logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: I need help for setting up redirection
Author
oktrik



Joined: 23 Sep 2021
Posts: 6
Location: NTT

PostPosted: Thu 24 Feb '22 8:48    Post subject: I need help for setting up redirection Reply with quote

Hi

Can someone give me some advice on how to setup vhost configuration , my vhost config are currently like pasted bellow


Code:
<VirtualHost *:80>
    ServerAlias domain.com
    RedirectMatch permanent ^/(.*) https://www.domain.com/$1
</VirtualHost>


Code:
<VirtualHost *:443>
    ServerName domain.com
    ServerAlias www.domain.com
    DocumentRoot /var/www/html/domain.com
   <IfModule dir_module>
    DirectoryIndex index.php index.htm index.html
    </IfModule>
  <Directory  "/var/www/html/domain.com">
       Options Indexes FollowSymLinks Includes ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
        Require all granted
  </Directory>

   <FilesMatch "\.php$">
 <If "-f %{REQUEST_FILENAME}">
        SetHandler "proxy:fcgi://127.0.0.1:9080"
</If>
</FilesMatch>

SSLOptions +StrictRequire
SSLCertificateFile /path/ssl.pem
SSLCertificateKeyFile /path/ssl.key
SSLCACertificateFile /path/origin.pem
</VirtualHost>


when I inspect the redirection header status, the result chained like this one (SSL certificate is from cloudflare)
Code:
http://domain.com/ 301---->https://domain.com/ 301----->https://www.domain.com/


while what I wanted is

Quote:
http://domain.com/ 301---->http://www.domain.com/ 301----->https://www.domain.com/


from both chain, which one is the better ( in term of server performance and Search engine optimization)?

And if I modify
Code:
Options Indexes FollowSymLinks Includes ExecCGI
into
Code:
Options -Indexes FollowSymLinks Includes ExecCGI
..httpd failed to run (I'm trying to disable directory listing)

Code:
[root@rml ~]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built:   Nov 10 2021 14:26:31


can someone help me?

Pardon for my English and grammar


Last edited by oktrik on Thu 24 Feb '22 10:28; edited 1 time in total
Back to top
Otomatic



Joined: 01 Sep 2011
Posts: 212
Location: Paris, France, EU

PostPosted: Thu 24 Feb '22 9:54    Post subject: Reply with quote

Hi,

Code:
Options -Indexes FollowSymLinks Includes ExecCGI

In my humble opinion, it is necessary to specifically indicate the "sign" in front of each option, especially since there is a mix between - and + implied.
So:
Code:
Options -Indexes +FollowSymLinks +Includes +ExecCGI

Apache Options documentation says:
Note
Mixing Options with a + or - with those without is not valid syntax and will be rejected during server startup by the syntax check with an abort.

Concerning the redirection to https, here is what I do, on the advice of Apache Lounge and which works perfectly without taking care of the name of the site:
Code:

   RewriteEngine On
   RewriteCond %{HTTPS} !=on
   RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Thu 24 Feb '22 10:20    Post subject: Reply with quote

For Security, I would only allow ExecCGI for PHP and not in general

Code:

<VirtualHost *:443>
    ServerName domain.com
    ServerAlias www.domain.com
    DocumentRoot /var/www/html/domain.com
    <IfModule dir_module>
        DirectoryIndex index.php index.htm index.html
    </IfModule>
    <Directory  "/var/www/html/domain.com">
        Options Indexes FollowSymLinks Includes
        AllowOverride All
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>

    <FilesMatch "\.php$">
        Options Indexes FollowSymLinks ExecCGI
        <If "-f %{REQUEST_FILENAME}">
            SetHandler "proxy:fcgi://127.0.0.1:9080"
        </If>
    </FilesMatch>

    SSLOptions +StrictRequire
    SSLCertificateFile /path/ssl.pem
    SSLCertificateKeyFile /path/ssl.key
    SSLCACertificateFile /path/origin.pem
</VirtualHost>
Back to top
oktrik



Joined: 23 Sep 2021
Posts: 6
Location: NTT

PostPosted: Thu 24 Feb '22 10:27    Post subject: Reply with quote

Otomatic wrote:
Hi,

Code:
Options -Indexes FollowSymLinks Includes ExecCGI

In my humble opinion, it is necessary to specifically indicate the "sign" in front of each option, especially since there is a mix between - and + implied.


so the final configuration will be something like this ?

Code:
<VirtualHost *:80>
    ServerAlias domain.com
       RewriteEngine On
   RewriteCond %{HTTPS} !=on
   RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</VirtualHost>

Code:

<VirtualHost *:443>
    ServerName domain.com
    ServerAlias www.domain.com
    DocumentRoot /var/www/html/domain.com
   <IfModule dir_module>
    DirectoryIndex index.php index.htm index.html
    </IfModule>
  <Directory  "/var/www/html/domain.com">
       Options -Indexes +FollowSymLinks +Includes +ExecCGI
        AllowOverride All
        Order allow,deny
        Allow from all
        Require all granted
  </Directory>

   <FilesMatch "\.php$">
 <If "-f %{REQUEST_FILENAME}">
        SetHandler "proxy:fcgi://127.0.0.1:9080"
</If>
</FilesMatch>

SSLOptions +StrictRequire
SSLCertificateFile /path/ssl.pem
SSLCertificateKeyFile /path/ssl.key
SSLCACertificateFile /path/origin.pem
</VirtualHost>



I've ended up with this which gave me ,but it add additional "/" at the end of URL

Code:
    # Redirect non-www to www
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


header status result

Code:
#1 Requesting: http://domain.com


Request
> GET / HTTP/1.1
> Host: domain.com
> User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Response
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 24 Feb 2022 11:16:25 GMT
< Content-Type: text/html; charset=iso-8859-1
< Content-Length: 239
< Connection: keep-alive
< Location: http://www.domain.com// <====
< CF-Cache-Status: DYNAMIC
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< X-Content-Type-Options: nosniff
< Server: cloudflare
< CF-RAY: 6e28481ade
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Request
> GET // HTTP/1.1
> Host: www.domain.com
> User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Response
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 24 Feb 2022 11:16:26 GMT
< Content-Type: text/html; charset=iso-8859-1
< Content-Length: 239
< Connection: keep-alive
< Location: https://www.domain.com/
< CF-Cache-Status: DYNAMIC
< X-Content-Type-Options: nosniff
< Server: cloudflare
< CF-RAY: 6e28481d
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Final response
< HTTP/1.1 200 OK
< Date: Thu, 24 Feb 2022 11:16:27 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Powered-By: PHP/8.0.13
< Last-Modified: Thu, 24 Feb 2022 08:45:21 GMT
< Vary: Accept-Encoding
< Cache-Control: max-age=0
< Expires: Thu, 24 Feb 2022 11:16:26 GMT
< CF-Cache-Status: DYNAMIC
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< X-Content-Type-Options: nosniff
< Server: cloudflare
< CF-RAY: 6e28481f
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Fri 25 Feb '22 10:16    Post subject: Reply with quote

Otomatic wrote:

In my humble opinion, it is necessary to specifically indicate the "sign" in front of each option, especially since there is a mix between - and + implied.


+ and - are only needed when you override existing settings, but are okay to use in any case

See https://httpd.apache.org/docs/2.4/en/mod/core.html#options
Back to top


Reply to topic   Topic: I need help for setting up redirection View previous topic :: View next topic
Post new topic   Forum Index -> Apache