|
mod_rewrite syntax
i have setup virtual hosts and ssl both are working fine. Now i want to redirect from http to https
i have enabled mod_rewrite.so and used the following <VirtualHost *:443> ServerAdmin ***@***.*** DocumentRoot "/usr/local/apache/htdocs/test2" ServerName test2.test ErrorLog "logs/test2-error_log" CustomLog "logs/test2-access_log" common SSLEngine on SSLCertificateFile /usr/local/apache/conf/ssl.crt/mycert.cert SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/mycert.key RewriteEngine On ReWriteCond %{SERVER_PORT} !^443$ RewriteRule (.*) https://test2.test </VirtualHost> restarted the httpd But its not working. Kindly let me know the syntax to use. I have googled and collected documents, but Rewrite module is confusing for me. Can anyone provide any docs related to Apache httpd Linux system administrator. |
Hi,
You need to put the rewrite stuff inside the non-ssl vhost definition. The way you are using it now, the RewriteCond is never fulfilled as the connection port is already the 443 Regards |
Is this correct
<VirtualHost *:80> RewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] </VirtualHost> <VirtualHost *:443> ServerAdmin ***@***.*** DocumentRoot "/usr/local/apache/htdocs/test2" ServerName test2.test ErrorLog "logs/test2-error_log" CustomLog "logs/test2-access_log" common SSLEngine on SSLCertificateFile /usr/local/apache/conf/ssl.crt/mycert.cert SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/mycert.key </VirtualHost> |
Add a ServerName also in the non-ssl vhost (the same one as in the ssl vhost: test2.test).
And test to see if rewrite works, or you get any errors. |
Worked great thanks.. But i already have 80 port in httpd.conf. I have placed the above entries in httpd-vhost.conf. So whenever i start and stop tomcat, a warning is displayed "[warn] _default_ VirtualHost overlap on port 80, the first has precedence "
|
You need to add in httpd-vhost.conf:
Code:
NameVirtualHost *:80 |
yes i am talking about apache webserver. Now it works fine
|
In error_log i have a warning message "You should not use name-based virtual hosts in conjunction with SSL!!"
Can i ignore it. My Httpd-vhosts.conf looks like this # # Use name-based virtual hosting. # NameVirtualHost *:443 NameVirtualHost *:80 # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for all requests that do not # match a ServerName or ServerAlias in any <VirtualHost> block. # <VirtualHost *:80> RewriteEngine on ServerName test1.test ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] </VirtualHost> <VirtualHost *:80> RewriteEngine on ServerName test2.test ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] </VirtualHost> <VirtualHost *:443> ServerAdmin test@test.com DocumentRoot "/usr/local/apache/htdocs/test1" ServerName test1.test # ServerAlias ErrorLog "logs/test1-error_log" CustomLog "logs/test1-access_log" common SSLEngine on SSLCertificateFile /usr/local/apache/conf/ssl.crt/mycert.cert SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/mycert.key </VirtualHost> <VirtualHost *:443> ServerAdmin test@test.com DocumentRoot "/usr/local/apache/htdocs/test2" ServerName test2.test ErrorLog "logs/test2-error_log" CustomLog "logs/test2-access_log" common SSLEngine on SSLCertificateFile /usr/local/apache/conf/ssl.crt/mycert.cert SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/mycert.key </VirtualHost> |
What is your apache and openssl version?
The SSL name based vhosts work only on newer versions of apache (>2.2.12) and openssl (>0.9.8f). Also you need to use SNI (Server Name Indication). If you meet the above requirements, take a look here to setup multiple ssl vhosts |
1. openssl-0.9.8e-20.el5_7.1.0.1.centos
openssl-devel-0.9.8e-20.el5_7.1.0.1.centos 2. Apache/2.2.3 |
Quote:
Regards |
So with OpenSSL1.0.1.tar.gz i can have many SSL with vhosts right
|
Quote:
I would suggest you, if you need ssl vhosts, to see if you can upgrade using your distro's package manager, unless you're familiar in compiling software from sources. |
I have compiled Apache from source only. i used
./configure --prefix=/usr/local/apache --enable-modules=all --enable-mods-shared=all --enable-ssl --with-ssl=/usr/local/ssl --enable-distcache --enable-proxy --enable-cache --enable-mem-cache --enable-file-cache --enable-disk-cache --enable-ldap --enable-authnz-ldap --enable-cgid --enable-authn-anon --enable-authn-alias --disable-imagemap --enable-shared |
Quote:
Anyways compiling the latest apache-2.2.22 with the above options (assuming you've already compiled openssl in the default /usr/local/ssl) should do what you want. |
I have been using the apache which came along with distro. But wanted to try from source too. In the apache which came along with distro has (conf conf.d logs modules run) folders alone, but while i install from source i get (bin build cgi-bin conf error htdocs icons include lib logs man manual modules). Y is that in normal apache(distro) the errors, libs, include folders are not there.
