httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Covener <cove...@gmail.com>
Subject Re: Listen 443 https
Date Fri, 01 Sep 2017 15:12:59 GMT
On Fri, Sep 1, 2017 at 10:39 AM, Stefan Eissing
<stefan.eissing@greenbytes.de> wrote:
> I get the first feedback from Apache users that want their http: only hosts to also serve
https:. This is nice feedback to improve usability of mod_md.
>
> Ideally, what these people want - and that is purely my interpretation - is to add a
few lines to their config and  - voila - https: is available. And, honestly, why should they
not expect that?
>
>
>
> Example: Duplication/Redirect
>
> They have something like:
> ----------------------------------
> Listen 80
> <VirtualHost *:80>
>   ServerName xxx.yyy
>   ...
> </VirtualHost>
> ----------------------------------
>
> and want to also make that available on https:
> ----------------------------------
> Listen http://*:80
> Listen https://*:443
>
> <VirtualHost *:80>
>   ServerName xxx.yyy
>   AlternatePorts 443
>   ...
> </VirtualHost>
> ----------------------------------
>
> or redirect everyone to https:
> ----------------------------------
> Listen http://*:80
> Listen https://*:443
>
> <VirtualHost *:443>
>   ServerName xxx.yyy
>   RedirectPermanentFrom 80
>   ...
> </VirtualHost>

I am not keen on the syntax because we already permit multiple
addresses in the VirtualHost tag.

How about e.g.

<virtualhost *:80 *:443>
  # no protocol
  ServerName example.com
  # repurpose "optional" or pick something new
  SSLEgine optional
  # Extend SSLRequireSSL.  no-arg is deny. Default w/ "redirect" is
80, 443. For redirects, may need to not match TCP listening port
  SSLRequireSSL ["redirect" [ from-port to-port ]]
</virtualhost>

Mime
View raw message