0

I'm setting up an Apache2 server on Ubuntu 16.04.

I use a self-signed certificate because I want my nextcloud instance to be available only with https. For now, I use a permanent redirection :

#/etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
    DocumentRoot /var/www/html
    Redirect permanent "/" "https://example.com/"
    ....
</VirtualHost>

I followed that guide for setting up a self-signed certificate.

However, I would like to publish files in a public html directory, let's say example.com/files and make them available through http, so that users doesn't need to trust my self-signed certificate.

What changes do I need to do in apache configuration to achieve that goal, if it can be done ?

Expected result :

  • example.com/nextcloud : available only with https
  • example.com/html : directory and sub directories available with http
    • example.com/files
    • example.com/files/papers

local directories:

/var/www/nextcloud
/var/www/html
/var/www/html/index.html
/var/www/html/files

apache2ctl -S output

VirtualHost configuration:
*:80                   example.com (/etc/apache2/sites-enabled/000-default.conf:1)
*:443                  example.com (/etc/apache2/sites-enabled/default-ssl.conf:2)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex mpm-accept: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl 
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

EDIT :

With rewrite mode enabled, I've try to add this inside sites-available/000-default.conf, but it doesn't work :

 RewriteEngine On
 RewriteCond %{SERVER_PORT} 80
 RewriteCond %{REQUEST_URI} ^/nextcloud/.\*
 RewriteRule ^(.\*)$ https://example.com$1 [R,L]
mxdsp
  • 101
  • 3
  • Why bother with a self-signed certificate, then? – Michael Hampton Mar 05 '17 at 19:29
  • @MichaelHampton Because I would like to connect to owncloud with SSL – mxdsp Mar 06 '17 at 09:29
  • So use a real certificate! – Michael Hampton Mar 06 '17 at 18:57
  • How would that solve my issue ? – mxdsp Mar 07 '17 at 14:30
  • 1
    You said it: "so that users doesn't need to trust my self-signed certificate." – Michael Hampton Mar 07 '17 at 21:03
  • I'm sorry but I don't get it. Maybe my question isn't clear, I'm not a native english speaker, sorry. What I want to do is to configure apache so that I have distinct access type to distinct web folders on my server, owncloud is just a example. Some should be available via SSL, forcing HTTPS, others should be available without and therefore accessible via HTTP only. I thought that it could be done using some kind of redirection in Virtualhosts, but I have no clue how. – mxdsp Mar 08 '17 at 09:50

1 Answers1

0

I guess I would do something like (this is completely untested):

#/etc/apache2/sites-available/010-http_example.com

<VirtualHost *:80>
    DocumentRoot /var/www/html
    ServerName example.com
    <Location /files>
      ....
    </Location>
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_URI} !^/files/?
    RewriteRule ^(.*)$ https://example.com$1 [R,L]

</VirtualHost>
iwaseatenbyagrue
  • 3,688
  • 15
  • 24