Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id C98D7200CF8 for ; Thu, 14 Sep 2017 15:40:18 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id C7FC81609CD; Thu, 14 Sep 2017 13:40:18 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 19DCD1609CC for ; Thu, 14 Sep 2017 15:40:17 +0200 (CEST) Received: (qmail 54580 invoked by uid 500); 14 Sep 2017 13:40:15 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 54566 invoked by uid 99); 14 Sep 2017 13:40:15 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Sep 2017 13:40:15 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id EDA6FCC4CF for ; Thu, 14 Sep 2017 13:40:14 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.102 X-Spam-Level: X-Spam-Status: No, score=-0.102 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=greenbytes.de header.b=OcSQ1rHm; dkim=pass (1024-bit key) header.d=greenbytes.de header.b=BH8wgv9I Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id 89bUF4Dzz97i for ; Thu, 14 Sep 2017 13:40:14 +0000 (UTC) Received: from mail.greenbytes.de (mail.greenbytes.de [217.91.35.233]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 0BA345FCB9 for ; Thu, 14 Sep 2017 13:40:13 +0000 (UTC) Received: by mail.greenbytes.de (Postfix, from userid 117) id 1B32415A3C7C; Thu, 14 Sep 2017 15:40:07 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=greenbytes.de; s=mail; t=1505396407; bh=P131kNBhACCWIdN+QMcmj5tNEtD/Z3CVrHJW0spnZtU=; h=From:Subject:Date:References:To:In-Reply-To:From; b=OcSQ1rHmK/bQJ00uSKwzRtL+5WmAjnm7QYDhFdJRC8/2IRxT/5/YnPOq8Tpj1wj5J 3mMfE4IW+TtQDVL/VWjtzcqs7xTkcOtlJLnI35i3N0xPs/Qlv03VmFOlbVXBY9+64a Pdv7fbv1enKjo8dp8Y/tgK8y4fWQgDng44yKvXOg= Received: from resistance.greenbytes.local (unknown [217.91.35.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail.greenbytes.de (Postfix) with ESMTPSA id AE5E115A3C64 for ; Thu, 14 Sep 2017 15:40:06 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=greenbytes.de; s=mail; t=1505396406; bh=P131kNBhACCWIdN+QMcmj5tNEtD/Z3CVrHJW0spnZtU=; h=From:Subject:Date:References:To:In-Reply-To:From; b=BH8wgv9I5XECnkmHq/Ms/cTxzBrJ/qbiX56QCSo3NHYXNMSEdJHJ+YzIb2r2Ehipi dnzjiJ3uUs9o1jkXbHWjzEZeMJlDNkY6tyv/G3q3gtHMmSsxv9V+dHWMwS9FUlVTAH IMVYGKoB2vxtidi65UxdHCVkmIUBXa6m+zbpsUiE= From: Stefan Eissing Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: Listen 443 https Date: Thu, 14 Sep 2017 15:40:06 +0200 References: <678BA83E-09F8-4216-9F8A-675176BEDCCB@greenbytes.de> <6e56dd9f-ad70-2a7c-871a-cfa257b951c4@thelounge.net> <899554e7-2665-6ad5-9f4a-377982aa9d7e@thelounge.net> To: dev@httpd.apache.org In-Reply-To: <899554e7-2665-6ad5-9f4a-377982aa9d7e@thelounge.net> Message-Id: <394E5AFD-478F-4D59-B17F-0640D38C54F5@greenbytes.de> X-Mailer: Apple Mail (2.3273) archived-at: Thu, 14 Sep 2017 13:40:19 -0000 Harald, could you check if a configuration like: UseCanonicalPhysicalPort on in the server or vhost mitigates the problem? Cheers, Stefan > Am 14.09.2017 um 12:00 schrieb Reindl Harald : >=20 >=20 >=20 > Am 10.08.2017 um 18:22 schrieb Reindl Harald: >>> If you want to experiment... >>> >>> is already recognized >> but with "SSLEngine On" and "SSLCertificateFile" configured non-https = no longer would work >=20 > OK, figured it out >=20 > * you need the *first* vhost with "SSLEngine On" > * others can have "SSLEngine optional" and listen to 80 and 443 >=20 > but there is a bug: = https://bz.apache.org/bugzilla/show_bug.cgi?id=3D61519 >=20 > if the trailing slash is missing in the url the automatic redirect to = the full qualified folder-path points to http:// instead https:// and = that does not happen within a vhost dedicated to :443 and "SSLEngine On" >=20 > i was trapped in a endless loop because the php script making a = redirect to https:// had a bug and missed the traling / too >=20 > > DocumentRoot "/www/contentlounge" > ServerName contentlounge.rhsoft.net > SSLEngine optional > SSLCertificateFile "conf/ssl/rhsoft.net.pem" > >=20 > [harry@srv-rhsoft:~]$ curl --head --insecure https://contentlounge/cms > HTTP/1.1 301 Moved Permanently > Date: Thu, 14 Sep 2017 09:40:27 GMT > X-DNS-Prefetch-Control: off > X-Content-Type-Options: nosniff > X-Response-Time: D=3D1311 us > Location: http://contentlounge/cms/ > Cache-Control: max-age=3D0 > Expires: Thu, 14 Sep 2017 09:40:27 GMT > Content-Type: text/html; charset=3Diso-8859-1