httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Cillo <>
Subject Re: [users@httpd] Redirection via HTTPS
Date Mon, 09 Feb 2015 15:36:39 GMT
In case this is helpful to someone, a book I bought on .htaccess recommends this to require
SSL/HTTPS by port:
<IfModule mod_rewrite.c>    RewriteCond %{SERVER_PORT} ^80$    RewriteRule ^(.*)$
https://%{SERVER_NAME}%{REQUEST_URI} [R=301, L]</IfModule>

      From: YUSUI T <>
 Sent: Monday, February 9, 2015 9:53 AM
 Subject: Re: [users@httpd] Redirection via HTTPS
2015-02-09 16:31 GMT+09:00 Daniel <>:
> 2015-02-08 21:15 GMT+01:00 Yann Ylavic <>:
>> On Sun, Feb 8, 2015 at 9:03 PM, Yann Ylavic <> wrote:
>> > On Sun, Feb 8, 2015 at 7:36 AM, YUSUI T <>
>> > wrote:
>> >>
>> >> root@hostname:~# tail -n 6 /etc/apache2/mods-available/ssl.conf
>> >> <VirtualHost *:443>
>> >>        ServerName
>> >>        Redirect /
>> >> </VirtualHost>
>> >
>> > You probably want to redirect to https when the request is plain http,
>> > hence :
>> >  <VirtualHost *:80>
>> > above.
>> Sorry, I completely misread your issue, please ignore this.
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail:
>> For additional commands, e-mail:
> This is the list of virtualhosts you need. It could be reduced, but for
> educational purposes here is how all virtualhosts should look to represent
> your scenario more or less as I have understood you were asking. As you will
> see there is no need for mod_rewrite at all for this case.
> I assumed you want to redirect port 80 to SSL too, if not, ignore the first
> non-ssl virtualhost examples.
> ###
> # port 80 redirects to SSL
> <VirtualHost *:80>
> ServerName
> DocumentRoot /path/to/docroot
> Redirect /
> </VirtualHost>
> ###
> # port 80 redirects to SSL
> <VirtualHost *:80>
> ServerName
> DocumentRoot /path/to/docroot
> Redirect /
> </VirtualHost>
> ###
> # port 443 SSL redirects to SSL
> <VirtualHost *:443>
> ServerName
> DocumentRoot /path/to/docroot
> SSLEngine on
> SSLCertificateKeyFile /my/path/to/
> SSLCertficicateFile /my/path/do/
> Redirect /
> </VirtualHost>
> ####
> # port 443 SSL
> <VirtualHost *:443>
> ServerName
> DocumentRoot /path/to/docroot
> SSLEngine on
> SSLCertificateKeyFile /my/path/to/
> SSLCertificateFile /my/path/do/
> ###
> # And your actual configuration from here on
> </VirtualHost>
> Hope this helps

Thank you for great list of virtualhosts.
What I want to do are 2 things;
1st: redirect from to
2nd: redirect from to

Your list is great help for me.
I exchanged redirect for rewrite on
But my Google Chrome said an error "ERR_TOO_MANY_REDIRECTS".
Additionally it shows another error when I added # port
443 SSL redirects to SSL to
/etc/apache2/mods-available/ssl.conf and restarted apache.

root@hostname:~# service apache2 restart
 * Restarting web server apache2                                       
 * The apache2 configtest failed.
Output of config test was:
AH00526: Syntax error on line 95 of /etc/apache2/mods-enabled/ssl.conf:
Invalid command 'SSLCertficicateFile', perhaps misspelled or defined
by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.

My configurations already have some <VirtualHost>. And I am not sure
where I should add that list...

The followings are my /etc/apache2/sites-available/000-default.conf
and /etc/apache2/mods-available/ssl.conf.

root@hostname:~# cat /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname
and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.

        DocumentRoot /var/www/html

# port 80 redirects to port 80
Redirect /

        <Directory "/var/www/html">
            AllowOverride All
            Options +ExecCGI
            Require all granted

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf


# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
root@hostname:~# cat /etc/apache2/mods-available/ssl.conf
<IfModule mod_ssl.c>

        # Pseudo Random Number Generator (PRNG):
        # Configure one or more sources to seed the PRNG of the SSL library.
        # The seed data should be of good random quality.
        # WARNING! On some platforms /dev/random blocks if not enough entropy
        # is available. This means you then cannot use the /dev/random device
        # because it would lead to very long connection times (as long as
        # it requires to make more entropy available). But usually those
        # platforms additionally provide a /dev/urandom device which doesn't
        # block. So, if available, use this one instead. Read the mod_ssl User
        # Manual for more details.
        SSLRandomSeed startup builtin
        SSLRandomSeed startup file:/dev/urandom 512
        SSLRandomSeed connect builtin
        SSLRandomSeed connect file:/dev/urandom 512

        ##  SSL Global Context
        ##  All SSL configuration in this context applies both to
        ##  the main server and all SSL-enabled virtual hosts.

        #  Some MIME-types for downloading Certificates and CRLs
        AddType application/x-x509-ca-cert .crt
        AddType application/x-pkcs7-crl .crl

        #  Pass Phrase Dialog:
        #  Configure the pass phrase gathering process.
        #  The filtering dialog program (`builtin' is a internal
        #  terminal dialog) has to provide the pass phrase on stdout.
        SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase

        #  Inter-Process Session Cache:
        #  Configure the SSL Session Cache: First the mechanism
        #  to use and second the expiring timeout (in seconds).
        #  (The mechanism dbm has known memory leaks and should not be used).
        #SSLSessionCache                dbm:${APACHE_RUN_DIR}/ssl_scache
        SSLSessionCache        shmcb:${APACHE_RUN_DIR}/ssl_scache(512000)
        SSLSessionCacheTimeout  300

        #  Semaphore:
        #  Configure the path to the mutual exclusion semaphore the
        #  SSL engine uses internally for inter-process synchronization.
        #  (Disabled by default, the global Mutex directive
consolidates by default
        #  this)
        #Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache

        #  SSL Cipher Suite:
        #  List the ciphers that the client is permitted to negotiate. See the
        #  ciphers(1) man page from the openssl package for list of
all available
        #  options.
        #  Enable only secure ciphers:
        SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

        #  Speed-optimized SSL Cipher configuration:
        #  If speed is your main concern (on busy HTTPS servers e.g.),
        #  you might want to force clients to specific, performance
        #  optimized ciphers. In this case, prepend those ciphers
        #  to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
        #  Caveat: by giving precedence to RC4-SHA and AES128-SHA
        #  (as in the example below), most connections will no longer
        #  have perfect forward secrecy - if the server's key is
        #  compromised, captures of past or future traffic must be
        #  considered compromised, too.
        #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
        #SSLHonorCipherOrder on

        #  The protocols to enable.
        #  Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2
        #  SSL v2  is no longer supported
        SSLProtocol all

        #  Allow insecure renegotiation with clients which do not yet
support the
        #  secure renegotiation protocol. Default: Off
        #SSLInsecureRenegotiation on

        #  Whether to forbid non-SNI clients to access name based
virtual hosts.
        #  Default: Off
        #SSLStrictSNIVHostCheck On


# port 443 SSL redirects to SSL
<VirtualHost *:443>
        DocumentRoot /var/www/html
        SSLEngine on
        SSLCertificateKeyFile /etc/ssl/CA/certs/
        SSLCertficicateFile /etc/ssl/CA/certs/
        Redirect /

#test for redirect https
#<VirtualHost *:443>
#        ServerName
#        Redirect /

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message