I have a white-label web app that runs with subdomains to divide out the labels. Let's say cust1.app.com and cust2.app.com. I have SSL on my site, but I am having troubles making the site redirect from http to https. I want to do this all within http.conf, as opposed to .htaccess files. Here is my http.conf:
<VirtualHost *:443>
<Directory /var/www/html/>
Options -Indexes
Require all granted
AllowOverride All
</Directory>
ServerAlias *.app.com
DocumentRoot /var/www/app
SSLEngine on
SSLCertificateFile /var/www/certs/cert.pem
SSLCertificateKeyFile /var/www/certs/privkey.pem
SSLCertificateChainFile /var/www/certs/fullchain.pem
</VirtualHost>
<VirtualHost *:80>
ServerAlias *.app.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R,L]
</VirtualHost>
When visiting http://www.app.com or http://cust1.app.com, I get a simple ERR_CONNECTION_REFUSED, however when I manually put in the https, the site serves fine on all subdomains.
How do I redirect to https while honoring my wildcard subdomains?
Turns out I was missing the Listen directive for port 80, I must have deleted it from ports.conf or something at some point in the long and hair-pulling troubleshooting process. Here's my http.conf now:
Listen 80
Listen 443
<VirtualHost *:443>
<Directory /var/www/html/>
Options -Indexes
Require all granted
AllowOverride All
</Directory>
ServerAlias *.app.com
DocumentRoot /var/www/app
SSLEngine on
SSLCertificateFile /var/www/certs/cert.pem
SSLCertificateKeyFile /var/www/certs/privkey.pem
SSLCertificateChainFile /var/www/certs/fullchain.pem
</VirtualHost>
<VirtualHost *:80>
ServerAlias *.app.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R,L]
</VirtualHost>
Related
Hi Guys I am trying to route my domain to server 139.5X.X.XXX
Following is My DNS record Details in Hostinger :-
Type Name Priority Content IP-V4 TTL
A www 0 139.5X.X.XXX 600
A # 0 139.5X.X.XXX 14400
Now I am seeing default apache page while browsing the domain (Server serving default apache page (Digital Ocean Ubuntu Droplet)) .
But after configuring a Django service to domain it taking too long to respond and ending up with "This Site can't be Reached"
following is the conf file which I am using
<VirtualHost *:80>
ServerName tellie.in
ServerAlias www.tellie.in
Redirect permanent / https://tellie.in/
RewriteEngine on
RewriteCond %{SERVER_NAME} =tellie.in [OR]
RewriteCond %{SERVER_NAME} =www.tellie.in
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin#tellie.in
ServerName tellie.in
ServerAlias www.tellie.in
DocumentRoot /home/srv/telli
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /static /home/srv/telli/telli/static
<Directory /home/srv/telli/telli/static>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
Alias /media /home/srv/telli/telli/media
<Directory /home/srv/telli/telli/media>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<Directory /home/srv/telli/telli/telli>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess telli python-path=/home/srv/telli/telli python-home=/home/srv/telli/venv
WSGIProcessGroup telli
WSGIScriptAlias / /home/srv/telli/telli/telli/wsgi.py
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/tellie.in/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/tellie.in/privkey.pem
</VirtualHost>
Is there anything wrong that could cause the problem I am facing
Make sure that Apache has rx access to the directories under /home/srv/, It is better to move the code out of HOME and in a general mountpoint as /var or /data
I just installed SSL certs but when visiting the www domain of my site it now shows the Apache2 Ubuntu default page. How do I redirect the www to non-www with http --> https and * subdomains?
<VirtualHost *:80>
ServerName clearpath.site
ServerAlias *.clearpath.site
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =clearpath.site [OR]
RewriteCond %{SERVER_NAME} =*.clearpath.site
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
And me VH for port 443:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName clearpath.site
ServerAlias *.clearpath.site
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/
SSLCertificateKeyFile /etc/letsencrypt/
</VirtualHost>
</IfModule>
Any help is appreciated.
Here's an example; I've always been explicit in listing my subdomains, but you should be able to use wildcards: https://httpd.apache.org/docs/2.4/mod/core.html#serveralias
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com subdomain.example.com other.example.com
Redirect permanent / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
TimeOut 300
SSLEngine On
ServerName www.example.com
ServerAlias example.com subdomain.example.com other.example.com
# Set to the lobal Application Group
WSGIApplicationGroup %{GLOBAL}
# Pass Authorizations through to the WSGI app for Django REST Framework Token Auth
WSGIPassAuthorization On
WSGIDaemonProcess mysite-master-https python-home=/path/to/django/mysite-master/venv request-timeout=300 user=apache group=apache processes=6
WSGIProcessGroup mysite-master-https
WSGIScriptAlias / /path/to/django/mysite-master/config/wsgi.py process-group=mysite-master-https
<Directory /path/to/django/mysite-master/config>
Require all granted
</Directory>
Alias /static/ /path/to/django/mysite-master/static/
</VirtualHost>
Good luck!
I have the following apache2 VirtualHost config:
<VirtualHost {my_server_ip}:443>
ServerName securesite.com
ServerAlias www.securesite.com
DocumentRoot /data/web/securesite.com/
Options -Indexes
SSLEngine On
SSLCertificateFile /etc/ssl/securesite.com/securesite.com.crt
SSLCertificateKeyFile /etc/ssl/securesite.com/server.key
SSLCertificateChainFile /etc/ssl/securesite.com/gd_bundle.crt
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /data/web/unsecuresite.com/
ServerName unsecuresite.com
ServerAlias www.unsecuresite.com
</VirtualHost>
The problem is that I can access https://unsecuresite.com/ and the server returns the data for securesite.com and the browser complains.
Why does this happen? Why does ServerName for 443 matches other server names?
Can I somehow handle this? Maybe catch the request, handle it with regex and redirect it to its proper place?
EDIT
ports.conf says:
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
NameVirtualHost {my_server_ip}:443
Listen 443
</IfModule>
When you connect to https://securesite.com/, then you are actually connecting to port 443. Since there is only one site listening on port 443, the first match is returned (even though the ServerName does not match.
Your configuration basically boils down to:
<VirtualHost {my_server_ip}:443>
ServerName securesite.com
# ...
</VirtualHost>
<VirtualHost *:80>
ServerName unsecuresite.com
# ...
</VirtualHost>
This means that any request to port 80 (http) will be served by unsecuresite.com and requests to port 443 (https) are served by securesite.com.
Even if you add a <VirtualHost *:443> ServerName unsecuresite.com, you can still not simply trick the user to redirect without having a valid certificate for unsecuresite.com. (That would result in a ugly certificate warning.)
If your unsecuresite.com vhost is not supposed to handle HTTPS, then just ignore it. With nginx you could reset a connection if the hostname does not match, I don't know if something similar exists for Apache.
I solved it with the following method:
<VirtualHost {my_server_ip}:443>
ServerName securesite.com
ServerAlias www.securesite.com
DocumentRoot /data/web/securesite.com/
Options -Indexes
SSLEngine On
SSLCertificateFile /etc/ssl/securesite.com/securesite.com.crt
SSLCertificateKeyFile /etc/ssl/securesite.com/server.key
SSLCertificateChainFile /etc/ssl/securesite.com/gd_bundle.crt
RewriteEngine on
RewriteCond %{HTTP_HOST} !^(www\.)?(securesite\.com){1}$ [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}$1 [R=301]
</VirtualHost>
I installed a SSL certificate in my apache server and I am having a problem. It happens that when I open my site on my phone it opens lots of popups asking to setup a pin for credential storage. On Macs it also opens a popup asking to select a certificate. Does anyone have/had this problem? I am also using django on my server if I helps for the answer.