|
Quote:
|
Which do u think is better. I would go with Apache from source as all are placed in a specific folder. Can the redirect can be done using .htaccess too ? or only url redirect is possible using .htaccess
|
Quote:
Quote:
|
redirecting http to https was done using rewrite_module. Is it possible to do the same using .htaccess?
|
Quote:
|
Once https redirect is enabled. All the sites below will be accessed via https right. Bcoz now i have only one small index file for testing. With the RewriteEngine syntax the entire sub folders below it will be accessed via https right.
Then what is the difference between 1.Redirect permanent / https://www.mytest.com/ 2. Using Rewrite Module Also in the following syntax RewriteEngine on RewriteCond %{SERVER_PORT} =443 RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L] I would be happy if you explain the RewriteCond and RewriteRule with the various possibilities |
Quote:
Quote:
You use mod_rewrite when you want to do url rewriting based on certain conditions, or some fancy redirecting and so on. Quote:
Apache looks the port it got the request and evaluates it against the RewriteCond(ition). If it's port 443 then it does the rewrite as specified by the RewriteRule, i.e. from plain http to https. Of course in this case you're going to have a loop, as the port will be always 443 and apache will always redirect the request to https If you want, you can have have a look at the apache mod_rewrite documentation for better understanding. Regards |
thanks for providing the details
|
In Apache installed from source(/usr/local/apache) in the httpd.conf file the user and group is showing as daemon. In apache which came with distro(/etc/httpd) is showing as apache. In /etc/passwd Apache user points to /var/www. Now can i change the user and group to apache in /usr/local/apache/conf/httpd.conf and in /etc/passwd i change the document root to /usr/local/apache/htdocs right. Or should i completely remove httpd(distro) and do this..
|
I would suggest you to remove the apache that came with your distro.
The apache user homedir is irrelevant. What you need to do, is to make sure that the actual docroot is owned by the apache user you used in httpd.conf, e.g. Code:
chown -R daemon /usr/local/apache/htdocs |
What must be the owner and group of Apache Web Server. Can the entire Web server be like this
drwxr-xr-x 15 apache apache 4096 Mar 24 23:06 apache or drwxr-xr-x 15 apache root 4096 Mar 24 23:06 apache or changing rights for htdocs alone to apache is enough. Can u specify the owner, group and rights which must be assigned for entire Apache Web Server for it to be a secured one |
Quote:
The rest of the apache files, should be owned by root:root Regards |
What the permissions to be set for entire apache files
|
Quote:
|
Reg: .htaccess. Enabled .htaccess in httpd.conf.
I have 3 files in htdocs 1. /htdocs/test1/index.html 2. /htdocs/test2/index.html 3. /htdocs/index.html Placed .htaccess in test1 & test2 folders alone. If i access index.html from test1 & test2 its asking for password its fine. But when i access http://localhost its asking for password, if i give same credentials its working, is this correct ?. |
Quote:
|
When i give localhost or IP, i get the index.html of test1 only and not the default apache page !. Have setup Virtual hosts for test1 & test2 only, but i should get the apache page right....DocumentRoot is DocumentRoot "/usr/local/apache/htdocs. In htdocs there are 2 folders and 1 file
1. index.html 2. test1 3. test2 Can u guide where i have gone wrong |
After adding port 8080 in httpd.conf
Listen 80 Listen 8080 I accessed localhost:8080 . It worked without asking password. I think since in httpd.conf 80 port is configured and in virtual host, i had written rule to redirect 80 to 443. so the page got redirected to the first virtual host. Am i right. |
Yes, but if you are using vhosts, then the 1st vhost is the default, so when you visit http://localhost you get that vhost with docroot /htdocs/test1
You need another vhost with a docroot /htdocs. |
| All times are GMT -5. The time now is 11:46 AM. |