Allow http AND https with SSL on LAMP?
I just bought a SSL and set it up to the last section of
but now my site only works using https: and throws a "400 bad request - Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please." if I try to go to the site using http:
this wasn't happening before, and i'm wondering if it has to do with "SSLOptions +StrictRequire" that is in the config file?
is there a remedy so that I can have only certain parts of the site (mainly a store that needs securing) use https (since it's slower supposedly) and the rest use just http?
thanks in advance.
8 Replies
I believe that you are currently serving https requests on both ports 80 and 443. You need to create two virtual hosts: * + One listening on port 80, serving HTTP requests only, NO SSL
+ The other listening on port 443, serving HTTPS, with SSL configured</list></r>
i tried messing with adding vhosts and changing ports thru webmin and just made things more confusing without working, so i reverted back to a point at which only the https works again. my current /etc/apache2/sites-available/default looks like this:
NameVirtualHost *
<virtualhost *="">ServerAdmin webmaster@localhost
DocumentRoot /var/www/
# added the 4 lines below to enable SSL according to a guide
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
<directory>Options FollowSymLinks
AllowOverride None</directory>
<directory var="" www="">Options Indexes FollowSymLinks MultiViews
# the line below has been changed to All from the default None
AllowOverride All
# the 2 lines below are the default settings and commented out
# Order allow,deny
# allow from all</directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<directory "="" usr="" lib="" cgi-bin"="">AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all</directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<directory "="" usr="" share="" doc="">Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128</directory></virtualhost>
do I just copy and paste all the above again into the same file, and comment out the first instances of 4 lines for SSL? I forgot why I had to do the "allow override" change above, possibly for drupal or webmin or another module to work or something. do I need to change the "NameVirtualHost *" or the
You only need to copy over some of the directives. I would recommend that you setup your web site as a seperate virtual host, rather than the default one (i.e. /var/www).
First if all, create file named "/etc/apache2/sites-available/domain-name.com. Put this in there, remmebring to change paths and domain names as appropriate::
<virtualhost *:80="">ServerName your-domain.com
ServerAlias www.your-domain.com
ServerAdmin email@your-domain.com
DocumentRoot /path/to/public_html
<directory path="" to="" public_html="">Options -Indexes +Includes -ExecCGI -MultiViews +SymLinksIfOwnerMatch</directory></virtualhost>
<virtualhost *:443="">ServerName your-domain.com
ServerAlias www.your-domain.com
ServerAdmin email@your-domain.com
DocumentRoot /path/to/public_html
<directory path="" to="" public_html="">Options -Indexes +Includes -ExecCGI -MultiViews +SymLinksIfOwnerMatch</directory>
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key</virtualhost>
Then run:
a2ensite your-domain.com
/etc/init.d/apache2 restart
<virtualhost *:80="">ServerName mysite.com
ServerAlias www.mysite.com
ServerAdmin webmaster@mysite.com
DocumentRoot /var/www/
<directory var="" www="">Options -Indexes +Includes -ExecCGI -MultiViews +SymLinksIfOwnerMatch</directory></virtualhost>
<virtualhost *:443="">ServerName mysite.com
ServerAlias www.mysite.com
ServerAdmin webmaster@mysite.com
DocumentRoot /var/www/
<directory var="" www="">Options -Indexes +Includes -ExecCGI -MultiViews +SymLinksIfOwnerMatch</directory>
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/mysite.crt
SSLCertificateKeyFile /etc/ssl/private/server.key</virtualhost>
but after enabling and trying to restart, I get the following errors:
[Fri Mar 27 12:59:43 2009] [error] VirtualHost *:443 – mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Fri Mar 27 12:59:43 2009] [error] VirtualHost *:80 – mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Fri Mar 27 12:59:53 2009] [error] VirtualHost *:443 – mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Fri Mar 27 12:59:53 2009] [error] VirtualHost *:80 – mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
What info do I need to keep under the default file? (I don't really know what exactly the default file is used for when other vhost files are enabled. Is it for localhost? Since it's directory is /var/www/, will it include all the /var/www/mysites(*).com/ folders under it? despite other vhost files pointing to those specific directories?) And what about all those override and log error lines? Do I keep them under NameVirtualHost or move them under each of the VirtualHosts in the mysite.com file or need them at all?
On trying out the site, only http: works, not https. I assume this is because I got rid of the SSL stuff in the default file but the error messages mean that the mysite.com file isn't being used properly.
The 'default' apache config file will be called when a request to a URL is made that resolves to your server, but where that URL doesn't match the parameters in 'ServerName' and/or 'ServerAlias' in your separate new vhost configs.
In regards to getting your HTTP and HTTPS working, edit that default config file and make sure these two lines are at the top:
NameVirtualHost *:80
NameVirtualHost *:443
Every time you specify a
I suspect in your default file there's a
Your new mysite.com config file looks fine as-is, just make the changes to the default file as above.
Reload apache and see what happens.
@thorrx:
[Fri Mar 27 12:59:43 2009] [error] VirtualHost *:443 – mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Fri Mar 27 12:59:43 2009] [error] VirtualHost *:80 – mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Fri Mar 27 12:59:53 2009] [error] VirtualHost *:443 – mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
[Fri Mar 27 12:59:53 2009] [error] VirtualHost *:80 – mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
As condate said, replacing
For anyone else setting up a similar config (I needed it for an hobby e-commerce site using drupal and drupal's secure pages module to configure selective ssl pages):
At first I simply added to the default file the NameVirtualHost *:80 and *:443 lines and that got rid of the errors, but it didn't work when trying to go to selective https sites. Then I realized I missed the part about changing the VirtualHost * to VirtualHost *80 as well… after that change, everything works perfectly.
The pages configured to use ssl in the secure pages module (admin pages, store checkout, etc) all redirect to https, and everything else redirects to http. This in conjunction with the redirect of site.com to
TL:DR - it works : ).
Thanks again!
Interesting to hear of selective SSL pages in Drupal - obviously offtopic for this thread but I'm curious, never used the Secure Pages module