James, Unless the user has many hosts, I would recommend against using mod_rewrite here. It isn't needed. And your vhost should include an explicity ServerName directive. On 12/10/20 11:56 AM, James Smith wrote: > So I would do this for the virtual host sections – assuming you are only > running ONE externally facing website – there are other things you would > need to do if you were running multiple ones > > ## Send all traffic on port 80 to the primary domain over SSL… > > > <VirtualHost *:80> > > RequestHeader unset X-is-ssl > > RewriteEngine on > > RewriteRule ^(.*)$ https://www.example.com%{REQUEST_URI} > [R=permanent,L,NE] > > </VirtualHost> > > > > ## Send all traffic on port 443 which isn't the primary domain to the > primary domain > ## This implicitly picks up the IP for the host, the actual hostname OR > the unqualified domain name example.com > > > > <VirtualHost *:443> > > RewriteEngine on > > RewriteRule ^(.*)$ https://www.example.com/%{REQUEST_URI} [R,L,NE] > > </VirtualHost> > > > > <VirtualHost *:443> > > Header always set Strict-Transport-Security "max-age=63072000; > includeSubdomains; preload" > > ServerAdmin root@localhost > > ServerName www.example.com > > ## Do not use Server Alias here for alternative domains - only use for > test/dev sites... > > DocumentRoot /var/www/wp > > <Directory "/var/www/wp"> > > Options Indexes FollowSymLinks > > AllowOverride all > > Require all granted > > </Directory> > > > > ## Put the rest of your wordpress stuff here... > > </VirtualHost> > > > > *From:*Jason Long <hack3rcon@xxxxxxxxx.INVALID> > *Sent:* 12 October 2020 16:39 > *To:* users@xxxxxxxxxxxxxxxx > *Subject:* Re: Forwarding IP to HTTPS. [EXT] > > > > Excuse me, > > Can you clean my configuration? > > > > On Monday, October 12, 2020, 07:06:17 PM GMT+3:30, Frank > <thumbs@xxxxxxxxxx <mailto:thumbs@xxxxxxxxxx>> wrote: > > > > > > James, > > Omitting an explicit ServerName in name-based vhosts is a bad idea as > well. You can create conflicts or ambiguities. > > > On 12/10/20 11:22 AM, James Smith wrote: >> This would be my set-up in your case - note as someone said it was too complex I've removed the extra security bits I'd left in by accident... >> >> ## Port 80 && 443 default configs... >> >> <VirtualHost *:80> >> RequestHeader unset X-is-ssl >> RewriteEngine on >> RewriteRule ^(.*)$ https://www.mydomain.com% [mydomain.com%] > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com-25&d=DwMFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=aSXzAFTQK2MqTd4h8-yDESDKjJwJfq6x0sy97DB2Dlg&s=rP2yXyskai3avho4gNa3ivaQdP6NyvIGOONKga7UWLA&e=>{REQUEST_URI} > [R=permanent,L,NE] >> </VirtualHost> >> >> <VirtualHost *:443> >> RewriteEngine on >> RewriteRule ^(.*)$ https://www.mydomain.com/% [mydomain.com] > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com_-25&d=DwMFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=aSXzAFTQK2MqTd4h8-yDESDKjJwJfq6x0sy97DB2Dlg&s=0xY2vrAmBv9NS93So6uL5BSAVrWQQPPc8fQe6cF_oHo&e=>{REQUEST_URI} > [R,L,NE] >> </VirtualHost> >> >> ## Port 443 default - this is our main server...... so your main apache config stuff should be in here with SSL configured correctly.. >> >> <VirtualHost *:443> >> ServerName www.mydomain.com <http://www.mydomain.com> >> ... >> ... >> ... >> ... >> ... >> </VirtualHost> >> >> If you have more than one domain then you will need to add rules on port 80 to preserve the hostname & also blocks for each additional domain >> >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > <mailto:users-unsubscribe@xxxxxxxxxxxxxxxx> > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > <mailto:users-help@xxxxxxxxxxxxxxxx> > > -- The Wellcome Sanger Institute is operated by Genome Research Limited, > a charity registered in England with number 1021457 and a company > registered in England with number 2742969, whose registered office is > 215 Euston Road, London, NW1 2BE. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx