i want to do something but i can't find an answer (Maybe i baldy searched). I don't know if it is possible so say me if it's not.
I would like to limit an apache virtual host to one and only domain name : bde.yggdrasil.cafe. So that if the user try to access this website using 90.90.3.57 or another domain name it is listed as not existing website. Here is my extra/bde.conf which is included in httpd.conf, you'll understand the problem :
<VirtualHost *:80>
ServerName bde.yggdrasil.cafe
ServerAdmin my#email.fr
DocumentRoot /srv/http/bdeweb
#Some django config
#[...]
RewriteEngine on
RewriteCond %{SERVER_NAME} =bde.yggdrasil.cafe
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Listen 443
<VirtualHost *:443>
ServerName bde.yggdrasil.cafe
ServerAdmin my#email.fr
DocumentRoot /srv/http/bdeweb
#Some django config
#[...]
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/bde.yggdrasil.cafe/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/bde.yggdrasil.cafe/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
If i use this code and i try to connect to 90.90.3.57 or yggdrasil.cafe using http protocol my request is catched by django which return an error 400 (It is good but not what i want to get). if i connect to bde.yggdrasil.cafe using http it redirect me correctly to https.
DNS Redirection
I think it can be usefull so i give you my DNS Redirections :
yggdrasil.cafe --> 90.90.3.57
bde.yggdrasil.cafe --> yggdrasil.cafe
Removing Django config
If i remove the django configuration in my HTTP virtual host and i use the following file :
<VirtualHost *:80>
ServerName bde.yggdrasil.cafe
RewriteEngine on
RewriteCond %{SERVER_NAME} =bde.yggdrasil.cafe
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Listen 443
<VirtualHost *:443>
ServerName bde.yggdrasil.cafe
ServerAdmin my#email.fr
DocumentRoot /srv/http/bdeweb
#Some django config
#[...]
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/bde.yggdrasil.cafe/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/bde.yggdrasil.cafe/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
If i try to connect to my server using 90.90.3.57 or yggdrasil.cafe i fall on "Indexes of /" (Wich is bad, realy bad).
I would like apache to ignore the connection if the user doesn't user the subdomain "bde.yggdrasil.cafe".
Why i want to do that ?
This domain is for all my stuff, including a future personal showcase website i would like to host on "yggdrasil.cafe" domain name (without subdomain).
So the important is not the result but i would like to know if it is possible to add an other VirtualHost on "yggdrasil.cafe" domain name afterward without django catching it.
Thanks for your time :)
Solution
As said by Dusan Basic
Of course, just add another VirtualHost with ServerName yggdrasil.cafe; for the beginning you can have simple RewriteRule ^ - [F]
It fixed the problem :)
Related
I want to redirect the python and django websites from http to https.
When I'm using the SECURE_SSL_REDIRECT = True in settings.py,
I'm getting the folder structure:
Are you using apache?
Try this on your .htacess inside www folder.
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
supposing that:
you are using apache2;
you are starting from the default-ssl.conf file which, if you are using a debian-like distro, is located in the directory /etc/apache2/sites-available;
you are serving your django application using mod_wsgi, having modified your default-ssl.conf as described in this howto
you could try defining a permanent redirect to https in the <VirtualHost *:80> directive, always in your default-ssl.conf, as shown below:
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName your-server.name
Redirect permanent / https://your-server.name
</VirtualHost>
<VirtualHost _default_:443>
ServerName your-server.name
...
django docs:
You should also configure the Web server that sits in front of Django to validate the host. It should respond with a static error page or ignore requests for incorrect hosts instead of forwarding the request to Django. This way you’ll avoid spurious errors in your Django logs (or emails if you have error reporting configured that way). For example, on nginx you might setup a default server to return “444 No Response” on an unrecognized host:
I am using Apache and this works:
http://serverip -> 404 error
http://www.example.com -> https://www.example.com -> django site
http://example.com -> https://example.com -> django site
Now I have a problem with https://serverip
I get a not secure message by my browser because I only have a SSL Cert for example.com, www.example.com and after I accept the security warning I see the django site but I want 404 error page.
How can I achieve this or do I misunderstand the django docs?
Update Config:
assume the django site is /var/www/html/index.html for simplification
000-default.conf:
<VirtualHost *:80>
Redirect 404 /
</VirtualHost>
example.com.conf:
<VirtualHost *:80>
ServerAdmin example#example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com [OR]
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
example.com-le-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin example#example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
I have the following in my apache2.conf file for a django project:
#ServerRoot "/etc/apache2"
<VirtualHost *:80>
Alias /static /home/ubuntu/Avails/static
# virtual host configuration
WSGIScriptAlias / home/ubuntu/Avails/wsgi.py
</VirtualHost>
Similar to a previous question I asked here (How to redirect one domain to another).
I have two domains:
www.new.example1.com/ --> IP=1.2.3.4
www.new.example2.com/ --> IP=1.2.3.4 (same IP for both domains)
I want all requests that go to www.example2.com/* to access the requested page. I want all requests that go to www.example1.com/* to redirect to www.example2.com/*. how would I redirect a domain within the VirtualHost block, instead of using the .htaccess file?
Here is what worked. Special thanks to anubhava for the help:
1) Enable module rewrite:
$ sudo a2enmod rewrite
2) Edit apache2.conf file:
<VirtualHost *:80>
Alias /static /home/ubuntu/Avails/static
# virtual host configuration
WSGIScriptAlias / home/ubuntu/Avails/wsgi.py
RewriteEngine On
RewriteCond %{HTTP_HOST} ^new\.example1\.net [NC]
RewriteRule ^ http://new.example2.net%{REQUEST_URI} [NE,R=301,L]
</VirtualHost>
3) Restart apache:
$ sudo service apache2 restart
I have the following apache2 VirtualHost config:
<VirtualHost {my_server_ip}:443>
ServerName securesite.com
ServerAlias www.securesite.com
DocumentRoot /data/web/securesite.com/
Options -Indexes
SSLEngine On
SSLCertificateFile /etc/ssl/securesite.com/securesite.com.crt
SSLCertificateKeyFile /etc/ssl/securesite.com/server.key
SSLCertificateChainFile /etc/ssl/securesite.com/gd_bundle.crt
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /data/web/unsecuresite.com/
ServerName unsecuresite.com
ServerAlias www.unsecuresite.com
</VirtualHost>
The problem is that I can access https://unsecuresite.com/ and the server returns the data for securesite.com and the browser complains.
Why does this happen? Why does ServerName for 443 matches other server names?
Can I somehow handle this? Maybe catch the request, handle it with regex and redirect it to its proper place?
EDIT
ports.conf says:
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
NameVirtualHost {my_server_ip}:443
Listen 443
</IfModule>
When you connect to https://securesite.com/, then you are actually connecting to port 443. Since there is only one site listening on port 443, the first match is returned (even though the ServerName does not match.
Your configuration basically boils down to:
<VirtualHost {my_server_ip}:443>
ServerName securesite.com
# ...
</VirtualHost>
<VirtualHost *:80>
ServerName unsecuresite.com
# ...
</VirtualHost>
This means that any request to port 80 (http) will be served by unsecuresite.com and requests to port 443 (https) are served by securesite.com.
Even if you add a <VirtualHost *:443> ServerName unsecuresite.com, you can still not simply trick the user to redirect without having a valid certificate for unsecuresite.com. (That would result in a ugly certificate warning.)
If your unsecuresite.com vhost is not supposed to handle HTTPS, then just ignore it. With nginx you could reset a connection if the hostname does not match, I don't know if something similar exists for Apache.
I solved it with the following method:
<VirtualHost {my_server_ip}:443>
ServerName securesite.com
ServerAlias www.securesite.com
DocumentRoot /data/web/securesite.com/
Options -Indexes
SSLEngine On
SSLCertificateFile /etc/ssl/securesite.com/securesite.com.crt
SSLCertificateKeyFile /etc/ssl/securesite.com/server.key
SSLCertificateChainFile /etc/ssl/securesite.com/gd_bundle.crt
RewriteEngine on
RewriteCond %{HTTP_HOST} !^(www\.)?(securesite\.com){1}$ [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}$1 [R=301]
</VirtualHost>
I am using a django based framework and have successfully figured Apache settings for http mode. Basically I have done the setting correctly on <VirtualHost *:80> ... </VirtualHost> and when I do, http://mysite.domain.com I get routed correctly to my site and the site pages and the skins get render correctly.
I have setup https://mysite.domain.com to work with shibboleth, shibboleth is working and when use the https I get routed to login credential page via shibboleth server, and after successful login I get redirect to https://mysite.domain.com but site doesn't get rendered correctly and skins don't show up as same as http://mysite.domain.com.
Here is my Apache settings, I am trying to understand what I am doing wrong here
<VirtualHost *:443>
ServerAdmin myname#mydomain.com
DocumentRoot /code/vEnviornment/mysite
ServerName mydomain.com
#<LocationMatch "^(?!/admin)">
#<LocationMatch "^(?!/m)">
# RewriteEngine on
# RewriteRule django.wsgi(.*)$ https://mydomain.com:443$1 [L,R=301]
#</LocationMatch>
SSLEngine on
#your SSL keys
#I have removed this wasn't comfortable putting SSL key info
#Alias /admin/media/ /usr/local/lib/python2.6/site-packages/django/contrib/admin/media/
Alias /admin/media/ /usr/local/lib/python2.7/dist-packages/django/contrib/admin/media/
WSGIScriptAlias /m/ /code/vEnviornment/mysite/django.wsgi
<Directory "/">
AuthType shibboleth
ShibRequestSetting requireSession 1
Require valid-user
</Directory>
Alias /Shibboleth.sso /tmp
# CustomLog /var/log/httpd/mysite/access_log common
# ErrorLog /var/log/httpd/mysite/error_log
CustomLog /var/log/apache2/mysite/access_log common
ErrorLog /var/log/apache2/mysite/error_log
</VirtualHost>
And here is how I have hetup http:
<VirtualHost *:80>
ServerAdmin myname#mydomain.com
DocumentRoot /code/vEnviornment/mysite
ServerName mysite.mydomain.com
#aliases to serve static media directly
#will probably need adjustment
Alias /m/ /code/vEnviornment/mysite/static/
Alias /upfiles/ /code/vEnviornment/mysite/myframework/upfiles/
<DirectoryMatch "/code/vEnviornment/mysite/myframework/skins/([^/]+)/media">
Order deny,allow
Allow from all
</DirectoryMatch>
<Directory "/code/vEnviornment/mysite/myframework/upfiles">
Order deny,allow
Allow from all
</Directory>
#must be a distinct name within your apache configuration
WSGIDaemonProcess mysite2
WSGIProcessGroup mysite2
WSGIScriptAlias / /code/vEnviornment/mysite/django.wsgi
#make all admin stuff except media go through secure connection
<LocationMatch "/admin(?!/media)">
RewriteEngine on
RewriteRule /admin(.*)$ https://128.101.35.71/admin$1 [L,R=301]
</LocationMatch>
# CustomLog /var/log/httpd/mysite/access_log common
# ErrorLog /var/log/httpd/mysite/error_log
CustomLog /var/log/apache2/mysite/access_log common
ErrorLog /var/log/apache2/mysite/error_log
LogLevel debug
</VirtualHost>
What am I doing wrong here to render the site incorrectly via https?
Alias /m/ /code/vEnviornment/mysite/static/
Alias /upfiles/ /code/vEnviornment/mysite/myframework/upfiles/
These two lines are missing in https virual host
and
your WSGIScriptAlias should point to / not /m/