LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page Force SSL on Web Folders [APACHE]
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 09-30-2010, 08:34 AM   #1
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Rep: Reputation: 77
Force SSL on Web Folders [APACHE]

So I have a web server running on my Arch Linux server. The document root for my server is the default '/srv/http' directory. My question is how can I force my website to use HTTPS / 443 encryption for my /wiki & /webmail paths? Generally when I go to my website the URL is as follows:

www.iamghost.com (This is just the main site and runs on port 80)

www.iamghost.com/wiki (This is just a folder under my docement root '/srv/http/wiki')

www.iamghost.com/webmail (This too is just another folder under my document root '/srv/http/webmail')

I would like to use my existing SSL certificates (self signed and generated with openssl) to force the 'wiki' & 'webmail' folders to run on port 443 rather than port 80. I don't know how to do this so I am posting my 'httpd.conf' file below so maybe someone can show or help me add the following entries to get this to work. My public and private SSL keys are stored in '/etc/ssl' and are already working for Postfix on the same server.

My 'httpd.conf':

Code:
ServerRoot "/etc/httpd"

Listen 80

LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbd_module modules/mod_authn_dbd.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule file_cache_module modules/mod_file_cache.so
LoadModule cache_module modules/mod_cache.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule dbd_module modules/mod_dbd.so
LoadModule dumpio_module modules/mod_dumpio.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule log_forensic_module modules/mod_log_forensic.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule cern_meta_module modules/mod_cern_meta.so
LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
LoadModule ident_module modules/mod_ident.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule asis_module modules/mod_asis.so
LoadModule info_module modules/mod_info.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule cgid_module modules/mod_cgid.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule imagemap_module modules/mod_imagemap.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule php5_module modules/libphp5.so

<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>

User http
Group http

</IfModule>
</IfModule>

ServerAdmin postmaster@iamghost.com

ServerName www.iamghost.com:80

DocumentRoot "/srv/http"

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

<Directory "/srv/http">
    
    Options Indexes FollowSymLinks Includes
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>


<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

ErrorLog "/var/log/httpd/error_log"

LogLevel warn

<IfModule log_config_module>
   
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "/var/log/httpd/access_log" common

  </IfModule>

<IfModule alias_module>
    
    ScriptAlias /cgi-bin/ "/srv/http/cgi-bin/"

</IfModule>

<IfModule cgid_module>
    
</IfModule>

<Directory "/srv/http/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

DefaultType text/plain

<IfModule mime_module>
  
    TypesConfig conf/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

</IfModule>



Include conf/extra/httpd-multilang-errordoc.conf

Include conf/extra/httpd-autoindex.conf

Include conf/extra/httpd-languages.conf

Include conf/extra/httpd-userdir.conf

Include conf/extra/httpd-default.conf

# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf

Include conf/extra/php5_module.conf

#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
 
Old 09-30-2010, 08:45 AM   #2
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
Code:
<Directory "/foo/bar">                                                                              
    RewriteEngine On                                                                                     
    RewriteCond %{SERVER_PORT} ^80$                                                                      
    RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [L,R]          
#...
</Directory>
Or similar.
 
1 members found this post helpful.
Old 09-30-2010, 08:53 AM   #3
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Original Poster
Rep: Reputation: 77
Quote:
Originally Posted by AlucardZero View Post
Code:
<Directory "/foo/bar">                                                                              
    RewriteEngine On                                                                                     
    RewriteCond %{SERVER_PORT} ^80$                                                                      
    RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [L,R]          
#...
</Directory>
Or similar.
I just simply added the following code to the very bottom of the 'httpd.conf' file since I don't know if it makes any difference where this code is placed...

Code:
<Directory "/srv/http/webmail">
    RewriteEngine On
    RewriteCond %{SERVER_PORT} ^80$
    RewriteRule ^(.*)$ https://%{SERVER_NAME}/$1 [L,R]
#...
</Directory>
For whatever reason when I reloaded my web server, the main site is up and working but when I try to go to the webmail folder, it fails.
 
Old 09-30-2010, 09:01 AM   #4
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,824

Rep: Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615Reputation: 615
What's in your error log?
 
Old 09-30-2010, 09:18 AM   #5
carlosinfl
Senior Member
 
Registered: May 2004
Location: Orlando, FL
Distribution: Arch
Posts: 2,905

Original Poster
Rep: Reputation: 77
Quote:
Originally Posted by AlucardZero View Post
What's in your error log?
Does my code look correct? Do I need to add my server name where you have "SERVER_NAME" or can that remain the same?

The logs don't really help much...

Code:
[Thu Sep 30 10:16:20 2010] [notice] SIGHUP received.  Attempting to restart
[Thu Sep 30 10:16:20 2010] [notice] Digest: generating secret for digest authentication ...
[Thu Sep 30 10:16:20 2010] [notice] Digest: done
PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php/modules/ldap.so' - /usr/lib/php/modules/ldap.so: cannot open shared object file: No such file or directory in Unknown on line 0
[Thu Sep 30 10:16:21 2010] [notice] Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/1.0.0a DAV/2 PHP/5.3.3 with Suhosin-Patch configured -- resuming normal operations
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Just added ssl to my apache web server... trist007 Linux - Newbie 1 01-07-2010 03:11 PM
LXer: APACHE web server and SSL authentication LXer Syndicated Linux News 0 09-05-2009 12:30 PM
Apache SSL encrypt only a portion of web page helpmhost Linux - Server 1 03-06-2009 09:58 AM
Unable to Import SSL to Apache Web Server carlosinfl Linux - Server 5 09-15-2008 10:49 AM
Force SSL on Apache - Slackware 11 stormtracknole Slackware 3 11-28-2006 02:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:30 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration