Hmmm, well how it works is you have a virtualhost listening on port 80. If a user connects to port 80 then redirect to port 443 (https). The 443 Virtualhost would be where you specify the certificates. So as an overview you must
- enable virtual hosts for ports 80 and 443 (default http and https ports)
- redirect to port 443 if the user connects to 80 (i.e. the connection is unencrypted)
- encrypt the connection at port 443 (set up your certs). Your certificate should already be created and signed by a certificate authority before you can complete this step. If your certificates don't exist, then nothing can be encrypted.
This can be accomplished with some of the following configs for conf.d.
Code:
NameVirtualHost *:80
NameVirtualHost *:443
Code:
<VirtualHost *:80>
ServerName www.example.com
Redirect / https://www.example.com/
</VirtualHost>
Code:
<VirtualHost *:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/ssl.crt/www.example.com.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/www.example.com.pem
ServerName www.example.com
DocumentRoot /var/www/domains/www.example.com
<Directory "/var/www/domains/www.example.com">
Options Indexes FollowSymLinks +ExecCGI
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/www/logs/www.example.com_error_log
CustomLog /var/www/logs/www.example.com_access_log combined env=!dontlog
</VirtualHost>
Where each code block presented above is a separate conf file in /etc/httpd/conf.d/. That's one way you *could* do it. Please note that I added some personal preferences for decisions such as allowed algorithms and ciphers along with any other design decisions (i.e. custom logging). This may not be the solution for you. As a system administrator you should take the time to become familiar with Apache, SSL, and the openssl tool kit because you put both yourself (reputation) and your servers (misconfiguration security flaws) at risk. If you're running a blog about cheese sandwiches then fine but if you're handling any kind of real data then heed my warning.
If you wanted to use mod_rewrite instead of mod_alias to do the redirection then you *could* accomplish it like so...
Code:
<VirtualHost *:80>
ServerName www.example.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
</VirtualHost>
Each has their advantages and disadvantages but I won't get too in depth. One such advantage is mod_rewrite will redirect URL bread crumbs to their https equivalent.
SAM