I just installed SSL certs but when visiting the www domain of my site it now shows the Apache2 Ubuntu default page. How do I redirect the www to non-www with http --> https and * subdomains?
<VirtualHost *:80>
ServerName clearpath.site
ServerAlias *.clearpath.site
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =clearpath.site [OR]
RewriteCond %{SERVER_NAME} =*.clearpath.site
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
And me VH for port 443:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName clearpath.site
ServerAlias *.clearpath.site
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/
SSLCertificateKeyFile /etc/letsencrypt/
</VirtualHost>
</IfModule>
Any help is appreciated.
Here's an example; I've always been explicit in listing my subdomains, but you should be able to use wildcards: https://httpd.apache.org/docs/2.4/mod/core.html#serveralias
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com subdomain.example.com other.example.com
Redirect permanent / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
TimeOut 300
SSLEngine On
ServerName www.example.com
ServerAlias example.com subdomain.example.com other.example.com
# Set to the lobal Application Group
WSGIApplicationGroup %{GLOBAL}
# Pass Authorizations through to the WSGI app for Django REST Framework Token Auth
WSGIPassAuthorization On
WSGIDaemonProcess mysite-master-https python-home=/path/to/django/mysite-master/venv request-timeout=300 user=apache group=apache processes=6
WSGIProcessGroup mysite-master-https
WSGIScriptAlias / /path/to/django/mysite-master/config/wsgi.py process-group=mysite-master-https
<Directory /path/to/django/mysite-master/config>
Require all granted
</Directory>
Alias /static/ /path/to/django/mysite-master/static/
</VirtualHost>
Good luck!
Related
I have a white-label web app that runs with subdomains to divide out the labels. Let's say cust1.app.com and cust2.app.com. I have SSL on my site, but I am having troubles making the site redirect from http to https. I want to do this all within http.conf, as opposed to .htaccess files. Here is my http.conf:
<VirtualHost *:443>
<Directory /var/www/html/>
Options -Indexes
Require all granted
AllowOverride All
</Directory>
ServerAlias *.app.com
DocumentRoot /var/www/app
SSLEngine on
SSLCertificateFile /var/www/certs/cert.pem
SSLCertificateKeyFile /var/www/certs/privkey.pem
SSLCertificateChainFile /var/www/certs/fullchain.pem
</VirtualHost>
<VirtualHost *:80>
ServerAlias *.app.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R,L]
</VirtualHost>
When visiting http://www.app.com or http://cust1.app.com, I get a simple ERR_CONNECTION_REFUSED, however when I manually put in the https, the site serves fine on all subdomains.
How do I redirect to https while honoring my wildcard subdomains?
Turns out I was missing the Listen directive for port 80, I must have deleted it from ports.conf or something at some point in the long and hair-pulling troubleshooting process. Here's my http.conf now:
Listen 80
Listen 443
<VirtualHost *:443>
<Directory /var/www/html/>
Options -Indexes
Require all granted
AllowOverride All
</Directory>
ServerAlias *.app.com
DocumentRoot /var/www/app
SSLEngine on
SSLCertificateFile /var/www/certs/cert.pem
SSLCertificateKeyFile /var/www/certs/privkey.pem
SSLCertificateChainFile /var/www/certs/fullchain.pem
</VirtualHost>
<VirtualHost *:80>
ServerAlias *.app.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R,L]
</VirtualHost>
django docs:
You should also configure the Web server that sits in front of Django to validate the host. It should respond with a static error page or ignore requests for incorrect hosts instead of forwarding the request to Django. This way you’ll avoid spurious errors in your Django logs (or emails if you have error reporting configured that way). For example, on nginx you might setup a default server to return “444 No Response” on an unrecognized host:
I am using Apache and this works:
http://serverip -> 404 error
http://www.example.com -> https://www.example.com -> django site
http://example.com -> https://example.com -> django site
Now I have a problem with https://serverip
I get a not secure message by my browser because I only have a SSL Cert for example.com, www.example.com and after I accept the security warning I see the django site but I want 404 error page.
How can I achieve this or do I misunderstand the django docs?
