LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-25-2009, 02:48 PM   #1
kmeyers
LQ Newbie
 
Registered: Feb 2009
Posts: 5

Rep: Reputation: 0
Apache 2 Redirect


Ok, for the life of me I cant figure out how to do this and need some help. I believe I finally have a very secure config for apache2 that will only use SSL or port443. Problem is how do I redirect all my users who dont type in https:// to the proper SSL port 443?

Do I have to create Virtual Servers? If so how?

Or is there a Redirect command?

Thanks again for all your help before hand.....


Code:
# =================================================
# Basic settings
# =================================================
User apache
Group apache
ServerAdmin Me@Me.org
ServerName WebServer
UseCanonicalName Off
ServerSignature Off
HostnameLookups Off
ServerTokens Prod
ServerRoot "/usr/local/apache2"
DocumentRoot "/www"
PidFile /usr/local/apache2/logs/httpd.pid
ScoreBoardFile /usr/local/apache2/logs/httpd.scoreboard
<IfModule mod_dir.c>
    DirectoryIndex index.html
</IfModule>

# =================================================
# HTTP and performance settings
# =================================================
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 30
<IfModule prefork.c>
    MinSpareServers 5
    MaxSpareServers 10
    StartServers 5
    MaxClients 150
    MaxRequestsPerChild 0
</IfModule>

# =================================================
# Access control
# =================================================
<Directory />
    Options None
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>
<Directory "/www">
    Order allow,deny
    Allow from all
</Directory>

# =================================================
# MIME encoding
# =================================================
<IfModule mod_mime.c>
    TypesConfig /usr/local/apache2/conf/mime.types
</IfModule>
DefaultType text/plain
<IfModule mod_mime.c>
    AddEncoding x-compress              .Z
    AddEncoding x-gzip                  .gz .tgz
    AddType application/x-compress      .Z
    AddType application/x-gzip          .gz .tgz
    AddType application/x-tar           .tgz
    AddType application/x-x509-ca-cert  .crt
    AddType application/x-pkcs7-crl     .crl
</IfModule>

# =================================================
# Logs
# =================================================
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
ErrorLog /usr/local/apache2/logs/error_log
CustomLog /usr/local/apache2/logs/access_log combined
CustomLog logs/ssl_request_log "%t %h %{HTTPS}x %{SSL_PROTOCOL}x %{SSL_CIPHER}x %{SSL_CIPHER_USEKEYSIZE}x %{SSL_CLIENT_VERIFY}x \"%r\" %b"

# =================================================
# SSL/TLS settings
# =================================================
Listen 0.0.0.0:443

SSLEngine on
SSLOptions +StrictRequire

<Directory />
    SSLRequireSSL
</Directory>

SSLProtocol -all +TLSv1 +SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM

SSLMutex file:/usr/local/apache2/logs/ssl_mutex

SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024

SSLSessionCache shm:/usr/local/apache2/logs/ssl_cache_shm
SSLSessionCacheTimeout 600

SSLPassPhraseDialog builtin
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/Server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/Server.key
SSLCertificateChainFile /usr/local/apache2/conf/ssl.crt/intermediate.crt

SSLVerifyClient none
SSLProxyEngine off

<IfModule mime.c>
    AddType application/x-x509-ca-cert      .crt
    AddType application/x-pkcs7-crl         .crl
</IfModule>
 
Old 02-25-2009, 08:24 PM   #2
kmeyers
LQ Newbie
 
Registered: Feb 2009
Posts: 5

Original Poster
Rep: Reputation: 0
Ok it took me 2 days.. I finally solved my own problem. For the index.html file at the root of the http server I have the following:

Code:
<META http-equiv="refresh" content="0; URL=https://Server">
Here is what my Virtual hosts look like.

Code:
# =================================================
# Virtual hosts
# =================================================
<VirtualHost *:80>
    DocumentRoot "/www/test"
</VirtualHost>

<VirtualHost *:443>
        DocumentRoot "/www"
        SSLEngine on
        SSLOptions +StrictRequire

        <Directory />
           SSLRequireSSL
        </Directory>

        SSLProtocol -all +TLSv1 +SSLv3
        SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM
        SSLCertificateFile /usr/local/apache2/conf/ssl.crt/Server.crt
        SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/Server.key
        SSLCertificateChainFile /usr/local/apache2/conf/ssl.crt/intermediate.crt
</VirtualHost>
 
Old 02-26-2009, 01:56 AM   #3
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,189
Blog Entries: 1

Rep: Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051
Quote:
Ok it took me 2 days.. I finally solved my own problem. For the index.html file at the root of the http server I have the following:
This will work only for index.html. What if someone visits directly another page? You have to do this for all the webpages you have, that is a pain...
You can use mod_rewrite to rewrite http requests to https:
Code:
 RewriteEngine On
 RewriteCond %{HTTPS} off
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Regards
 
Old 02-26-2009, 06:58 AM   #4
kmeyers
LQ Newbie
 
Registered: Feb 2009
Posts: 5

Original Poster
Rep: Reputation: 0
Ok stupid question, I already have compiled and install apache, but mod_rewrite wasn't one of the modules, how do I install mod_rewrite?

Also will the Rewrite command go under my Virutalhost for port 80 like this... or should it go somewhere else?

Code:
<VirtualHost *:80>
    DocumentRoot "/www/test"
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
 
Old 02-26-2009, 07:13 AM   #5
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,189
Blog Entries: 1

Rep: Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051Reputation: 2051
Quote:
I already have compiled and install apache, but mod_rewrite wasn't one of the modules, how do I install mod_rewrite?
Recompile apache using adding the "--enable-rewrite" option in the ./configure script you've used.
Don't forget to run "make clean" in the source tree before running ./configure
If you have compiled apache with DSO support you can just compile the module. It will automatically be installed and add the needed "LoadModule" directive in httpd.conf:
Code:
/usr/local/apache2/bin/apxs -iac /path/to/apache-source/modules/mappers/mod_rewrite.c
Quote:
Also will the Rewrite command go under my Virutalhost for port 80 like this... or should it go somewhere else?
You can put the rewrite commands wherever you want them to apply: under <DocumentRoot> for the whole server, inside a <VirtualHost> definition to apply for the specific vhost or inside a <Directory> definition to apply for that directory

Last edited by bathory; 04-26-2009 at 02:29 PM. Reason: Additional info
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
apache redirect mahmoud Linux - Newbie 3 01-13-2009 08:59 PM
Apache redirect question sir-lancealot Linux - Server 2 01-23-2008 09:42 AM
redirect traffic through apache kola Linux - Networking 7 12-11-2004 07:29 AM
redirect in Apache baslemmens Linux - Networking 6 09-02-2004 12:07 PM
apache redirect? fibbi Linux - Software 7 01-30-2004 10:41 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration