Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Redirecting http to https |
|
| Author |
|
cearlp
Joined: 17 Sep 2022
Posts: 1
Location: Clinton
|
 Posted: Sat 17 Sep '22 23:26 Post subject: Redirecting http to https |
 |
|
Using Apache 2.4.52 (Ubuntu) and have ServerName as mysite.com and ServerAlias as www.mysite.com in both VirtualHost (*:80 and *:443) descriptions in the
mysite.conf file. I inserted Redirect permanent / https://mysite.com/ in the *:80 portion and everything (https://mysite.com, www.mysite.com and mysite.com) get routed to https except when the URL is http://mysite.
Is this as designed or is there something I am missing? |
|
| Back to top |
|
Otomatic
Joined: 01 Sep 2011
Posts: 212
Location: Paris, France, EU
|
| Posted: Mon 19 Sep '22 8:51 Post subject: |
|
|
Hi,
Instead of "Redirect permanent" I prefer to use :
| Code: |
<IfModule ssl_module>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
|
in the VirtualHost port 80 definition. |
|
| Back to top |
|
cent2ap
Joined: 14 Sep 2020
Posts: 6
|
| Posted: Tue 18 Oct '22 18:47 Post subject: |
|
|
I wanted to mention the solution that I'm using, which is based on the Apache documentation.
| Code: |
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]
|
1) exclude requests to port 80 for ACME challenges (Let's Encrypt Certificates, etc)
2) Redirect to https
3) Response is a 308 permanent redirect (R=permanent)
4) This is the last rule (L)
Why is this better than the above? First the check for HTTPS!=on is irrelevant, since it is implied that the rule is executed for port 80 traffic, which implies no encryption. Second, we avoid redirecting ACME challenges, which by default use port 80. Finally, we prefer a permanent redirect, else the remote browser will keep hitting this rule over and over again, with 308 the browser will update its cache and all future requests will use HTTPS by default (until the cache is cleared of course). |
|
| Back to top |
|
|
|
|
|
|
