Force Apache to send to HTTPS - I have everything else ready
The site works now when I go to https://. But if I type in http:// Apache is not automatically sending me to the https://.
I'm on Debian 7.4. Anyone familiar with making this work? Thanks!!!
12 Replies
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://foobar.com/$1 [R,L]
If for some reason your apache doesn't use the %{HTTPS} bit (I forget but I think there's some cases it won't?), try the following instead
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://foobar.com/$1 [R,L]
If you have the RewriteEngine On already in your .htaccess, disregard the first line and just make sure you tuck the other two directly under the already existing one (of course replace foobar.com with your domain as well).
It's worth noting though, Apache suggests handling this at the main VHost level;
If you would like your entire domain to always be https://, make sure you enable HSTS as well (this will need mod_headers enabled in your main apache config);
Header set Strict-Transport-Security "max-age=31536000"
If you would like to cover all subdomains of your main domain as well;
Header set Strict-Transport-Security "max-age=31536000;includeSubdomains"
It's worth noting in this case however, in some CGI/FastCGI models that it might not work, so you may have to send this particular header from whatever backend language you're working from.
Might also be worth looking into HPKP
And of course last but not least, always make sure you do a run of your domain after you set up your https:// through SSL Labs' test
After I posted, I succeeded in getting it to work, but then every other site on my Linode redirected to the one site with HTTPS. I removed all changes, rebooted the Linode, and then none of the sites would even load.
I'm restoring from backup as I type.
So….kind of perplexed on this. I thought I could enable SSL for only one site, while still serving up the other non-SSL sites under the same IP.
If this is possible, I'll try your steps above. Maybe I'm trying something that isn't even doable.
You didn't do the RewriteRule based one and the RedirectSSL page I linked here;
You only need one or the other, that URL there will technically do what you're describing, but if you take that route it's not necessary to do the .htaccess model then, but you may run into an issue where all things redirect if you use something that doesn't support SNI properly I believe.
Simple solution is to undo the RedirectSSL changes if you did them and stick with just .htaccess.
Still cannot get the .htaccess thing to work. Not sure what I'm doing wrong. If I type in the https:// it works without issue. But the redirect doesn't.
Here's my htaccess without the redirect…maybe something is screwed up in it?
#WFIPBLOCKS - Do not remove this line. Disable Web Caching in Wordfence to remove this data.
Order Deny,Allow
Deny from 77.253.129.181
Deny from 134.249.53.36
#Do not remove this line. Disable Web Caching in Wordfence to remove this data - WFIPBLOCKS
#WFCACHECODE - Do not remove this line. Disable Web Caching in Wordfence to remove this data.
<ifmodule mod_deflate.c="">AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json
<ifmodule mod_headers.c="">Header append Vary User-Agent env=!dont-vary</ifmodule>
<ifmodule mod_mime.c="">AddOutputFilter DEFLATE js css htm html xml</ifmodule></ifmodule>
<ifmodule mod_mime.c="">AddType text/html .html_gzip
AddEncoding gzip .html_gzip
AddType text/xml .xml_gzip
AddEncoding gzip .xml_gzip</ifmodule>
<ifmodule mod_setenvif.c="">SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip
SetEnvIfNoCase Request_URI \.xml_gzip$ no-gzip</ifmodule>
<ifmodule mod_headers.c="">Header set Vary "Accept-Encoding, Cookie"</ifmodule>
<ifmodule mod_rewrite.c="">#Prevents garbled chars in cached files if there is no default charset.
AddDefaultCharset utf-8
#Cache rules:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} on
RewriteRule .* - [E=WRDFNC_HTTPS:_https]
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteRule .* - [E=WRDFNC_ENC:_gzip]
RewriteCond %{REQUEST_METHOD} !=POST
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} ^(?:\d+=\d+)?$
RewriteCond %{REQUEST_URI} (?:\/|\.html)$ [NC]
RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|wf_logout|wordpress_logged_in|wptouch_switch_toggle|wpmp_switcher) [NC]
RewriteCond %{REQUEST_URI} \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$
RewriteCond "%{DOCUMENT_ROOT}/wp-content/wfcache/%{HTTP_HOST}_%1/%2~%3~%4~%5~%6_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" -f
RewriteRule \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$ "/wp-content/wfcache/%{HTTP_HOST}_$1/$2~$3~$4~$5~$6_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" [L]</ifmodule>
#Do not remove this line. Disable Web caching in Wordfence to remove this data - WFCACHECODE
# Use PHP5.4 as default
AddHandler application/x-httpd-php54 .php
# BEGIN WordPress
<ifmodule mod_rewrite.c="">RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule ^assets/(.*) /wp-content/themes/roots/assets/$1 [QSA,L]
RewriteRule ^plugins/(.*) /wp-content/plugins/$1 [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]</ifmodule>
# END WordPress
Appears to work ok.
<virtualhost 70.85.16.162:80="">ServerName server.kangaby.com
# Redirect all http trafic to https
Redirect / https://server.kangaby.com/</virtualhost>
<ifmodule mod_ssl.c=""><virtualhost 70.85.16.162:443=""></virtualhost></ifmodule>
@kangaby:
This is what I did in default-ssl for my SSL virtual host.
Appears to work ok.
<virtualhost 70.85.16.162:80="">ServerName server.kangaby.com # Redirect all http trafic to https Redirect / https://server.kangaby.com/</virtualhost> <ifmodule mod_ssl.c=""><virtualhost 70.85.16.162:443=""></virtualhost></ifmodule>
Thanks- I added that to my .conf file (my default-ssl.conf is full of bumpf for whatever reason, so that file is cleaner… but it didn't seem to do anything, nor did it address the permalink issue.
Remember to reload Apache.
Also
<ifmodule mod_ssl.c=""><virtualhost 70.85.16.162:443=""></virtualhost></ifmodule>
is only a fraction of default-ssl. It was just a place holder to show that the non ssl virtual host part was inserted at the top of default-ssl.
I'm still getting the error on other pages though, due to wordpress permalink issues I believe… when I change them to the default setting in wordpress it is fine, but when I switch the permalink, the pages break…
I feel that my .htaccess isn't working properly, as I think this code should resolve the permalinks:
# BEGIN WordPress
<ifmodule mod_rewrite.c="">RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]</ifmodule>
# END WordPress
Any thoughts on that aspect?
You could try installing WP under the ssl root directory.
As long as the program exists under ssl website, it should work.
You may need to add another redirect like this:
# Redirect all http trafic to https
Redirect / https://server.kangaby.com/
Redirect /wordpress https://server.kangaby.com/wordpress
Or this may not help at all.