httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brandon L. Wisenburg" <bran...@wisenburg.com>
Subject Re: [users@httpd] Apache2 listening on 80(http) and 443(https)
Date Sat, 02 Apr 2016 04:31:09 GMT
Great! That is just what I needed. Appreciate the prompt response. 


-Brandon 


From: "David Benfell" <dbenfell@gmail.com> 
To: "users" <users@httpd.apache.org> 
Sent: Friday, April 1, 2016 11:27:38 PM 
Subject: Re: [users@httpd] Apache2 listening on 80(http) and 443(https) 

On 04/01/2016 09:00 PM, Brandon L. Wisenburg wrote: 



Hi Everyone! 
I have converted my website to SSL, and I go the virtual host setup and SSL working in Apache.
When someone uses http://domain.com they get a connection refused, because of course the server
isn't listening on 80, as i have it setup for SSL (443) 

How would I make apache listen on http(80), but re-direct anyone that hits http to https.


Is it possible to have apache listen on both 80 and 443? 


Yes, absolutely. I do this routinely for all my sites. I have a highly compartmentalized configuration
but hopefully you'll get the gist of it. This is what I use at the top level for parts-unknown.org:


Listen 50.250.218.163:80 
Listen 50.250.218.163:443 
<VirtualHost 50.250.218.163:80> 
Include sites-available/parts-unknown.org-common 
Include sites-available/force-ssl-common 
Include sites-available/parts-unknown.org-log-common 
</VirtualHost> 
<VirtualHost 50.250.218.163:443> 
Include sites-available/parts-unknown.org-common 
Include sites-available/ssl-common 
Include sites-available/parts-unknown.org-log-common 
</VirtualHost> 

As you can see, I have multiple Listen declarations and multiple virtual hosts. But the real
magic (which probably isn't so magical if you actually understand this stuff) is in force-ssl-common:


<IfModule mod_rewrite.c> 
RewriteEngine on 
ReWriteCond %{SERVER_PORT} !^443$ 
RewriteRule ^/(.*) https://% {HTTP_HOST}/$1 [NC,R,L] 
</IfModule> 

I don't use SNI basically because I started hosting these sites before SNI was widely available
and even when it started becoming widely available it seemed broken (I gather this is no longer
the case). I don't know how or if that would change this configuration. 
-- 
David Benfell, Ph.D. benfell@parts-unknown.org 


Mime
View raw message