Please help with http -> https redirection

In my main httpd.conf file, I have numerous include files which include
virtual hosts like so:

Include /usr/local/apache/conf/conf.d/devl00.conf
Include /usr/local/apache/conf/conf.d/devl01.conf
Include /usr/local/apache/conf/conf.d/devl02.conf


So if I access http://devl02.mydomain.com/ then I see the virtual host
defined
in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN
access the secure site https://devl02.mydomain.com/. However, when I now
access the non-secure site of http://devl02.mydomain.com, the main server
web site is displayed, and not the virtual host. What I'm trying to do
is a

RedirectPermanent / https://cj-devl02.mydomain.net/

But when I do this I get errors that I posted previously about cookies not
being enabled. So I guess the questions is, having the "Include" statements
above, and knowing that each include file like devl08.conf is a virtual host
container with SSL enabled, how do I redirect from the port 80 version to
the SSL enabled port 443 version like:

http://cj-devl02.mydomain.net/ ------> https://cj-devl02.mydomain.net/

FYI, I've tried including .conf files, and also pasting the contents of my
..conf files into an email, but they evidently are rejected by the
mailing list.

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Please help with http -> https redirection

------=_Part_42857_10074525.1192492564515
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Are these IP-based virtual hosts or name-based virtual hosts? See
http://httpd.apache.org/docs/2.0/vhosts/name-based.html

--Cliff


On 10/15/07, Bernard Barton wrote:
>
> In my main httpd.conf file, I have numerous include files which include
> virtual hosts like so:
>
> Include /usr/local/apache/conf/conf.d/devl00.conf
> Include /usr/local/apache/conf/conf.d/devl01.conf
> Include /usr/local/apache/conf/conf.d/devl02.conf
>
>
> So if I access http://devl02.mydomain.com/ then I see the virtual host
> defined
> in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN
> access the secure site https://devl02.mydomain.com/. However, when I now
> access the non-secure site of http://devl02.mydomain.com, the main server
> web site is displayed, and not the virtual host. What I'm trying to do
> is a
>
> RedirectPermanent / https://cj-devl02.mydomain.net/
>
> But when I do this I get errors that I posted previously about cookies not
> being enabled. So I guess the questions is, having the "Include"
> statements
> above, and knowing that each include file like devl08.conf is a virtual
> host
> container with SSL enabled, how do I redirect from the port 80 version to
> the SSL enabled port 443 version like:
>
> http://cj-devl02.mydomain.net/ ------> https://cj-devl02.mydomain.net/
>
> FYI, I've tried including .conf files, and also pasting the contents of my
> .conf files into an email, but they evidently are rejected by the
> mailing list.
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

------=_Part_42857_10074525.1192492564515
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


Are these IP-based virtual hosts or name-based virtual hosts?  See

--Cliff

Re: Please help with http -> https redirection

These are name based virtual hosts. Numerous hosts, only one IP
address. So each of the included .conf files below such as devl00.conf
and devl01.conf begin with something like this:



ServerName devl02.mydomain.net
ServerAdmin webmaster@mydomain.net
LogLevel debug


So I can access https://devl02.mydomain.com/ directly, but if I try and
redirect from http://devl02.mydomain.com to the https URL of the same
name, I get the default insecure web site, which is defined in the
httpd.conf file.

-Thanks



Cliff Woolley wrote:
>
> Are these IP-based virtual hosts or name-based virtual hosts? See
> http://httpd.apache.org/docs/2.0/vhosts/name-based.html
>
> --Cliff
>
>
> On 10/15/07, *Bernard Barton* > > wrote:
>
> In my main httpd.conf file, I have numerous include files which
> include
> virtual hosts like so:
>
> Include /usr/local/apache/conf/conf.d/devl00.conf
> Include /usr/local/apache/conf/conf.d/devl01.conf
> Include /usr/local/apache/conf/conf.d/devl02.conf
>
>
> So if I access http://devl02.mydomain.com/ then I see the virtual host
> defined
> in devl02.conf, etc. In the devl02.conf file, I have enabled
> SSL. I CAN
> access the secure site https://devl02.mydomain.com/. However,
> when I now
> access the non-secure site of http://devl02.mydomain.com, the main
> server
> web site is displayed, and not the virtual host. What I'm trying
> to do
> is a
>
> RedirectPermanent / https://cj-devl02.mydomain.net/
>
> But when I do this I get errors that I posted previously about
> cookies not
> being enabled. So I guess the questions is, having the "Include"
> statements
> above, and knowing that each include file like devl08.conf is a
> virtual host
> container with SSL enabled, how do I redirect from the port 80
> version to
> the SSL enabled port 443 version like:
>
> http://cj-devl02.mydomain.net/ ------> https://cj-devl02.mydomain.net/
>
> FYI, I've tried including .conf files, and also pasting the
> contents of my
> .conf files into an email, but they evidently are rejected by the
> mailing list.
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> User Support Mailing List
> modssl-users@modssl.org
> Automated List
> Manager majordomo@modssl.org
>
>
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Please help with http -> https redirection

