VirtualHosts and mod_ssl
Moderator: General Moderators
VirtualHosts and mod_ssl
I've got a virtual host "somesite.com" running on 443/ssl (mod_ssl) on a separate IP address. When someone types http://somesite.com, right now the default virtual host is served up. What do I need to do in order to get apache to catch that server name "somesite.com" and redirect it to ssl on the correct virtual host? I hope that makes sense. If it doesn't feel free to reply "wtf"....
Thanks
Thanks
If i'm not mistaken, you would have to add a virtualhost just as with regular apache...
By heart:
By heart:
Code: Select all
NameVirtualHost *:443
<VirtualHost 192.168.1.11:443>
hostname somehost
rootdir /var/wwws/somehost
enablessl
</Virtualhost>Here a few more details i've got...
NameVirtualHost 11.11.111.1
running on one port....
<VirtualHost 11.11.111.1>
ServerName thissite.com
</VirtualHost>
Then I've got a second IP like:
NameVirtualHost *:443
<VirtualHost 22.22.222.222>
ServerName somesite.com
SSLEngine on
</VirtualHost>
When you make an https://somesite.com you get somesite.com's content.
When you make an http://somesite.com you get the content of the default VirtualHost running on 80 thissite.com.
So the question is how do I set it up so port 80 connections to somesite.com end up secure and deliver somesite.com content.
I tried adding another virtual host under port 80 with the same server name and I got the same results described above...
NameVirtualHost 11.11.111.1
running on one port....
<VirtualHost 11.11.111.1>
ServerName thissite.com
</VirtualHost>
Then I've got a second IP like:
NameVirtualHost *:443
<VirtualHost 22.22.222.222>
ServerName somesite.com
SSLEngine on
</VirtualHost>
When you make an https://somesite.com you get somesite.com's content.
When you make an http://somesite.com you get the content of the default VirtualHost running on 80 thissite.com.
So the question is how do I set it up so port 80 connections to somesite.com end up secure and deliver somesite.com content.
I tried adding another virtual host under port 80 with the same server name and I got the same results described above...
- Chris Corbyn
- Breakbeat Nuttzer
- Posts: 13098
- Joined: Wed Mar 24, 2004 7:57 am
- Location: Melbourne, Australia
A simple mod_rewrite rule will suffice....
Should work fine either in a .htaccess file within the root of your http virtual host or in the main httpd.conf file within your virtual host config.
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} !^on [NC]
RewriteRule (.*) https://somesite.com/$1 [R]When a request is made to your default (port 80) server it hits the RewriteCondition and only if that condition is met will the RewriteRule be applied.
The RewriteCondition is essentially an 'if' statement which checks the request method is not https. If it is not https then the RewriteRule will be applied.
The RewriteRule is a very simple one. Basically it takes any request and redirects it to your https server.
Technically the RewriteCondition should use SERVER_PROTOCOL and not HTTPS but I have found this to be 'flaky' on some versions of Apache.
You could also use the more simplistic 'Redirect' directive but I've also seen problems with that approach too, anything from simply not redirecting through to endless loop redirects.
I've found the above mod_rewrite to be the most reliable solution.
The RewriteCondition is essentially an 'if' statement which checks the request method is not https. If it is not https then the RewriteRule will be applied.
The RewriteRule is a very simple one. Basically it takes any request and redirects it to your https server.
Technically the RewriteCondition should use SERVER_PROTOCOL and not HTTPS but I have found this to be 'flaky' on some versions of Apache.
You could also use the more simplistic 'Redirect' directive but I've also seen problems with that approach too, anything from simply not redirecting through to endless loop redirects.
I've found the above mod_rewrite to be the most reliable solution.
Now i have access to my the webserver, here is a modified example (it should redirect all requests for http://example.com/awstats to https://example.com/awstats)
apache httpd.conf
apache-ssl httpd.conf
apache httpd.conf
Code: Select all
<VirtualHost 192.168.1.11>
ServerName example.com
DocumentRoot/var/www/example.com
Redirect /awstats https://example.com/awstats
</VirtualHost>Code: Select all
<VirtualHost 192.168.1.11:443>
ServerName example.com
DocumentRoot /var/www/example.com
# For awstats
Alias /awstatsclasses "/var/wwws/example.com/awstats/awstatsclasses"
Alias /awstats "/var/wwws/example.com/awstats/awstatsclasses/www"
SSLEnable
</VirtualHost>