Re: Please help with http - https redirection
So from what I'm gathering, if I have several virtual hosts defined in my httpd.conf file (Using Include) then in order to secure them via SSL, each one would have to have it's own IP address? So for example, each of these virtual host containers in each .conf file included begins with: VirtualHost 172.25.251.47 Include /usr/local/apache/conf/conf.d/devl00.conf Include /usr/local/apache/conf/conf.d/devl01.conf Include /usr/local/apache/conf/conf.d/devl02.conf Include /usr/local/apache/conf/conf.d/devl03.conf Now what I did to get the devl02 virtual host working with SSL was told it to listen on port 443, and read in all the SSL config stuff in a file I named ssl.conf like this: VirtualHost 172.25.251.47:443 IfDefine SSL Include conf/conf.d/ssl.include /IfDefine After doing that I can browse to https://devl02.mydomain.com/. -Thanks -- Original message -- From: Andrew Hougie [EMAIL PROTECTED] Do your name-based secure virtual hosts work on their own - does https://devl02.mydomain.com/ actually work - I thought name-based secure virtual hosts were impossible/difficult. I did find at http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-wi th-mod_gnutls/ an indication of a new technique for making name-based secure virtual hosts with SNI - is that what you're using? Best wishes Andrew On 16/10/2007 03:12, Bernard Barton wrote: These are name based virtual hosts. Numerous hosts, only one IP address. So each of the included .conf files below such as devl00.conf and devl01.conf begin with something like this: VirtualHost 172.35.241.47 ServerName devl02.mydomain.net ServerAdmin [EMAIL PROTECTED] LogLevel debug So I can access https://devl02.mydomain.com/ directly, but if I try and redirect from http://devl02.mydomain.com to the https URL of the same name, I get the default insecure web site, which is defined in the httpd.conf file. -Thanks Cliff Woolley wrote: Are these IP-based virtual hosts or name-based virtual hosts? See http://httpd.apache.org/docs/2.0/vhosts/name-based.html --Cliff On 10/15/07, *Bernard Barton* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: In my main httpd.conf file, I have numerous include files which include virtual hosts like so: Include /usr/local/apache/conf/conf.d/devl00.conf Include /usr/local/apache/conf/conf.d/devl01.conf Include /usr/local/apache/conf/conf.d/devl02.conf So if I access http://devl02.mydomain.com/ then I see the virtual host defined in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN access the secure site https://devl02.mydomain.com/. However, when I now access the non-secure site of http://devl02.mydomain.com, the main server web site is displayed, and not the virtual host. What I'm trying to do is a RedirectPermanent / https://cj-devl02.mydomain.net/ But when I do this I get errors that I posted previously about cookies not being enabled. So I guess the questions is, having the Include statements above, and knowing that each include file like devl08.conf is a virtual host container with SSL enabled, how do I redirect from the port 80 version to the SSL enabled port 443 version like: http://cj-devl02.mydomain.net/ -- https://cj-devl02.mydomain.net/ FYI, I've tried including .conf files, and also pasting the contents of my .conf files into an email, but they evidently are rejected by the mailing list. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org http://www.modssl.org User Support Mailing List modssl-users@modssl.org mailto:modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] -- Andrew Hougie Grinton 5 Aldenham Grove Radlett Herts WD7 7BW __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Please help with http - https redirection
Are these IP-based virtual hosts or name-based virtual hosts? See http://httpd.apache.org/docs/2.0/vhosts/name-based.html --Cliff On 10/15/07, Bernard Barton [EMAIL PROTECTED] wrote: In my main httpd.conf file, I have numerous include files which include virtual hosts like so: Include /usr/local/apache/conf/conf.d/devl00.conf Include /usr/local/apache/conf/conf.d/devl01.conf Include /usr/local/apache/conf/conf.d/devl02.conf So if I access http://devl02.mydomain.com/ then I see the virtual host defined in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN access the secure site https://devl02.mydomain.com/. However, when I now access the non-secure site of http://devl02.mydomain.com, the main server web site is displayed, and not the virtual host. What I'm trying to do is a RedirectPermanent / https://cj-devl02.mydomain.net/ But when I do this I get errors that I posted previously about cookies not being enabled. So I guess the questions is, having the Include statements above, and knowing that each include file like devl08.conf is a virtual host container with SSL enabled, how do I redirect from the port 80 version to the SSL enabled port 443 version like: http://cj-devl02.mydomain.net/ -- https://cj-devl02.mydomain.net/ FYI, I've tried including .conf files, and also pasting the contents of my .conf files into an email, but they evidently are rejected by the mailing list. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Please help with http - https redirection
