Go Back   Computer Forums > General Computing > Server Administration
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 08-24-2015, 09:14 AM   #1
Golden Master
 
BK_123's Avatar
 
Join Date: Dec 2009
Location: Australia
Posts: 7,528
Default Force SSL Apache

Hey guys. So I am mucking around and have set up an Apache Web Server on CentOS 7 in VMWare Workstation in a test environment. So I have created an SSL certificate using the mod_ssl package by following this how to https://www.digitalocean.com/communi...e-for-centos-7. Now it works fine and the browsers recognise it but what I'd like to achieve is to be able type the normal http address and have it redirect to the https version. I've tried following guides hat say to set up virtual hosts but when I restart Apache it throws an error.

I've been able to sort of fix my problem but I get this error when I type the http:// address into any browser and I am not sure on how to fix it. I've made .htaccess file but not sure if that really helped.



PS I posted this over the fence with not much help Force SSL Apache - Techist - Tech Forum. So I thought some of the gang here might be able to assist.
__________________

BK_123 is offline   Reply With Quote
Old 08-24-2015, 11:08 AM   #2
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 7,999
Default Re: Force SSL Apache

basically you need two sites setup

<virtualhost *:80>

use mod rewrite here
</virtualhost>

<virtualhost *:443>
site details here
</virtualhost>

that way when people browse using port 80 they hit your site that re-writes the address redirecting to the https protected site.

from the top of my head I think the redirect string should be something like
rewriterule ^(/*)$ https://%{HTTP_HOST}$1 [R=301]

so make sure mod rewrite is enabled and on, then any traffic hitting port 80 (http://mysite) gets redirected (to https://mysite)


you should be able to google based on that string, - if not I'll put up a complete example.
__________________

__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Old 08-25-2015, 04:21 AM   #3
Golden Master
 
BK_123's Avatar
 
Join Date: Dec 2009
Location: Australia
Posts: 7,528
Default Re: Force SSL Apache

So should I put the new virtualhosts in the htaccess file or httpd.conf file?
BK_123 is offline   Reply With Quote
Old 08-25-2015, 06:14 AM   #4
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 7,999
Default Re: Force SSL Apache

httpd.conf

you are setting up a new site listening on port 80, and redirecting everything that connects to that site to a different site listening on port 443. it is better to do it at the httpd file, (I don't think you even need a document root.)
__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Old 08-25-2015, 08:11 AM   #5
Golden Master
 
BK_123's Avatar
 
Join Date: Dec 2009
Location: Australia
Posts: 7,528
Default Re: Force SSL Apache

I get an error which I can't fix after looking through so many examples. I've pasted the code in pastebin httpd.conf File - Pastebin.com.

[root@webserver ~]# systemctl status httpd
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
Active: failed (Result: exit-code) since Tue 2015-08-25 22:08:56 AEST; 13min ago
Process: 2624 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 2622 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 2622 (code=exited, status=1/FAILURE)
CGroup: /system.slice/httpd.service

Aug 25 22:08:56 webserver.gateway systemd[1]: Starting The Apache HTTP Server...
Aug 25 22:08:56 webserver.gateway httpd[2622]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:361
Aug 25 22:08:56 webserver.gateway systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Aug 25 22:08:56 webserver.gateway kill[2624]: kill: cannot find process ""
Aug 25 22:08:56 webserver.gateway systemd[1]: httpd.service: control process exited, code=exited status=1
Aug 25 22:08:56 webserver.gateway systemd[1]: Failed to start The Apache HTTP Server.
Aug 25 22:08:56 webserver.gateway systemd[1]: Unit httpd.service entered failed state.
BK_123 is offline   Reply With Quote
Old 08-25-2015, 08:50 AM   #6
Site Team
 
root's Avatar
 
Join Date: Mar 2004
Posts: 7,999
Default Re: Force SSL Apache

as the output says:
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:361
(line 361) doesn't do anything so you can remove that.

your certificate files aren't being attached to any site (they just seem to be in the general configuration and not in any particular <virtualhost> tag.


Ideally, you don't edit /etc/httpd/conf/httpd.conf

look at line 353 of your httpd.conf file
Code:
IncludeOptional conf.d/*.conf
so all you do is create a new file in /etc/httpd/conf.d/
and call it mysite.conf

the server program will read all .conf files, (so you can keep backup configs in there called mysite.conf.2015-08-25-backup for example)

my suggestion is take out the changes that you;ve made in your httpd.conf file, and add the sites in the new way (adding individual configuration files per site)


OK, this is straight from a text book

Code:
<VirtualHost *:80>
ServerName test.example.com
RewriteEngine on
ReWriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</VirtualHost>


<VirtucalHost *:443>
ServerName test.example.com
SSLEngine On 
SSLProtocol all -SSLv2 -SSLv3
SLLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLHonorCipherOrder on
SSLCertificateFile /etc/pki/tls/certs.certificate.crt
SSLCertificateFileKey /etc/pki/tls/private/certificate.key
SSLCertificateChainFile /etc/pki/tls/certs/certificare-ca.crt
DocumentRoot /var/www/html
</VirtualHost>
try that.
__________________
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Old 12-19-2015, 02:44 AM   #7
Golden Master
 
BK_123's Avatar
 
Join Date: Dec 2009
Location: Australia
Posts: 7,528
Default Re: Force SSL Apache

Sorry to gravedig. Just thought I'd share what I found and got working. I didn't use the mod rewrite function as this way works better. https://wiki.apache.org/httpd/RedirectSSL

Quote:
<VirtualHost *:80>
ServerAdmin webserver.gateway
DocumentRoot /var/www/html
ServerName webserver.gateway
Redirect permanent / https://webserver.gateway
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webserver.gateway
DocumentRoot /var/www/html
ServerName webserver.gateway
ServerAlias webserver.gateway
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key
</VirtualHost>
__________________

BK_123 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 11:42 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0