1

I'm working with a small team, and we currently have two servers, one for release builds, and the other for development. We have a wildcard SSL certificate so we can cover multiple subdomains. I setup the release and development branches on the respective servers, and we originally only had the SSL setup on the live server while the dev builds were standard HTTP. We would now like to be able to setup an SSL build on the dev server to give us a truer testing environment, but we're having the current issue.

I have the live server setup to catch all subdomains since we will be selling our service to different organizations, and we would like to give them the opportunity to append to the URL. The problem happens when I try to setup a Virtual host on the dev server for one specific URL. While the login page that is loaded is on the dev server, logging in either kicks you off of SSL, or it re-directs you to the live server (probably because of a re-write rule I have on live server to prevent you from being kicked off of https). Here are the two config files I have at the moment.

Live Server

<VirtualHost *:80>
    ServerName *.fileblimp.com
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
    <IfModule pagespeed_module>
            ModPagespeed Off
    </IfModule>
</VirtualHost>
<VirtualHost *:443>
    ServerName *.fileblimp.com
    ServerAlias *
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/files
    <Directory />
            Options FollowSymLinks
            AllowOverride All
    </Directory>
    <Directory /var/www/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined
    <IfModule pagespeed_module>
            ModPagespeed Off
    </IfModule>
    <IfModule mod_php5.c>
            php_value include_path        ".:/usr/local/lib/php:/wwwfiles/sta$
    </IfModule>
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/certs/cert.crt
    SSLCertificateKeyFile /etc/apache2/ssl/private/fileblimp.com.key
    SSLCertificateChainFile /etc/apache2/ssl/certs/gd_bundle.crt
</VirtualHost>

Dev Server

<VirtualHost *:443>
    ServerName development.fileblimp.com
    ServerAdmin webmaster@localhost
    DocumentRoot /var/dev/www/files
    <Directory />
            Options FollowSymLinks
            AllowOverride All
    </Directory>
    <Directory /var/www/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined
    <IfModule pagespeed_module>
            ModPagespeed Off
    </IfModule>
    <IfModule mod_php5.c>
            php_value include_path        ".:/usr/local/lib/php:/wwwfiles/sta$
    </IfModule>
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/certs/cert.crt
    SSLCertificateKeyFile /etc/apache2/ssl/private/fileblimp.com.key
    SSLCertificateChainFile /etc/apache2/ssl/certs/gd_bundle.crt
</VirtualHost>

Thank you in advance for the help, I truly appreciate it.

hugmungus
  • 141
  • 1
  • 6
  • This kind of sounds like a coding issue. As far as we can tell your Dev server is configured properly, given that you can access the login screen on HTTPS. But the fact that you get redirected to non-HTTPS or to the Live server after the fact is probably because of something in your code. I don't see how anyone can answer this without having the code. – Safado Mar 19 '14 at 20:18
  • @Safado Thank you for the quick response. I'll ask the team if they think it could be an issue in the code, I just wanted to make sure my config settings looked right since I'm new to this stuff. – hugmungus Mar 19 '14 at 20:21

1 Answers1

0

Safado correctly points out that there seems to be a configuration error in the application on the live server, that's causing it to bounce users from HTTPS back to HTTP. I wouldn't be surprised if there's an HTTP URL, like http://www.fileblimp.com, somewhere in the application configuration. If you fix that, you'll probably fix your problem.

Otherwise, on the live server the redirect in the first virtual host from HTTP back to HTTPS seems to work around the problem. But that virtual host doesn't seem to be present on the dev server. Is that deliberate, or did you leave it out of your question by mistake? That's where the redirect from HTTP to HTTPS is, so it would seem that if you added it to the dev server, the workaround would work there too.

BTW on the live server you could simplify the first virtual host a bit by leaving out RewriteCond %{SERVER_PORT} !^443$. That's not needed, since the server in <VirtualHost *:80> is known to be listening on port 80.

In development, the corresponding virtual host can simplify even further to just

<VirtualHost *:80>
    ServerName development.fileblimp.com
    Redirect permanent / https://development.fileblimp.com/
</VirtualHost>
Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
  • Thank you for the response. I left that redirect rule out because I want most of the webroots on dev to still run http, just not that specific URL. I added that to the config and it seems to be working, but I'm going to still see about checking out code since it is a dirty workaround (I thought that when I was adding it to live). I'm going to accept your answer as it did solve my problem, and I'll update if I find out anything interesting on our end. Thank you for your help. – hugmungus Mar 19 '14 at 21:11