So I would do this for the virtual host sections – assuming you are only running ONE externally facing website – there are other things you would need to do if you were running multiple ones
## Send all traffic on port 80 to the primary domain over SSL… <VirtualHost *:80> RequestHeader unset X-is-ssl RewriteEngine on RewriteRule ^(.*)$ https://www.example.com%{REQUEST_URI} [R=permanent,L,NE] </VirtualHost> ## Send all traffic on port 443 which isn't the primary domain to the primary domain ## This implicitly picks up the IP for the host, the actual hostname OR the unqualified domain name example.com <VirtualHost *:443> RewriteEngine on RewriteRule ^(.*)$ https://www.example.com/%{REQUEST_URI} [R,L,NE] </VirtualHost> <VirtualHost *:443> Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" ServerAdmin root@localhost ServerName www.example.com ## Do not use Server Alias here for alternative domains - only use for test/dev sites... DocumentRoot /var/www/wp <Directory "/var/www/wp"> Options Indexes FollowSymLinks AllowOverride all Require all granted </Directory> ## Put the rest of your wordpress stuff here... </VirtualHost> From: Jason Long <hack3r...@yahoo.com.INVALID> Sent: 12 October 2020 16:39 To: users@httpd.apache.org Subject: Re: [users@httpd] Forwarding IP to HTTPS. [EXT] Excuse me, Can you clean my configuration? On Monday, October 12, 2020, 07:06:17 PM GMT+3:30, Frank <thu...@apache.org<mailto:thu...@apache.org>> wrote: James, Omitting an explicit ServerName in name-based vhosts is a bad idea as well. You can create conflicts or ambiguities. On 12/10/20 11:22 AM, James Smith wrote: > This would be my set-up in your case - note as someone said it was too > complex I've removed the extra security bits I'd left in by accident... > > ## Port 80 && 443 default configs... > > <VirtualHost *:80> > RequestHeader unset X-is-ssl > RewriteEngine on > RewriteRule ^(.*)$ https://www.mydomain.com% > [mydomain.com%]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com-25&d=DwMFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=aSXzAFTQK2MqTd4h8-yDESDKjJwJfq6x0sy97DB2Dlg&s=rP2yXyskai3avho4gNa3ivaQdP6NyvIGOONKga7UWLA&e=>{REQUEST_URI} > [R=permanent,L,NE] > </VirtualHost> > > <VirtualHost *:443> > RewriteEngine on > RewriteRule ^(.*)$ https://www.mydomain.com/% > [mydomain.com]<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com_-25&d=DwMFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=aSXzAFTQK2MqTd4h8-yDESDKjJwJfq6x0sy97DB2Dlg&s=0xY2vrAmBv9NS93So6uL5BSAVrWQQPPc8fQe6cF_oHo&e=>{REQUEST_URI} > [R,L,NE] > </VirtualHost> > > ## Port 443 default - this is our main server...... so your main apache > config stuff should be in here with SSL configured correctly.. > > <VirtualHost *:443> > ServerName www.mydomain.com<http://www.mydomain.com> > ... > ... > ... > ... > ... > </VirtualHost> > > If you have more than one domain then you will need to add rules on port 80 > to preserve the hostname & also blocks for each additional domain > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org<mailto:users-unsubscr...@httpd.apache.org> For additional commands, e-mail: users-h...@httpd.apache.org<mailto:users-h...@httpd.apache.org> -- The Wellcome Sanger Institute is operated by Genome Research Limited, a charity registered in England with number 1021457 and a company registered in England with number 2742969, whose registered office is 215 Euston Road, London, NW1 2BE.