If all you want to do is redirect "/" on your non-SSL Port to "/" on
your SSL port, you could use a zero second redirect.

e.g. put this in your index.html for the port 80 virtual host:



And have your real content in a different document root for your port
443 virtual host.

The only drawback is that it's not feasible to redirect deep links (or
bookmarks) to the non-secure web server using this approach.

--
Brian

On 10/15/07, Bernard Barton wrote:
> In my main httpd.conf file, I have numerous include files which include
> virtual hosts like so:
>
> Include /usr/local/apache/conf/conf.d/devl00.conf
> Include /usr/local/apache/conf/conf.d/devl01.conf
> Include /usr/local/apache/conf/conf.d/devl02.conf
>
>
> So if I access http://devl02.mydomain.com/ then I see the virtual host
> defined
> in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN
> access the secure site https://devl02.mydomain.com/. However, when I now
> access the non-secure site of http://devl02.mydomain.com, the main server
> web site is displayed, and not the virtual host. What I'm trying to do
> is a
>
> RedirectPermanent / https://cj-devl02.mydomain.net/
>
> But when I do this I get errors that I posted previously about cookies not
> being enabled. So I guess the questions is, having the "Include" statements
> above, and knowing that each include file like devl08.conf is a virtual host
> container with SSL enabled, how do I redirect from the port 80 version to
> the SSL enabled port 443 version like:
>
> http://cj-devl02.mydomain.net/ ------> https://cj-devl02.mydomain.net/
>
> FYI, I've tried including .conf files, and also pasting the contents of my
> .conf files into an email, but they evidently are rejected by the
> mailing list.
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Please help with http -> https redirection

Thanks, but I'm trying to get through this without any code changes.
It's ALMOST working! But no cigar.


Brian Hayward wrote:
> If all you want to do is redirect "/" on your non-SSL Port to "/" on
> your SSL port, you could use a zero second redirect.
>
> e.g. put this in your index.html for the port 80 virtual host:
>
>
>
> And have your real content in a different document root for your port
> 443 virtual host.
>
> The only drawback is that it's not feasible to redirect deep links (or
> bookmarks) to the non-secure web server using this approach.
>
> --
> Brian
>
> On 10/15/07, Bernard Barton wrote:
>
>> In my main httpd.conf file, I have numerous include files which include
>> virtual hosts like so:
>>
>> Include /usr/local/apache/conf/conf.d/devl00.conf
>> Include /usr/local/apache/conf/conf.d/devl01.conf
>> Include /usr/local/apache/conf/conf.d/devl02.conf
>>
>>
>> So if I access http://devl02.mydomain.com/ then I see the virtual host
>> defined
>> in devl02.conf, etc. In the devl02.conf file, I have enabled SSL. I CAN
>> access the secure site https://devl02.mydomain.com/. However, when I now
>> access the non-secure site of http://devl02.mydomain.com, the main server
>> web site is displayed, and not the virtual host. What I'm trying to do
>> is a
>>
>> RedirectPermanent / https://cj-devl02.mydomain.net/
>>
>> But when I do this I get errors that I posted previously about cookies not
>> being enabled. So I guess the questions is, having the "Include" statements
>> above, and knowing that each include file like devl08.conf is a virtual host
>> container with SSL enabled, how do I redirect from the port 80 version to
>> the SSL enabled port 443 version like:
>>
>> http://cj-devl02.mydomain.net/ ------> https://cj-devl02.mydomain.net/
>>
>> FYI, I've tried including .conf files, and also pasting the contents of my
>> .conf files into an email, but they evidently are rejected by the
>> mailing list.
>>
>> ____________________________________________________________ __________
>> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>> User Support Mailing List modssl-users@modssl.org
>> Automated List Manager majordomo@modssl.org
>>
>>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Please help with http -> https redirection

So from what I'm gathering, if I have several virtual hosts defined in my httpd.conf file (Using Include) then in order to secure them via SSL, each one would have to have it's own IP address? So for example, each of these virtual host containers in each .conf file included begins with:



Include /usr/local/apache/conf/conf.d/devl00.conf
Include /usr/local/apache/conf/conf.d/devl01.conf
Include /usr/local/apache/conf/conf.d/devl02.conf
Include /usr/local/apache/conf/conf.d/devl03.conf


Now what I did to get the devl02 virtual host working with SSL was told it to listen on port 443, and read in all the SSL config stuff in a file I named ssl.conf like this:




Include conf/conf.d/ssl.include



After doing that I can browse to https://devl02.mydomain.com/.

-Thanks


-------------- Original message ----------------------
From: Andrew Hougie
> Do your name-based secure virtual hosts work on their own - does
> https://devl02.mydomain.com/ actually work - I thought name-based secure
> virtual hosts were impossible/difficult.
>
> I did find at
> http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apa che-virtual-hosts-wi
> th-mod_gnutls/
> an indication of a new technique for making name-based secure virtual
> hosts with SNI - is that what you're using?
>
> Best wishes
> Andrew
>
> On 16/10/2007 03:12, Bernard Barton wrote:
> > These are name based virtual hosts. Numerous hosts, only one IP
> > address. So each of the included .conf files below such as devl00.conf
> > and devl01.conf begin with something like this:
> >
> >
> >
> > ServerName devl02.mydomain.net
> > ServerAdmin webmaster@mydomain.net
> > LogLevel debug
> >
> >
> > So I can access https://devl02.mydomain.com/ directly, but if I try and
> > redirect from http://devl02.mydomain.com to the https URL of the same
> > name, I get the default insecure web site, which is defined in the
> > httpd.conf file.
> >
> > -Thanks
> >
> >
> >
> > Cliff Woolley wrote:
> >> Are these IP-based virtual hosts or name-based virtual hosts? See
> >> http://httpd.apache.org/docs/2.0/vhosts/name-based.html
> >>
> >> --Cliff
> >>
> >>
> >> On 10/15/07, *Bernard Barton* > >> > wrote:
> >>
> >> In my main httpd.conf file, I have numerous include files which
> >> include
> >> virtual hosts like so:
> >>
> >> Include /usr/local/apache/conf/conf.d/devl00.conf
> >> Include /usr/local/apache/conf/conf.d/devl01.conf
> >> Include /usr/local/apache/conf/conf.d/devl02.conf
> >>
> >>
> >> So if I access http://devl02.mydomain.com/ then I see the virtual host
> >> defined
> >> in devl02.conf, etc. In the devl02.conf file, I have enabled
> >> SSL. I CAN
> >> access the secure site https://devl02.mydomain.com/. However,
> >> when I now
> >> access the non-secure site of http://devl02.mydomain.com, the main
> >> server
> >> web site is displayed, and not the virtual host. What I'm trying
> >> to do
> >> is a
> >>
> >> RedirectPermanent / https://cj-devl02.mydomain.net/
> >>
> >> But when I do this I get errors that I posted previously about
> >> cookies not
> >> being enabled. So I guess the questions is, having the "Include"
> >> statements
> >> above, and knowing that each include file like devl08.conf is a
> >> virtual host
> >> container with SSL enabled, how do I redirect from the port 80
> >> version to
> >> the SSL enabled port 443 version like:
> >>
> >> http://cj-devl02.mydomain.net/ ------> https://cj-devl02.mydomain.net/
> >>
> >> FYI, I've tried including .conf files, and also pasting the
> >> contents of my
> >> .conf files into an email, but they evidently are rejected by the
> >> mailing list.
> >>
> >> ____________________________________________________________ __________
> >> Apache Interface to OpenSSL (mod_ssl)
> >> www.modssl.org
> >> User Support Mailing List
> >> modssl-users@modssl.org
> >> Automated List
> >> Manager majordomo@modssl.org
> >>
> >>
> >>
> >
> > ____________________________________________________________ __________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager majordomo@modssl.org
>
> --
> Andrew Hougie
> Grinton
> 5 Aldenham Grove
> Radlett
> Herts WD7 7BW

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org