httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Goldschmidt <sgoldschm...@tricofcu.com>
Subject RE: [users@httpd] SSl Redirect
Date Wed, 08 Apr 2009 13:58:05 GMT
Thanks for getting back to me.

I tried adding the code as you described below but the server seemed to go into a loop and
did not open the page.

So what I did instead was I added a NameVirtualHost 192.168.100.25:443 and then in my virtual
host conf file added a new virtual host with a redirect permanent for y and z domain to redirect
to x domain and it seems to work with no problems.

Thanks again.

-----Original Message-----
From: Brian Mearns [mailto:mearns.b@gmail.com] 
Sent: Wednesday, April 08, 2009 9:27 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] SSl Redirect

On Wed, Apr 8, 2009 at 9:04 AM, Stephen Goldschmidt
<sgoldschmidt@tricofcu.com> wrote:
> Hello
>
> I am using apache and have a Virtualhost enabled with ssl and this works
> great, using a godaddy ssl cert.
>
> my question is the certificate is only assigned to one domain name.
> www.domain.com
>
> so in my browser if i go to www.domain.com or domain.com the ssl certificate
> works with no problems.
>
> i am having an issue with having www.domain.org and www.domain.net redirect
> to www.domain.com over port 443. Since apache does not support NamedVirthual
> Hosts over port 443 how can i create a virtual host using the name and alias
> of www.domain.net and www.domain.org using port 443 and redirect to vhost
> www.domain.com?
>
> if i try to add a second vhost using the same ip and port apache does not
> like it but i don't want to use another routeable ip to get this to work.
>
> i want is for domain x to have the signed cert and have domain y and z
> redirct on the apache side to domain x. domain y and z will not have
> separate content
>
> my problem is when i create another <virtualhost 192.168.100.25:443> for
> domain y and z, since domain x already has <virtualhost 192.168.100.25:443>
> upon restart of apache i get an error stating that domain 192.168.100.25:443
> already is assigned, and that i should try the <named virtual host *:443>
> directive. but since apache does not support <named virtual host> over ssl
> port 443 i don't know how to set up domain y and z to redirect to domain x.
>
> can i add the redirect of y and z domain inside of the <virtualhost> for x
> domain? i tried it by addind redirect / https://domain.com/ and the site
> just sits in a loop and does not open. am i missing something or does this
> redirect have to be tagged otherway first?
>
> Can this be done? or can i add these redirect in the original ssl enabled
> vhost?
>
> or has anyone had success with mod_gnutls? if so how do you set this up with
> ubuntu 8.10?
>
> Thanks
[clip]

Stephen,

To clarify, Apache does /not/ prohibit name based virtual hosting on
any particular port. The issue is that when an SSL connection comes in
(on any port, but the default is 443), it is inherently encrypted so
Apache cannot look inside the HTTP request to see what the value of
the Host header is, which is how it does named based vhosting.

However, that really only effects what vhost is used to handle the
ssl. Once the SSL is decrypted, Apache will re-attempt to figure out
the correct vhost, which can be done using the Host header for
name-based vhosting.

But that doesn't really address your problem. I think your best
solution is to include your other domains as ServerAliases inside you
main SSL vhost, and then use a RewriteCond to redirect requests that
match those hosts. Something like:

#### Apache config file snippet #####

NameVirtualHost 192.168.11.25:443

#Domain X, Y, and Z all in one
<virtualhost 192.168.100.25:443>

  ###Set up SSL stuff here...

  ServerName X
  ServerAlias Y Z #Let this vhost be used for name-based vhosting of Y
and Z as well.

  RewriteEngine on
  RewriteCond %{HTTP_HOST}  ^Y/*  [OR]  #Only apply following rewrite
rule for domain Y...
  RewriteCond %{HTTP_HOST}  ^Z/*  [OR]  #... or domain Z
  RewriteRule ^/(.*)$ https://X:443/$1 [R=301]

</virtualhost>

I think that should accomplish what you're looking for.

Hope that helps,
-Brian


-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://pgp.mit.edu/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.0.238 / Virus Database: 270.11.45/2045 - Release Date: 04/07/09 06:41:00



CONFIDENTIALITY NOTICE:


This message contains information that may be confidential and is intended only for the use
of the individual or entity named above.  If you are not the intended recipient, you are hereby
notified that any dissemination, distribution or copying of this communication is strictly
prohibited.  If you have received this communication in error, please immediately notify us
by return email and destroy any copies, electronic, paper or otherwise, which you may have
of this communication.


This email message has been scanned for Viruses and Content and cleared by Symantec Mail Security
and EHS Filtering



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message