I am running a site completely over SSL using a load balancer in front of Apache doing all the certificate handling and decryption. I let HTTP traffic through the load balancer so Apache can handle doing redirects. When the traffic is redirected to the HTTPS page, the load balancer does the decryption and forwards the request to any port I want.
http --> load balancer:80 --> apache:80 --> 301 url:443
https --> load balancer:443 --decrypted traffic--> apache:ANY PORT I WANT
I can use any port besides 80 for all my vhosts to avoid a redirect loop (port 444 works fine in the config below), but for consistency among Apache configs with non-production environments I'd like to know if I can use port 443 for the VirtualHosts despite the fact that SSL is actually NOT enabled in Apache.
I thought I could just put SSLEngine off in the <VirtualHost *:443> to force this port without SSL since, as the default SSL port Apache appears to try to enable SSL, but Apache doesn't start with this config on Debian 6. (I've commented out everything in /etc/apache2/ports.conf btw.)
[error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]
So...how can I use port 443 with SSL disabled?
NameVirtualHost *:80
Listen 80
<VirtualHost *:80>
# Force SSL
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R=301,L]
</VirtualHost>
NameVirtualHost *:443
Listen 443
<VirtualHost *:443>
SSLEngine Off
DocumentRoot /var/www
<Directory /var/www/>
Options All
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
The answer is to simply disable mod-ssl altogether
sudo a2dismod ssl
sudo apachectl restart
