mod_rewrite syntax
i have setup virtual hosts and ssl both are working fine. Now i want to redirect from http to https
i have enabled mod_rewrite.so and used the following <VirtualHost *:443> ServerAdmin ***@***.*** DocumentRoot "/usr/local/apache/htdocs/test2" ServerName test2.test ErrorLog "logs/test2-error_log" CustomLog "logs/test2-access_log" common SSLEngine on SSLCertificateFile /usr/local/apache/conf/ssl.crt/mycert.cert SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/mycert.key RewriteEngine On ReWriteCond %{SERVER_PORT} !^443$ RewriteRule (.*) https://test2.test </VirtualHost> restarted the httpd But its not working. Kindly let me know the syntax to use. I have googled and collected documents, but Rewrite module is confusing for me. Can anyone provide any docs related to Apache httpd Linux system administrator. |
Hi,
You need to put the rewrite stuff inside the non-ssl vhost definition. The way you are using it now, the RewriteCond is never fulfilled as the connection port is already the 443 Regards |
Is this correct
<VirtualHost *:80> RewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] </VirtualHost> <VirtualHost *:443> ServerAdmin ***@***.*** DocumentRoot "/usr/local/apache/htdocs/test2" ServerName test2.test ErrorLog "logs/test2-error_log" CustomLog "logs/test2-access_log" common SSLEngine on SSLCertificateFile /usr/local/apache/conf/ssl.crt/mycert.cert SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/mycert.key </VirtualHost> |
Add a ServerName also in the non-ssl vhost (the same one as in the ssl vhost: test2.test).
And test to see if rewrite works, or you get any errors. |
Worked great thanks.. But i already have 80 port in httpd.conf. I have placed the above entries in httpd-vhost.conf. So whenever i start and stop tomcat, a warning is displayed "[warn] _default_ VirtualHost overlap on port 80, the first has precedence "
|
You need to add in httpd-vhost.conf:
Code:
NameVirtualHost *:80 |
yes i am talking about apache webserver. Now it works fine
|
In error_log i have a warning message "You should not use name-based virtual hosts in conjunction with SSL!!"
Can i ignore it. My Httpd-vhosts.conf looks like this # # Use name-based virtual hosting. # NameVirtualHost *:443 NameVirtualHost *:80 # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for all requests that do not # match a ServerName or ServerAlias in any <VirtualHost> block. # <VirtualHost *:80> RewriteEngine on ServerName test1.test ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] </VirtualHost> <VirtualHost *:80> RewriteEngine on ServerName test2.test ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] </VirtualHost> <VirtualHost *:443> ServerAdmin test@test.com DocumentRoot "/usr/local/apache/htdocs/test1" ServerName test1.test # ServerAlias ErrorLog "logs/test1-error_log" CustomLog "logs/test1-access_log" common SSLEngine on SSLCertificateFile /usr/local/apache/conf/ssl.crt/mycert.cert SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/mycert.key </VirtualHost> <VirtualHost *:443> ServerAdmin test@test.com DocumentRoot "/usr/local/apache/htdocs/test2" ServerName test2.test ErrorLog "logs/test2-error_log" CustomLog "logs/test2-access_log" common SSLEngine on SSLCertificateFile /usr/local/apache/conf/ssl.crt/mycert.cert SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/mycert.key </VirtualHost> |
What is your apache and openssl version?
The SSL name based vhosts work only on newer versions of apache (>2.2.12) and openssl (>0.9.8f). Also you need to use SNI (Server Name Indication). If you meet the above requirements, take a look here to setup multiple ssl vhosts |
1. openssl-0.9.8e-20.el5_7.1.0.1.centos
openssl-devel-0.9.8e-20.el5_7.1.0.1.centos 2. Apache/2.2.3 |
Quote:
Regards |
So with OpenSSL1.0.1.tar.gz i can have many SSL with vhosts right
|
Quote:
I would suggest you, if you need ssl vhosts, to see if you can upgrade using your distro's package manager, unless you're familiar in compiling software from sources. |
I have compiled Apache from source only. i used
./configure --prefix=/usr/local/apache --enable-modules=all --enable-mods-shared=all --enable-ssl --with-ssl=/usr/local/ssl --enable-distcache --enable-proxy --enable-cache --enable-mem-cache --enable-file-cache --enable-disk-cache --enable-ldap --enable-authnz-ldap --enable-cgid --enable-authn-anon --enable-authn-alias --disable-imagemap --enable-shared |
Quote:
Anyways compiling the latest apache-2.2.22 with the above options (assuming you've already compiled openssl in the default /usr/local/ssl) should do what you want. |
All times are GMT -5. The time now is 06:06 AM. |