Update Config:
assume the django site is /var/www/html/index.html for simplification
000-default.conf:
<VirtualHost *:80>
Redirect 404 /
</VirtualHost>
example.com.conf:
<VirtualHost *:80>
ServerAdmin example#example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com [OR]
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
example.com-le-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin example#example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
I want to rename my localhost server to other name, however I have encountered a 404 error. I have followed the steps how to set this up, But still I get error. I wonder what's wrong. I will provide the changes done.
c:\Windows\System32\Drivers\Etc\hosts.file
127.0.0.1 localhost
127.0.0.1 bluescript.com.ph
::89 localhost
::89 bluescript.com.ph
c:\wamp\bin\apache\apache2.4.9\conf\extra\httpd-vhost.conf
I added the third host on the file
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host.example.com
DocumentRoot "c:/Apache24/docs/dummy-host.example.com"
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/dummy-host.example.com-error.log"
CustomLog "logs/dummy-host.example.com-access.log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host2.example.com
DocumentRoot "c:/Apache24/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "logs/dummy-host2.example.com-error.log"
CustomLog "logs/dummy-host2.example.com-access.log" common
</VirtualHost>
<VirtualHost *:80>
ServerName bluescript.com.ph
DocumentRoot "c:/wamp/www/bluescript/"
<Directory "c:/wamp/www/bluescript/">
Options +Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
</VirtualHost>
Under httpd.conf i did changed my port to 8989, since skype will use port 80
ServerName localhost:8989
#Listen 12.34.56.78:8989
Listen 0.0.0.0:8989
Listen [::0]:8989
I've already restarted WAMP and re-open the web browser and type url: http://bluescript.com.ph and get error: HTTP Error 404. The requested resource is not found. Where did i go wrong?
1) Remove these dummy (Example) Virtual Hosts that point to non existing folders
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host.example.com
DocumentRoot "c:/Apache24/docs/dummy-host.example.com"
ServerName dummy-host.example.com
ServerAlias www.dummy-host.example.com
ErrorLog "logs/dummy-host.example.com-error.log"
CustomLog "logs/dummy-host.example.com-access.log" common
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster#dummy-host2.example.com
DocumentRoot "c:/Apache24/docs/dummy-host2.example.com"
ServerName dummy-host2.example.com
ErrorLog "logs/dummy-host2.example.com-error.log"
CustomLog "logs/dummy-host2.example.com-access.log" common
</VirtualHost>
2)
If you must use a Non-Standard port number for Apache then that port number needs to be on the Virtual Host as well.
You should also add a Virtual Hosts for localhost
<VirtualHost *:8989>
ServerName localhost
DocumentRoot c:/wamp/www
<Directory "c:/wamp/www/">
Options +Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
</VirtualHost>
<VirtualHost *:8989>
ServerName bluescript.com.ph
DocumentRoot "c:/wamp/www/bluescript/"
<Directory "c:/wamp/www/bluescript/">
Options +Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require local
</Directory>
</VirtualHost>
Also remember to remove the comment from httpd.conf to activate the httpd-vhosts.conf file
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
Now restart Apache
And of course this means you must use the Non-Standard port number on all your urls. Like
http://bluescript.com.ph:8989
3)
Also this is wrong in your hosts file! Port number are not used in this file, so
::89 localhost
::89 bluescript.com.ph
Should be
::1 localhost
::1 bluescript.com.ph
After this change either reboot, or from a command window launched "As Adminitrator" do
net stop dnscache
net start dnscache
I installed a SSL certificate in my apache server and I am having a problem. It happens that when I open my site on my phone it opens lots of popups asking to setup a pin for credential storage. On Macs it also opens a popup asking to select a certificate. Does anyone have/had this problem? I am also using django on my server if I helps for the answer.
my ssl configuration is this:
<VirtualHost *:80>
ServerAdmin blahblah#blah.pt
ServerName beta.site.pt
ErrorLog /var/log/apache2/vhost1-error.log
WSGIDaemonProcess netpecasbeta user=${APACHE_RUN_USER} group=${APACHE_RUN_GROUP} threads=25 python-path=/usr/local/lib/python2.7/site-packages
WSGIProcessGroup netpecasbeta
WSGIScriptAlias / /.../wsgi.py
<Location />
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerName media.site.pt
DocumentRoot /var/www
ErrorLog /var/log/apache2/vhost1-error.log
CustomLog /var/log/apache2/vhost1-access.log combined
SSLEngine On
SSLCertificateFile /.../netpecas.pt.crt
SSLCertificateKeyFile /.../netpecas.key
SSLCertificateChainFile /.../gd_bundle.crt
SSLVerifyClient optional
LimitRequestBody 0
LimitRequestFieldSize 40940000
LimitXMLRequestBody 0
<Location />
SSLRequireSSL On
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin blabla#bla.pt
ServerName beta.site.pt
WSGIProcessGroup netpecasbeta
WSGIScriptAlias / /partfy/woofparts/Partfy/wsgi.py
ErrorLog /var/log/apache2/vhost1-error.log
CustomLog /var/log/apache2/vhost1-access.log combined
SSLEngine On
SSLCertificateFile /.../netpecas.pt.crt
SSLCertificateKeyFile /.../netpecas.key
SSLCertificateChainFile /.../gd_bundle.crt
SSLVerifyClient optional
LimitRequestBody 0
LimitRequestFieldSize 40940000
LimitXMLRequestBody 0
<Location />
SSLRequireSSL On
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
</Location>
</VirtualHost>
Change SSLVerifyClient from Optional to None, as specified here: https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyclient
I am using a django based framework and have successfully figured Apache settings for http mode. Basically I have done the setting correctly on <VirtualHost *:80> ... </VirtualHost> and when I do, http://mysite.domain.com I get routed correctly to my site and the site pages and the skins get render correctly.
I have setup https://mysite.domain.com to work with shibboleth, shibboleth is working and when use the https I get routed to login credential page via shibboleth server, and after successful login I get redirect to https://mysite.domain.com but site doesn't get rendered correctly and skins don't show up as same as http://mysite.domain.com.
Here is my Apache settings, I am trying to understand what I am doing wrong here
<VirtualHost *:443>
ServerAdmin myname#mydomain.com
DocumentRoot /code/vEnviornment/mysite
ServerName mydomain.com
#<LocationMatch "^(?!/admin)">
#<LocationMatch "^(?!/m)">
# RewriteEngine on
# RewriteRule django.wsgi(.*)$ https://mydomain.com:443$1 [L,R=301]
#</LocationMatch>
SSLEngine on
#your SSL keys
#I have removed this wasn't comfortable putting SSL key info
#Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
Alias /admin/media/ /usr/local/lib/python2.7/dist-packages/django/contrib/admin/media/
WSGIScriptAlias /m/ /code/vEnviornment/mysite/django.wsgi
<Directory "/">
AuthType shibboleth
ShibRequestSetting requireSession 1
Require valid-user
</Directory>
Alias /Shibboleth.sso /tmp
# CustomLog /var/log/httpd/mysite/access_log common
# ErrorLog /var/log/httpd/mysite/error_log
CustomLog /var/log/apache2/mysite/access_log common
ErrorLog /var/log/apache2/mysite/error_log
</VirtualHost>
And here is how I have hetup http:
<VirtualHost *:80>
ServerAdmin myname#mydomain.com
DocumentRoot /code/vEnviornment/mysite
ServerName mysite.mydomain.com
#aliases to serve static media directly
#will probably need adjustment
Alias /m/ /code/vEnviornment/mysite/static/
Alias /upfiles/ /code/vEnviornment/mysite/myframework/upfiles/
<DirectoryMatch "/code/vEnviornment/mysite/myframework/skins/([^/]+)/media">
Order deny,allow
Allow from all
</DirectoryMatch>
<Directory "/code/vEnviornment/mysite/myframework/upfiles">
Order deny,allow
Allow from all
</Directory>
#must be a distinct name within your apache configuration
WSGIDaemonProcess mysite2
WSGIProcessGroup mysite2
WSGIScriptAlias / /code/vEnviornment/mysite/django.wsgi
#make all admin stuff except media go through secure connection
<LocationMatch "/admin(?!/media)">
RewriteEngine on
RewriteRule /admin(.*)$ https://128.101.35.71/admin$1 [L,R=301]
</LocationMatch>
# CustomLog /var/log/httpd/mysite/access_log common
# ErrorLog /var/log/httpd/mysite/error_log
CustomLog /var/log/apache2/mysite/access_log common
ErrorLog /var/log/apache2/mysite/error_log
LogLevel debug
</VirtualHost>
What am I doing wrong here to render the site incorrectly via https?
Alias /m/ /code/vEnviornment/mysite/static/
Alias /upfiles/ /code/vEnviornment/mysite/myframework/upfiles/
These two lines are missing in https virual host
and
your WSGIScriptAlias should point to / not /m/