These are name based virtual hosts. Numerous hosts, only one IP address. So each of the included .conf files below such as devl00.conf and devl01.conf begin with something like this: VirtualHost 172.35.241.47 ServerName devl02.mydomain.net ServerAdmin [EMAIL PROTECTED] LogLevel debug So I can access https://devl02.mydomain.com/ directly, but if I try and redirect from http://devl02.mydomain.com to the https URL of the same name, I get the default insecure web site, which is defined in the httpd.conf file. -Thanks Cliff Woolley wrote: Are these IP-based virtual hosts or name-based virtual hosts? See http://httpd.apache.org/docs/2.0/vhosts/name-based.html --Cliff On 10/15/07, *Bernard Barton* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: In my main httpd.conf file, I have numerous include files which include virtual hosts like so: Include /usr/local/apache/conf/conf.d/devl00.conf Include /usr/local/apache/conf/conf.d/devl01.conf Include /usr/local/apache/conf/conf.d/devl02.conf So if I access http://devl02.mydomain.com/ then I see the virtual host defined in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN access the secure site https://devl02.mydomain.com/. However, when I now access the non-secure site of http://devl02.mydomain.com, the main server web site is displayed, and not the virtual host. What I'm trying to do is a RedirectPermanent / https://cj-devl02.mydomain.net/ But when I do this I get errors that I posted previously about cookies not being enabled. So I guess the questions is, having the Include statements above, and knowing that each include file like devl08.conf is a virtual host container with SSL enabled, how do I redirect from the port 80 version to the SSL enabled port 443 version like: http://cj-devl02.mydomain.net/ -- https://cj-devl02.mydomain.net/ FYI, I've tried including .conf files, and also pasting the contents of my .conf files into an email, but they evidently are rejected by the mailing list. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org http://www.modssl.org User Support Mailing List modssl-users@modssl.org mailto:modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Please help with http - https redirection
If all you want to do is redirect / on your non-SSL Port to / on your SSL port, you could use a zero second redirect. e.g. put this in your index.html for the port 80 virtual host: meta http-equiv=refresh content=0;url=https://devl02.mydomain.com/; / And have your real content in a different document root for your port 443 virtual host. The only drawback is that it's not feasible to redirect deep links (or bookmarks) to the non-secure web server using this approach. -- Brian On 10/15/07, Bernard Barton [EMAIL PROTECTED] wrote: In my main httpd.conf file, I have numerous include files which include virtual hosts like so: Include /usr/local/apache/conf/conf.d/devl00.conf Include /usr/local/apache/conf/conf.d/devl01.conf Include /usr/local/apache/conf/conf.d/devl02.conf So if I access http://devl02.mydomain.com/ then I see the virtual host defined in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN access the secure site https://devl02.mydomain.com/. However, when I now access the non-secure site of http://devl02.mydomain.com, the main server web site is displayed, and not the virtual host. What I'm trying to do is a RedirectPermanent / https://cj-devl02.mydomain.net/ But when I do this I get errors that I posted previously about cookies not being enabled. So I guess the questions is, having the Include statements above, and knowing that each include file like devl08.conf is a virtual host container with SSL enabled, how do I redirect from the port 80 version to the SSL enabled port 443 version like: http://cj-devl02.mydomain.net/ -- https://cj-devl02.mydomain.net/ FYI, I've tried including .conf files, and also pasting the contents of my .conf files into an email, but they evidently are rejected by the mailing list. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Please help with http - https redirection
Thanks, but I'm trying to get through this without any code changes. It's ALMOST working! But no cigar. Brian Hayward wrote: If all you want to do is redirect / on your non-SSL Port to / on your SSL port, you could use a zero second redirect. e.g. put this in your index.html for the port 80 virtual host: meta http-equiv=refresh content=0;url=https://devl02.mydomain.com/; / And have your real content in a different document root for your port 443 virtual host. The only drawback is that it's not feasible to redirect deep links (or bookmarks) to the non-secure web server using this approach. -- Brian On 10/15/07, Bernard Barton [EMAIL PROTECTED] wrote: In my main httpd.conf file, I have numerous include files which include virtual hosts like so: Include /usr/local/apache/conf/conf.d/devl00.conf Include /usr/local/apache/conf/conf.d/devl01.conf Include /usr/local/apache/conf/conf.d/devl02.conf So if I access http://devl02.mydomain.com/ then I see the virtual host defined in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN access the secure site https://devl02.mydomain.com/. However, when I now access the non-secure site of http://devl02.mydomain.com, the main server web site is displayed, and not the virtual host. What I'm trying to do is a RedirectPermanent / https://cj-devl02.mydomain.net/ But when I do this I get errors that I posted previously about cookies not being enabled. So I guess the questions is, having the Include statements above, and knowing that each include file like devl08.conf is a virtual host container with SSL enabled, how do I redirect from the port 80 version to the SSL enabled port 443 version like: http://cj-devl02.mydomain.net/ -- https://cj-devl02.mydomain.net/ FYI, I've tried including .conf files, and also pasting the contents of my .conf files into an email, but they evidently are rejected by the mailing list. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]