Force SSL Apache

BK_123

Golden Master
Messages
7,578
Location
Australia
Hey guys. So I am mucking around and have set up an Apache Web Server on CentOS 7 in VMWare Workstation in a test environment. So I have created an SSL certificate using the mod_ssl package by following this how to https://www.digitalocean.com/communi...e-for-centos-7. Now it works fine and the browsers recognise it but what I'd like to achieve is to be able type the normal http address and have it redirect to the https version. I've tried following guides hat say to set up virtual hosts but when I restart Apache it throws an error.

I've been able to sort of fix my problem but I get this error when I type the http:// address into any browser and I am not sure on how to fix it. I've made .htaccess file but not sure if that really helped.

vbGdEHB.png


PS I posted this over the fence with not much help Force SSL Apache - Techist - Tech Forum. So I thought some of the gang here might be able to assist.
 
basically you need two sites setup

<virtualhost *:80>

use mod rewrite here
</virtualhost>

<virtualhost *:443>
site details here
</virtualhost>

that way when people browse using port 80 they hit your site that re-writes the address redirecting to the https protected site.

from the top of my head I think the redirect string should be something like
rewriterule ^(/*)$ https://%{HTTP_HOST}$1 [R=301]

so make sure mod rewrite is enabled and on, then any traffic hitting port 80 (http://mysite) gets redirected (to https://mysite)


you should be able to google based on that string, - if not I'll put up a complete example.
 
httpd.conf

you are setting up a new site listening on port 80, and redirecting everything that connects to that site to a different site listening on port 443. it is better to do it at the httpd file, (I don't think you even need a document root.)
 
I get an error which I can't fix after looking through so many examples. I've pasted the code in pastebin httpd.conf File - Pastebin.com.

[root@webserver ~]# systemctl status httpd
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
Active: failed (Result: exit-code) since Tue 2015-08-25 22:08:56 AEST; 13min ago
Process: 2624 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 2622 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 2622 (code=exited, status=1/FAILURE)
CGroup: /system.slice/httpd.service

Aug 25 22:08:56 webserver.gateway systemd[1]: Starting The Apache HTTP Server...
Aug 25 22:08:56 webserver.gateway httpd[2622]: AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:361
Aug 25 22:08:56 webserver.gateway systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Aug 25 22:08:56 webserver.gateway kill[2624]: kill: cannot find process ""
Aug 25 22:08:56 webserver.gateway systemd[1]: httpd.service: control process exited, code=exited status=1
Aug 25 22:08:56 webserver.gateway systemd[1]: Failed to start The Apache HTTP Server.
Aug 25 22:08:56 webserver.gateway systemd[1]: Unit httpd.service entered failed state.
 
Last edited:
as the output says:
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf/httpd.conf:361
(line 361) doesn't do anything so you can remove that.

your certificate files aren't being attached to any site (they just seem to be in the general configuration and not in any particular <virtualhost> tag.


Ideally, you don't edit /etc/httpd/conf/httpd.conf

look at line 353 of your httpd.conf file
Code:
IncludeOptional conf.d/*.conf

so all you do is create a new file in /etc/httpd/conf.d/
and call it mysite.conf

the server program will read all .conf files, (so you can keep backup configs in there called mysite.conf.2015-08-25-backup for example)

my suggestion is take out the changes that you;ve made in your httpd.conf file, and add the sites in the new way (adding individual configuration files per site)


OK, this is straight from a text book :)

Code:
<VirtualHost *:80>
ServerName test.example.com
RewriteEngine on
ReWriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</VirtualHost>


<VirtucalHost *:443>
ServerName test.example.com
SSLEngine On 
SSLProtocol all -SSLv2 -SSLv3
SLLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLHonorCipherOrder on
SSLCertificateFile /etc/pki/tls/certs.certificate.crt
SSLCertificateFileKey /etc/pki/tls/private/certificate.key
SSLCertificateChainFile /etc/pki/tls/certs/certificare-ca.crt
DocumentRoot /var/www/html
</VirtualHost>

try that.
 
Last edited:
Sorry to gravedig. Just thought I'd share what I found and got working. I didn't use the mod rewrite function as this way works better. https://wiki.apache.org/httpd/RedirectSSL

<VirtualHost *:80>
ServerAdmin webserver.gateway
DocumentRoot /var/www/html
ServerName webserver.gateway
Redirect permanent / https://webserver.gateway
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webserver.gateway
DocumentRoot /var/www/html
ServerName webserver.gateway
ServerAlias webserver.gateway
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key
</VirtualHost>
 
Back
Top Bottom