[SOLVED] Enabling ssl with only one domain pointing to site
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Enabling ssl with only one domain pointing to site
My test server is going well for the past 2 months. I have learned a lot from searching the net for how to's and forums on questions I have. My next task on the to-do list is enabling ssl on my mail server. I have the ssl setup with an automatic redirect from http to https. It is working fine with a minor issue.
I have 2 domains and several subdomains on the server. Since I have enabled ssl, it seems for any of the domain/subdomain links I type in with a https://, it takes me to my mail server site. How can I have it set to only one secure link to my mail server?
If you need to see a file conf, please let me know. Thank you.
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
SSLCACertificateFile /etc/apache2/ssl/intermediate.crt
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
Let me see if I follow what you wrote. By adding this code to my existing .htaccess file, I am redirecting any domain/subdomain starting with a https to a site of my choice?
Code:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^webmail.domain.com$ [NC]
RewriteRule (.*) http://other.nossl-domain.com [R,L]
I had my redirect in a .htaccess in squirrelmail dir
Are you sure it's in the squirrelmail dir (/var/www/squirrelmail)?
Your rewrite stuff checks if the request is done through ssl and if not it forces the client to use ssl. If it's in the webmail server docroot, then there should be no problem with the other vhost as it use a different docroot.
BTW you can do the opposite with the 2nd vhost to turn off ssl for that vhost.
My rewrite stuff checks if the requested host is webmail.domain.com and if not it redirects the client to the non-secure 2nd vhost.
Your rewrite stuff checks if the request is done through ssl and if not it forces the client to use ssl. If it's in the webmail server docroot, then there should be no problem with the other vhost as it use a different docroot.
With this code in the .htaccess now, it is redirecting any https links that is not webmail.domain.com to http://other.nossl-domain.com.
Yes, the .htaccess is in /var/www/squirrelmail
This is how my .htaccess looks like now.
With this code in the .htaccess now, it is redirecting any https links that is not webmail.domain.com to http://other.nossl-domain.com.
Isn't that what you want to do?
Quote:
it seems for any of the domain/subdomain links I type in with a https://, it takes me to my mail server site. How can I have it set to only one secure link to my mail server?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.