2015-02-09 16:31 GMT+09:00 Daniel <dferradal@xxxxxxxxx>: > > > 2015-02-08 21:15 GMT+01:00 Yann Ylavic <ylavic.dev@xxxxxxxxx>: >> >> On Sun, Feb 8, 2015 at 9:03 PM, Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote: >> > On Sun, Feb 8, 2015 at 7:36 AM, YUSUI T <yusui.tomikawa@xxxxxxxxx> >> > wrote: >> >> >> >> root@hostname:~# tail -n 6 /etc/apache2/mods-available/ssl.conf >> >> <VirtualHost *:443> >> >> ServerName www.mydomain.com >> >> Redirect / https://www.mydomain.com/ >> >> </VirtualHost> >> > >> > You probably want to redirect to https when the request is plain http, >> > hence : >> > <VirtualHost *:80> >> > above. >> >> Sorry, I completely misread your issue, please ignore this. >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> > > This is the list of virtualhosts you need. It could be reduced, but for > educational purposes here is how all virtualhosts should look to represent > your scenario more or less as I have understood you were asking. As you will > see there is no need for mod_rewrite at all for this case. > > I assumed you want to redirect port 80 to SSL too, if not, ignore the first > non-ssl virtualhost examples. > > ### > # domain.com port 80 redirects to SSL www.domain.com > <VirtualHost *:80> > ServerName domain.com > DocumentRoot /path/to/docroot > Redirect / https://www.domain.com/ > </VirtualHost> > > ### > # www.domain.com port 80 redirects to SSL www.domain.com > <VirtualHost *:80> > ServerName www.domain.com > DocumentRoot /path/to/docroot > Redirect / https://www.domain.com/ > </VirtualHost> > > ### > # domain.com port 443 SSL redirects to SSL www.domain.com > <VirtualHost *:443> > ServerName domain.com > DocumentRoot /path/to/docroot > SSLEngine on > SSLCertificateKeyFile /my/path/to/domain.com.key > SSLCertficicateFile /my/path/do/domain.com.crt > Redirect / https://www.domain.com/ > </VirtualHost> > > #### > # www.domain.com port 443 SSL > <VirtualHost *:443> > ServerName www.domain.com > DocumentRoot /path/to/docroot > SSLEngine on > SSLCertificateKeyFile /my/path/to/www.domain.com.key > SSLCertificateFile /my/path/do/www.domain.com.crt > > ### > # And your actual configuration from here on > </VirtualHost> > > > Hope this helps Thank you for great list of virtualhosts. What I want to do are 2 things; 1st: redirect from http://mydomain.com(:80) to http://www.mydomain.com(:80) 2nd: redirect from https://mydomain.com(:443) to https://www.mydomain.com(:443) Your list is great help for me. I exchanged redirect for rewrite on /etc/apache2/sites-available/000-default.conf. But my Google Chrome said an error "ERR_TOO_MANY_REDIRECTS". Additionally it shows another error when I added # mydomain.com port 443 SSL redirects to SSL www.mydomain.com to /etc/apache2/mods-available/ssl.conf and restarted apache. root@hostname:~# service apache2 restart * Restarting web server apache2 [fail] * The apache2 configtest failed. Output of config test was: AH00526: Syntax error on line 95 of /etc/apache2/mods-enabled/ssl.conf: Invalid command 'SSLCertficicateFile', perhaps misspelled or defined by a module not included in the server configuration Action 'configtest' failed. The Apache error log may have more information. root@hostname:~# My configurations already have some <VirtualHost>. And I am not sure where I should add that list... The followings are my /etc/apache2/sites-available/000-default.conf and /etc/apache2/mods-available/ssl.conf. root@hostname:~# cat /etc/apache2/sites-available/000-default.conf <VirtualHost *:80> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. #ServerName www.example.com ServerAdmin contact@xxxxxxxxxxxx DocumentRoot /var/www/html # mydomain.com port 80 redirects to www.mydomain.com port 80 Redirect / http://www.mydomain.com/ <Directory "/var/www/html"> AllowOverride All Options +ExecCGI Require all granted </Directory> # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf </VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet root@hostname:~# ------------------------------------------------------ root@hostname:~# cat /etc/apache2/mods-available/ssl.conf <IfModule mod_ssl.c> # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the SSL library. # The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. # SSLRandomSeed startup builtin SSLRandomSeed startup file:/dev/urandom 512 SSLRandomSeed connect builtin SSLRandomSeed connect file:/dev/urandom 512 ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # # Some MIME-types for downloading Certificates and CRLs # AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). # (The mechanism dbm has known memory leaks and should not be used). #SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache SSLSessionCache shmcb:${APACHE_RUN_DIR}/ssl_scache(512000) SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization. # (Disabled by default, the global Mutex directive consolidates by default # this) #Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. See the # ciphers(1) man page from the openssl package for list of all available # options. # Enable only secure ciphers: SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 # Speed-optimized SSL Cipher configuration: # If speed is your main concern (on busy HTTPS servers e.g.), # you might want to force clients to specific, performance # optimized ciphers. In this case, prepend those ciphers # to the SSLCipherSuite list, and enable SSLHonorCipherOrder. # Caveat: by giving precedence to RC4-SHA and AES128-SHA # (as in the example below), most connections will no longer # have perfect forward secrecy - if the server's key is # compromised, captures of past or future traffic must be # considered compromised, too. #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 #SSLHonorCipherOrder on # The protocols to enable. # Available values: all, SSLv3, TLSv1, TLSv1.1, TLSv1.2 # SSL v2 is no longer supported SSLProtocol all # Allow insecure renegotiation with clients which do not yet support the # secure renegotiation protocol. Default: Off #SSLInsecureRenegotiation on # Whether to forbid non-SNI clients to access name based virtual hosts. # Default: Off #SSLStrictSNIVHostCheck On </IfModule> # mydomain.com port 443 SSL redirects to SSL www.mydomain.com <VirtualHost *:443> ServerName mydomain.com DocumentRoot /var/www/html SSLEngine on SSLCertificateKeyFile /etc/ssl/CA/certs/www.mydomain.com/server.key SSLCertficicateFile /etc/ssl/CA/certs/www.mydomain.com/server.crt Redirect / https://www.mydomain.com/ </VirtualHost> #test for redirect https #<VirtualHost *:443> # ServerName www.mydomain.com # Redirect / https://www.mydomain.com/ #</VirtualHost> # vim: syntax=apache ts=4 sw=4 sts=4 sr noet root@hostname:~# Yusui --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx