James,
Unless the user has many hosts, I would recommend against using
mod_rewrite here. It isn't needed. And your vhost should include an
explicity ServerName directive.
On 12/10/20 11:56 AM, James Smith wrote:
> So I would do this for the virtual host sections – assuming you are only
> running ONE externally facing website – there are other things you would
> need to do if you were running multiple ones
>
> ## Send all traffic on port 80 to the primary domain over SSL…
>
>
> <VirtualHost *:80>
>
> RequestHeader unset X-is-ssl
>
> RewriteEngine on
>
> RewriteRule ^(.*)$ https://www.example.com%{REQUEST_URI}
> [R=permanent,L,NE]
>
> </VirtualHost>
>
>
>
> ## Send all traffic on port 443 which isn't the primary domain to the
> primary domain
> ## This implicitly picks up the IP for the host, the actual hostname OR
> the unqualified domain name example.com
>
>
>
> <VirtualHost *:443>
>
> RewriteEngine on
>
> RewriteRule ^(.*)$ https://www.example.com/%{REQUEST_URI} [R,L,NE]
>
> </VirtualHost>
>
>
>
> <VirtualHost *:443>
>
> Header always set Strict-Transport-Security "max-age=63072000;
> includeSubdomains; preload"
>
> ServerAdmin root@localhost
>
> ServerName www.example.com
>
> ## Do not use Server Alias here for alternative domains - only use for
> test/dev sites...
>
> DocumentRoot /var/www/wp
>
> <Directory "/var/www/wp">
>
> Options Indexes FollowSymLinks
>
> AllowOverride all
>
> Require all granted
>
> </Directory>
>
>
>
> ## Put the rest of your wordpress stuff here...
>
> </VirtualHost>
>
>
>
> *From:*Jason Long <hack3rcon@xxxxxxxxx.INVALID>
> *Sent:* 12 October 2020 16:39
> *To:* users@xxxxxxxxxxxxxxxx
> *Subject:* Re: Forwarding IP to HTTPS. [EXT]
>
>
>
> Excuse me,
>
> Can you clean my configuration?
>
>
>
> On Monday, October 12, 2020, 07:06:17 PM GMT+3:30, Frank
> <thumbs@xxxxxxxxxx <mailto:thumbs@xxxxxxxxxx>> wrote:
>
>
>
>
>
> James,
>
> Omitting an explicit ServerName in name-based vhosts is a bad idea as
> well. You can create conflicts or ambiguities.
>
>
> On 12/10/20 11:22 AM, James Smith wrote:
>> This would be my set-up in your case - note as someone said it was too complex I've removed the extra security bits I'd left in by accident...
>>
>> ## Port 80 && 443 default configs...
>>
>> <VirtualHost *:80>
>> RequestHeader unset X-is-ssl
>> RewriteEngine on
>> RewriteRule ^(.*)$ https://www.mydomain.com% [mydomain.com%]
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com-25&d=DwMFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=aSXzAFTQK2MqTd4h8-yDESDKjJwJfq6x0sy97DB2Dlg&s=rP2yXyskai3avho4gNa3ivaQdP6NyvIGOONKga7UWLA&e=>{REQUEST_URI}
> [R=permanent,L,NE]
>> </VirtualHost>
>>
>> <VirtualHost *:443>
>> RewriteEngine on
>> RewriteRule ^(.*)$ https://www.mydomain.com/% [mydomain.com]
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com_-25&d=DwMFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=aSXzAFTQK2MqTd4h8-yDESDKjJwJfq6x0sy97DB2Dlg&s=0xY2vrAmBv9NS93So6uL5BSAVrWQQPPc8fQe6cF_oHo&e=>{REQUEST_URI}
> [R,L,NE]
>> </VirtualHost>
>>
>> ## Port 443 default - this is our main server...... so your main apache config stuff should be in here with SSL configured correctly..
>>
>> <VirtualHost *:443>
>> ServerName www.mydomain.com <http://www.mydomain.com>
>> ...
>> ...
>> ...
>> ...
>> ...
>> </VirtualHost>
>>
>> If you have more than one domain then you will need to add rules on port 80 to preserve the hostname & also blocks for each additional domain
>>
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> <mailto:users-unsubscribe@xxxxxxxxxxxxxxxx>
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
> <mailto:users-help@xxxxxxxxxxxxxxxx>
>
> -- The Wellcome Sanger Institute is operated by Genome Research Limited,
> a charity registered in England with number 1021457 and a company
> registered in England with number 2742969, whose registered office is
> 215 Euston Road, London, NW1 2BE.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|