LinuxQuestions.org - mod

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - mod_rewrite syntax (https://www.linuxquestions.org/questions/linux-server-73/mod_rewrite-syntax-936185/)

mod_rewrite syntax

i have setup virtual hosts and ssl both are working fine. Now i want to redirect from http to https

i have enabled mod_rewrite.so and used the following

<VirtualHost *:443>
ServerAdmin ***@***.***
DocumentRoot "/usr/local/apache/htdocs/test2"
ServerName test2.test
ErrorLog "logs/test2-error_log"
CustomLog "logs/test2-access_log" common
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/mycert.cert
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/mycert.key
RewriteEngine On
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://test2.test
</VirtualHost>

restarted the httpd

But its not working. Kindly let me know the syntax to use.
I have googled and collected documents, but Rewrite module is confusing for me. Can anyone provide any docs related to Apache httpd Linux system administrator.

Hi,

You need to put the rewrite stuff inside the non-ssl vhost definition.
The way you are using it now, the RewriteCond is never fulfilled as the connection port is already the 443

Regards

Is this correct

<VirtualHost *:80>
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost *:443>
ServerAdmin ***@***.***
DocumentRoot "/usr/local/apache/htdocs/test2"
ServerName test2.test
ErrorLog "logs/test2-error_log"
CustomLog "logs/test2-access_log" common
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/mycert.cert
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/mycert.key

</VirtualHost>

Add a ServerName also in the non-ssl vhost (the same one as in the ssl vhost: test2.test).
And test to see if rewrite works, or you get any errors.

Worked great thanks.. But i already have 80 port in httpd.conf. I have placed the above entries in httpd-vhost.conf. So whenever i start and stop tomcat, a warning is displayed "[warn] _default_ VirtualHost overlap on port 80, the first has precedence "

You need to add in httpd-vhost.conf:

Code:

NameVirtualHost *:80

I guess when you're saying tomcat, you actually mean apache...

yes i am talking about apache webserver. Now it works fine

In error_log i have a warning message "You should not use name-based virtual hosts in conjunction with SSL!!"
Can i ignore it. My Httpd-vhosts.conf looks like this

#
# Use name-based virtual hosting.
#
NameVirtualHost *:443
NameVirtualHost *:80
#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#
<VirtualHost *:80>
RewriteEngine on
ServerName test1.test
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost *:80>
RewriteEngine on
ServerName test2.test
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost *:443>
ServerAdmin test@test.com
DocumentRoot "/usr/local/apache/htdocs/test1"
ServerName test1.test
# ServerAlias
ErrorLog "logs/test1-error_log"
CustomLog "logs/test1-access_log" common
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/mycert.cert
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/mycert.key
</VirtualHost>

<VirtualHost *:443>
ServerAdmin test@test.com
DocumentRoot "/usr/local/apache/htdocs/test2"
ServerName test2.test
ErrorLog "logs/test2-error_log"
CustomLog "logs/test2-access_log" common
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/mycert.cert
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/mycert.key
</VirtualHost>

What is your apache and openssl version?
The SSL name based vhosts work only on newer versions of apache (>2.2.12) and openssl (>0.9.8f). Also you need to use SNI (Server Name Indication).
If you meet the above requirements, take a look here to setup multiple ssl vhosts

1. openssl-0.9.8e-20.el5_7.1.0.1.centos
openssl-devel-0.9.8e-20.el5_7.1.0.1.centos
2. Apache/2.2.3

Quote:

Originally Posted by Iyyappan (Post 4635185)

1. openssl-0.9.8e-20.el5_7.1.0.1.centos
openssl-devel-0.9.8e-20.el5_7.1.0.1.centos
2. Apache/2.2.3

Unfortunately, you're out of luck. Either upgrade, or use just one ssl host

Regards

So with OpenSSL1.0.1.tar.gz i can have many SSL with vhosts right

Quote:

Originally Posted by Iyyappan (Post 4635189)

So with OpenSSL1.0.1.tar.gz i can have many SSL with vhosts right

Yes, but you need also a newer apache with mod_ssl compiled against the above mentioned openssl.
I would suggest you, if you need ssl vhosts, to see if you can upgrade using your distro's package manager, unless you're familiar in compiling software from sources.

I have compiled Apache from source only. i used
./configure --prefix=/usr/local/apache --enable-modules=all --enable-mods-shared=all --enable-ssl --with-ssl=/usr/local/ssl --enable-distcache --enable-proxy --enable-cache --enable-mem-cache --enable-file-cache --enable-disk-cache --enable-ldap --enable-authnz-ldap --enable-cgid --enable-authn-anon --enable-authn-alias --disable-imagemap --enable-shared

Quote:

Originally Posted by Iyyappan (Post 4635204)

And why are you using apache-2.2.3? I thought you're using the apache that came with your distro.
Anyways compiling the latest apache-2.2.22 with the above options (assuming you've already compiled openssl in the default /usr/local/ssl) should do what you want.