CODEWITHSUNDEEP
apachesslhttps
Leeous
Leeous

Reputation: 27

Installed SSL certificate, but when I goto my domain I have to include https:// before the URL

So I've been messing around with Apache, and I bought a SSL certificate. I finally got it installed, but now when I goto my domain with the URL (leethecoder.com) I assume it's trying to use HTTP? And my server, of course, with a SSL certificate is not listening on port 80. But, if I include https:// before the URL (https://leethecoder.com), it works. Is there a way I can make the server force the basic URL (leethecoder.com) goto port 443?

This is my current /sites-enabled/ configuration file.

LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
    ServerName www.leethecoder.com
    ServerAlias www.leethecoder.com leethecoder.com
    Options -Indexes
    DocumentRoot /var/www/leethecoder.com/public_html/
    SSLEngine on
    SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
    SSLCertificateKeyFile /etc/ssl/private/sslkey.key
    SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
    ErrorLog /var/www/leethecoder.com/logs/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Upvotes: 1

Views: 100

Answers (2)

Eugene
Eugene

Reputation: 1639

IMO, this is "properly" (you're currently an A-, the below might help to get an A+):

<VirtualHost *:80>
  ServerName leethecoder.com
  ServerAlias *.leethecoder.com
  UseCanonicalName Off
  ErrorLog /var/www/leethecoder.com/logs/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  RedirectPermanent / https://leethecoder.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName www.leethecoder.com
  UseCanonicalName Off
  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLHonorCipherOrder on
  SSLCipherSuite "-ALL EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES"
  SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
  SSLCertificateKeyFile /etc/ssl/private/sslkey.key
  SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
  ErrorLog /var/www/leethecoder.com/logs/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  RedirectPermanent / https://leethecoder.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName leethecoder.com
  UseCanonicalName Off
  ErrorLog /var/www/leethecoder.com/logs/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  DocumentRoot /var/www/leethecoder.com/public_html
  <Directory /var/www/leethecoder.com/public_html/>
    Allow From All
  </Directory>
  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLHonorCipherOrder on
  SSLCipherSuite "-ALL EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES"
  SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
  SSLCertificateKeyFile /etc/ssl/private/sslkey.key
  SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
</VirtualHost>

This is, of course, assuming that your variables are valid, you prefer the https without the www, and that you're OK for your clients to use that cipher suite. Also, that you've enabled the site, and disabled any other conflicting sites.

Upvotes: 1

Turrican
Turrican

Reputation: 597

Proper way to do it -- secure way -- is to use the apache virtual host redirect:

<virtualhost *:80="">
ServerName www.example.com
Redirect / https://www.example.com/
</virtualhost>

<virtualhost *:443="">
ServerName www.example.com
# ... SSL configuration goes here
</virtualhost>

Or you need to use mod_rewrite to return an HTTP_RESPONSE 301 for redirect to your HTTPS site.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]

Also you need to listen port 80.

http://httpd.apache.org/docs/current/mod/mod_rewrite.html

Upvotes: 0

Related Questions