httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Long <>
Subject RE: [users@httpd] Forwarding IP to HTTPS. [EXT]
Date Mon, 12 Oct 2020 16:47:56 GMT
Thank you.I'm using Let's Encrypt SSL. Is it OK?

Sent from Yahoo Mail on Android 
  On Mon, Oct 12, 2020 at 7:27 PM, James Smith<> wrote:   #yiv3289296361
#yiv3289296361 -- _filtered {} _filtered {} _filtered {}#yiv3289296361 #yiv3289296361 p.yiv3289296361MsoNormal,
#yiv3289296361 li.yiv3289296361MsoNormal, #yiv3289296361 div.yiv3289296361MsoNormal {margin:0cm;font-size:11.0pt;font-family:sans-serif;}#yiv3289296361
a:link, #yiv3289296361 span.yiv3289296361MsoHyperlink {color:blue;text-decoration:underline;}#yiv3289296361
.yiv3289296361MsoChpDefault {font-size:10.0pt;} _filtered {}#yiv3289296361 div.yiv3289296361WordSection1
So I would do this for the virtual host sections – assuming you are only running ONE externally
facing website – there are other things you would need to do if you were running multiple

## Send all traffic on port 80 to the primary domain over SSL…

<VirtualHost *:80>
  RequestHeader unset X-is-ssl
  RewriteEngine     on
  RewriteRule       ^(.*)${REQUEST_URI} [R=permanent,L,NE]
## Send all traffic on port 443 which isn't the primary domain to the primary domain
## This implicitly picks up the IP for the host, the actual hostname OR the unqualified domain
<VirtualHost *:443>
  RewriteEngine     on
  RewriteRule       ^(.*)${REQUEST_URI} [R,L,NE]
<VirtualHost *:443>
  Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
  ServerAdmin root@localhost
  ## Do not use Server Alias here for alternative domains - only use for test/dev sites...
  DocumentRoot /var/www/wp
  <Directory "/var/www/wp">
    Options Indexes FollowSymLinks
    AllowOverride all
    Require all granted
  ## Put the rest of your wordpress stuff here...
From: Jason Long <>
Sent: 12 October 2020 16:39
Subject: Re: [users@httpd] Forwarding IP to HTTPS. [EXT]
Excuse me,
Can you clean my configuration?
On Monday, October 12, 2020, 07:06:17 PM GMT+3:30, Frank <> wrote:

Omitting an explicit ServerName in name-based vhosts is a bad idea as
well. You can create conflicts or ambiguities.

On 12/10/20 11:22 AM, James Smith wrote:
> This would be my set-up in your case - note as someone said it was too complex I've removed
the extra security bits I'd left in by accident...
> ## Port 80 && 443 default configs...
> <VirtualHost *:80>
>  RequestHeader unset X-is-ssl
>  RewriteEngine    on
>  RewriteRule      ^(.*)$ []{REQUEST_URI} [R=permanent,L,NE]
> </VirtualHost>
> <VirtualHost *:443>
>  RewriteEngine    on
>  RewriteRule      ^(.*)$ []{REQUEST_URI} [R,L,NE]

> </VirtualHost>
> ## Port 443 default - this is our main server...... so your main apache config stuff
should be in here with SSL configured correctly..
> <VirtualHost *:443>
>  ServerName
>  ...
>  ...
>  ...
>  ...
>  ...
> </VirtualHost>
> If you have more than one domain then you will need to add rules on port 80 to preserve
the hostname & also blocks for each additional domain

To unsubscribe, e-mail:
For additional commands, e-mail: -- The Wellcome Sanger Institute
is operated by Genome Research Limited, a charity registered in England with number 1021457
and a company registered in England with number 2742969, whose registered office is 215 Euston
Road, London, NW1 2BE.   

View raw message