Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am trying to setup a website that uses https only and not http.
I have seen several phrasing for doing so, but I am not sure which is correct. The one that make the most sense is:
SSLProtocal all
SSLCipherSuite HIGH:MEDIUM
But the directions call for putting it in the httpd.conf file. I am runnign the lattest Apache on Redhat 9. From what I see, all SSL commands are in the ssl.conf file, not in httpd.config.
Can someone tell me where and in which file it is suppose to go.
Also, will this mandate https and not http in so that when someone types in my domain name, they automaticly get https?
I am redirecting 80 to 443 but I am getting a "Bad Request" error page (400). It states:
Your browser sent a request that this server could not nderstand.
Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please.
This is very much, an appropriate error. Now what I would like to do is create a custom error page that redirects http to https. I have the page crated and it works. But when I try to direct Apache to it, it seems like it ignores the command and uses the default settings. I tried to create a .htac.. file which direct 400 errors to the page and that did not work.
Am I doing something wrong?
Is there a better way?
It sounds like you are redirecting port 80 to 443 using iptables rules or something like that. It won't work that way, the browsers header needs to be https.
You could use the rewrite rules in your http.conf file to redirect all trafic to https..
This will alow you to either redirect without notice or to show a nice messgage like "you must use https to ..."
What I am going to do is use a redirecting index.htm file and have it be the only fine in the /html. I will place all other files in a subdirectory.
All of the links will be automaticly linked to https when I create the pages. However, this will not prevent someone from typing in the full address without the https - meaning the files might be sent un-encripted.
I setup my site last night according to your directions David, and it works great !!!!!!! Individuals are automatically redirected to the https page. If they try to type in a file location directly without the https (http only) they get an error page.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.