On Fri, Sep 1, 2017 at 10:39 AM, Stefan Eissing <stefan.eiss...@greenbytes.de> wrote: > I get the first feedback from Apache users that want their http: only hosts > to also serve https:. This is nice feedback to improve usability of mod_md. > > Ideally, what these people want - and that is purely my interpretation - is > to add a few lines to their config and - voila - https: is available. And, > honestly, why should they not expect that? > > > > Example: Duplication/Redirect > > They have something like: > ---------------------------------- > Listen 80 > <VirtualHost *:80> > ServerName xxx.yyy > ... > </VirtualHost> > ---------------------------------- > > and want to also make that available on https: > ---------------------------------- > Listen http://*:80 > Listen https://*:443 > > <VirtualHost *:80> > ServerName xxx.yyy > AlternatePorts 443 > ... > </VirtualHost> > ---------------------------------- > > or redirect everyone to https: > ---------------------------------- > Listen http://*:80 > Listen https://*:443 > > <VirtualHost *:443> > ServerName xxx.yyy > RedirectPermanentFrom 80 > ... > </VirtualHost>
I am not keen on the syntax because we already permit multiple addresses in the VirtualHost tag. How about e.g. <virtualhost *:80 *:443> # no protocol ServerName example.com # repurpose "optional" or pick something new SSLEgine optional # Extend SSLRequireSSL. no-arg is deny. Default w/ "redirect" is 80, 443. For redirects, may need to not match TCP listening port SSLRequireSSL ["redirect" [ from-port to-port ]] </virtualhost>