my ssl configuration is this:
<VirtualHost *:80>
ServerAdmin blahblah#blah.pt
ServerName beta.site.pt
ErrorLog /var/log/apache2/vhost1-error.log
WSGIDaemonProcess netpecasbeta user=${APACHE_RUN_USER} group=${APACHE_RUN_GROUP} threads=25 python-path=/usr/local/lib/python2.7/site-packages
WSGIProcessGroup netpecasbeta
WSGIScriptAlias / /.../wsgi.py
<Location />
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R]
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerName media.site.pt
DocumentRoot /var/www
ErrorLog /var/log/apache2/vhost1-error.log
CustomLog /var/log/apache2/vhost1-access.log combined
SSLEngine On
SSLCertificateFile /.../netpecas.pt.crt
SSLCertificateKeyFile /.../netpecas.key
SSLCertificateChainFile /.../gd_bundle.crt
SSLVerifyClient optional
LimitRequestBody 0
LimitRequestFieldSize 40940000
LimitXMLRequestBody 0
<Location />
SSLRequireSSL On
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
</Location>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin blabla#bla.pt
ServerName beta.site.pt
WSGIProcessGroup netpecasbeta
WSGIScriptAlias / /partfy/woofparts/Partfy/wsgi.py
ErrorLog /var/log/apache2/vhost1-error.log
CustomLog /var/log/apache2/vhost1-access.log combined
SSLEngine On
SSLCertificateFile /.../netpecas.pt.crt
SSLCertificateKeyFile /.../netpecas.key
SSLCertificateChainFile /.../gd_bundle.crt
SSLVerifyClient optional
LimitRequestBody 0
LimitRequestFieldSize 40940000
LimitXMLRequestBody 0
<Location />
SSLRequireSSL On
SSLVerifyClient optional
SSLVerifyDepth 1
SSLOptions +StdEnvVars
</Location>
</VirtualHost>
Change SSLVerifyClient from Optional to None, as specified here: https://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslverifyclient
I am using a django based framework and have successfully figured Apache settings for http mode. Basically I have done the setting correctly on <VirtualHost *:80> ... </VirtualHost> and when I do, http://mysite.domain.com I get routed correctly to my site and the site pages and the skins get render correctly.
I have setup https://mysite.domain.com to work with shibboleth, shibboleth is working and when use the https I get routed to login credential page via shibboleth server, and after successful login I get redirect to https://mysite.domain.com but site doesn't get rendered correctly and skins don't show up as same as http://mysite.domain.com.
Here is my Apache settings, I am trying to understand what I am doing wrong here
<VirtualHost *:443>
ServerAdmin myname#mydomain.com
DocumentRoot /code/vEnviornment/mysite
ServerName mydomain.com
#<LocationMatch "^(?!/admin)">
#<LocationMatch "^(?!/m)">
# RewriteEngine on
# RewriteRule django.wsgi(.*)$ https://mydomain.com:443$1 [L,R=301]
#</LocationMatch>
SSLEngine on
#your SSL keys
#I have removed this wasn't comfortable putting SSL key info
#Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
Alias /admin/media/ /usr/local/lib/python2.7/dist-packages/django/contrib/admin/media/
WSGIScriptAlias /m/ /code/vEnviornment/mysite/django.wsgi
<Directory "/">
AuthType shibboleth
ShibRequestSetting requireSession 1
Require valid-user
</Directory>
Alias /Shibboleth.sso /tmp
# CustomLog /var/log/httpd/mysite/access_log common
# ErrorLog /var/log/httpd/mysite/error_log
CustomLog /var/log/apache2/mysite/access_log common
ErrorLog /var/log/apache2/mysite/error_log
</VirtualHost>
And here is how I have hetup http:
<VirtualHost *:80>
ServerAdmin myname#mydomain.com
DocumentRoot /code/vEnviornment/mysite
ServerName mysite.mydomain.com
#aliases to serve static media directly
#will probably need adjustment
Alias /m/ /code/vEnviornment/mysite/static/
Alias /upfiles/ /code/vEnviornment/mysite/myframework/upfiles/
<DirectoryMatch "/code/vEnviornment/mysite/myframework/skins/([^/]+)/media">
Order deny,allow
Allow from all
</DirectoryMatch>
<Directory "/code/vEnviornment/mysite/myframework/upfiles">
Order deny,allow
Allow from all
</Directory>
#must be a distinct name within your apache configuration
WSGIDaemonProcess mysite2
WSGIProcessGroup mysite2
WSGIScriptAlias / /code/vEnviornment/mysite/django.wsgi
#make all admin stuff except media go through secure connection
<LocationMatch "/admin(?!/media)">
RewriteEngine on
RewriteRule /admin(.*)$ https://128.101.35.71/admin$1 [L,R=301]
</LocationMatch>
# CustomLog /var/log/httpd/mysite/access_log common
# ErrorLog /var/log/httpd/mysite/error_log
CustomLog /var/log/apache2/mysite/access_log common
ErrorLog /var/log/apache2/mysite/error_log
LogLevel debug
</VirtualHost>
What am I doing wrong here to render the site incorrectly via https?
Alias /m/ /code/vEnviornment/mysite/static/
Alias /upfiles/ /code/vEnviornment/mysite/myframework/upfiles/
These two lines are missing in https virual host
and
your WSGIScriptAlias should point to / not /m/