Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: I need help for setting up redirection |
|
| Author |
|
oktrik
Joined: 23 Sep 2021
Posts: 6
Location: NTT
|
 Posted: Thu 24 Feb '22 8:48 Post subject: I need help for setting up redirection |
 |
|
Hi
Can someone give me some advice on how to setup vhost configuration , my vhost config are currently like pasted bellow
| Code: | <VirtualHost *:80>
ServerAlias domain.com
RedirectMatch permanent ^/(.*) https://www.domain.com/$1
</VirtualHost> |
| Code: | <VirtualHost *:443>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/html/domain.com
<IfModule dir_module>
DirectoryIndex index.php index.htm index.html
</IfModule>
<Directory "/var/www/html/domain.com">
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
<FilesMatch "\.php$">
<If "-f %{REQUEST_FILENAME}">
SetHandler "proxy:fcgi://127.0.0.1:9080"
</If>
</FilesMatch>
SSLOptions +StrictRequire
SSLCertificateFile /path/ssl.pem
SSLCertificateKeyFile /path/ssl.key
SSLCACertificateFile /path/origin.pem
</VirtualHost> |
when I inspect the redirection header status, the result chained like this one (SSL certificate is from cloudflare)
| Code: | | http://domain.com/ 301---->https://domain.com/ 301----->https://www.domain.com/ |
while what I wanted is
| Quote: | | http://domain.com/ 301---->http://www.domain.com/ 301----->https://www.domain.com/ |
from both chain, which one is the better ( in term of server performance and Search engine optimization)?
And if I modify | Code: | | Options Indexes FollowSymLinks Includes ExecCGI |
into | Code: | | Options -Indexes FollowSymLinks Includes ExecCGI |
..httpd failed to run (I'm trying to disable directory listing)
| Code: | [root@rml ~]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built: Nov 10 2021 14:26:31 |
can someone help me?
Pardon for my English and grammar
Last edited by oktrik on Thu 24 Feb '22 10:28; edited 1 time in total |
|
| Back to top |
|
Otomatic
Joined: 01 Sep 2011
Posts: 212
Location: Paris, France, EU
|
| Posted: Thu 24 Feb '22 9:54 Post subject: |
|
|
Hi,
| Code: | | Options -Indexes FollowSymLinks Includes ExecCGI |
In my humble opinion, it is necessary to specifically indicate the "sign" in front of each option, especially since there is a mix between - and + implied.
So:
| Code: | | Options -Indexes +FollowSymLinks +Includes +ExecCGI |
Apache Options documentation says:
Note
Mixing Options with a + or - with those without is not valid syntax and will be rejected during server startup by the syntax check with an abort.
Concerning the redirection to https, here is what I do, on the advice of Apache Lounge and which works perfectly without taking care of the name of the site:
| Code: |
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] |
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
| Posted: Thu 24 Feb '22 10:20 Post subject: |
|
|
For Security, I would only allow ExecCGI for PHP and not in general
| Code: |
<VirtualHost *:443>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/html/domain.com
<IfModule dir_module>
DirectoryIndex index.php index.htm index.html
</IfModule>
<Directory "/var/www/html/domain.com">
Options Indexes FollowSymLinks Includes
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
<FilesMatch "\.php$">
Options Indexes FollowSymLinks ExecCGI
<If "-f %{REQUEST_FILENAME}">
SetHandler "proxy:fcgi://127.0.0.1:9080"
</If>
</FilesMatch>
SSLOptions +StrictRequire
SSLCertificateFile /path/ssl.pem
SSLCertificateKeyFile /path/ssl.key
SSLCACertificateFile /path/origin.pem
</VirtualHost>
|
|
|
| Back to top |
|
oktrik
Joined: 23 Sep 2021
Posts: 6
Location: NTT
|
| Posted: Thu 24 Feb '22 10:27 Post subject: |
|
|
| Otomatic wrote: | Hi,
| Code: | | Options -Indexes FollowSymLinks Includes ExecCGI |
In my humble opinion, it is necessary to specifically indicate the "sign" in front of each option, especially since there is a mix between - and + implied.
|
so the final configuration will be something like this ?
| Code: | <VirtualHost *:80>
ServerAlias domain.com
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</VirtualHost> |
| Code: |
<VirtualHost *:443>
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /var/www/html/domain.com
<IfModule dir_module>
DirectoryIndex index.php index.htm index.html
</IfModule>
<Directory "/var/www/html/domain.com">
Options -Indexes +FollowSymLinks +Includes +ExecCGI
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
<FilesMatch "\.php$">
<If "-f %{REQUEST_FILENAME}">
SetHandler "proxy:fcgi://127.0.0.1:9080"
</If>
</FilesMatch>
SSLOptions +StrictRequire
SSLCertificateFile /path/ssl.pem
SSLCertificateKeyFile /path/ssl.key
SSLCACertificateFile /path/origin.pem
</VirtualHost> |
I've ended up with this which gave me ,but it add additional "/" at the end of URL
| Code: | # Redirect non-www to www
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] |
header status result
| Code: | #1 Requesting: http://domain.com
Request
> GET / HTTP/1.1
> Host: domain.com
> User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Response
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 24 Feb 2022 11:16:25 GMT
< Content-Type: text/html; charset=iso-8859-1
< Content-Length: 239
< Connection: keep-alive
< Location: http://www.domain.com// <====
< CF-Cache-Status: DYNAMIC
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< X-Content-Type-Options: nosniff
< Server: cloudflare
< CF-RAY: 6e28481ade
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Request
> GET // HTTP/1.1
> Host: www.domain.com
> User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Response
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 24 Feb 2022 11:16:26 GMT
< Content-Type: text/html; charset=iso-8859-1
< Content-Length: 239
< Connection: keep-alive
< Location: https://www.domain.com/
< CF-Cache-Status: DYNAMIC
< X-Content-Type-Options: nosniff
< Server: cloudflare
< CF-RAY: 6e28481d
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Final response
< HTTP/1.1 200 OK
< Date: Thu, 24 Feb 2022 11:16:27 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Powered-By: PHP/8.0.13
< Last-Modified: Thu, 24 Feb 2022 08:45:21 GMT
< Vary: Accept-Encoding
< Cache-Control: max-age=0
< Expires: Thu, 24 Feb 2022 11:16:26 GMT
< CF-Cache-Status: DYNAMIC
< Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< X-Content-Type-Options: nosniff
< Server: cloudflare
< CF-RAY: 6e28481f
< alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400 |
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
| Posted: Fri 25 Feb '22 10:16 Post subject: |
|
|
| Otomatic wrote: |
In my humble opinion, it is necessary to specifically indicate the "sign" in front of each option, especially since there is a mix between - and + implied.
|
+ and - are only needed when you override existing settings, but are okay to use in any case
See https://httpd.apache.org/docs/2.4/en/mod/core.html#options |
|
| Back to top |
|
|
|
|
|
|
