>
Require all granted
Allow from all
</Proxy>
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
RewriteEngine on
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule .* wss://127.0.0.1:6001%{REQUEST_URI} [P]
ProxyPass / ws://127.0.0.1:6001
ProxyPassReverse / ws://127.0.0.1:6001
SSLCertificateFile /etc/letsencrypt/live/socket.website.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/socket.website.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
#max: your rewrite rules were the key, also applies when the proxy just forwards the unencrypted traffic and apache is handling ssl to the outside, replacing wss with ws then - after one day of fiddling its finally working!
edit: not enough reputation for a comment , sorry
I have done redirection in apache before but in a simple way what I do is that enable rewrite module in apache server and then add the two .conf file in /etc/apache2/sites-available mentioned below
The below file is for redirecting HTTP request received throw domain to a specific port.
<VirtualHost *:80>
ServerAdmin me#mydomain.com
ServerName test.domain.com
ProxyPreserveHost On
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / https://localhost:3235/
ProxyPassReverse / https://localhost:3235/
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{SERVER_NAME} =chat-dev.motivone.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
The below file is for redirecting HTTPS request received throw domain to a specific port.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin me#mydomain.com
ServerName test.domain.com
ProxyPreserveHost On
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / https://localhost:3235/
ProxyPassReverse / https://localhost:3235/
SSLCertificateFile /etc/letsencrypt/live/test.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/test.domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
this process just works fine when I run my server throws HTTP and change proxy to HTTP but when I run my server on https and then try to redirect it. its throw the error like
i am not sure what is wrong ay kind of help is appriciable thanks in advance
I have an apache2 server running on Ubuntu that I am toying with to step my sys admin skills up. I've been trying to set up a webserver with HTTPS throughout the entire site. Currently, If I go to https://mysite.com it works just fine. I've tried a few different redirect rules to make all connections to the site be forced to HTTPS, but I'm having no luck. Can anyone point out my mistake here?
httpd.conf:
NameVirtualHost *:443
<VirtualHost *:443>
ServerName mysite.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/
SSLEngine on
SSLOptions +FakeBasicAuth -StrictRequire +ExportCertData
SSLCertificateKeyFile /etc/ssl/crt/myserver.key
SSLCertificateFile /etc/ssl/crt/mysite_com.crt
SSLCertificateChainFile /etc/ssl/crt/mysite.ca-bundle
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig Options FileInfo Limit
Order allow,deny
allow from all
</Directory>
</VirtualHost>
<IfModule !mod_rewrite.c>
LoadModule rewrite_module modules/mod_rewrite.so
</IfModule>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
ports.conf:
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
Any help is greatly appreciated!
Finally figured it out... It wasn't my rewrite rule that wasn't working, but rather a conflict with the proxy I was using (cloudflare). For those in a similar situation, you have to create a "Page Rule" within the cloudflare dashboard, otherwise it will ignore you Apache rules.