0

Last Edited 11/27/17

I manage a set of websites, all HTTP, but I'm now adding an HTTPS website.

I've spent a lot of time on my Apach config file in my Windows local development environment, trying to serve both HTTP and HTTPS websites (this seems harder than my WHM/cPanel production environment, where I expect no problems).

Note: this question should require no particular Windows knowledge--it could apply similarly to Linux.

I have tried many different orders for the directives, and many other variations. All fail to work in different ways. But I'm getting closer.

What I want is for URLs like localhost/spring to work (all my local websites are under the folder C:\Web, equivalent to the URL localhost/).

But I want special handling for my only HTTPS website, C:\Web\richard, equivalent to localhost/richard. In order to make this local website HTTPS, I use the simple method of editing the local HOSTS file to map my secure domain name (richardjaybrown.com) to the local computer (127.0.0.5). Then instead of using localhost/richard, which has no certificates, I can use richardjaybrown.com, which does (the certificate includes www.richardjaybrown.com).

I use the local loopback address 127.0.0.5 to provide a different IP address to try to help with selecting the proper Apache directives.

All this is, I believe, simple, standard stuff anyone should need, yet I cannot get it to work quite right.

Because some commenters wanted the details here in the question, instead of in a separate Pastebin, here are the details:

1. Entire Apache config file

ServerAdmin "Local SYS5 Server (contact via www.springtimesoftware.com)"
ServerRoot "c:/Apache24"

# Main Server (and defaults?)

Listen 127.0.0.1:80
ServerName localhost
# http://localhost/WEBSITE is mapped to C:\Web\WEBSITE
DocumentRoot "c:/Web"
<Directory "c:/Web">
    AllowOverride all
    Require ip 127.0.0.1
    Require host localhost
    #Require ip 192.168.1.0/24
    DirectoryIndex index.html
</Directory>

# Secure (SSL/TLS) connection for this secure (HTTPS) website
Listen 127.0.0.5:443
SSLSessionCache        "shmcb:c:/Apache24/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

# see http://httpd.apache.org/docs/current/vhosts/examples.html

# Redirect all HTTP richardjaybrown.com URLs to the HTTPS version
<VirtualHost 127.0.0.5:80>
    ServerName richardjaybrown.com
    ServerAlias www.richardjaybrown.com
    UseCanonicalName Off
    RedirectMatch 301 ^/(.*)$ https://www.richardjaybrown.com/$1
</VirtualHost>

# Secure (SSL/TLS) connection for this secure (HTTPS) website
<VirtualHost 127.0.0.5:443>
    ServerName www.richardjaybrown.com
    ServerAlias richardjaybrown.com
    UseCanonicalName Off
    DocumentRoot "C:/Web/richard"
    SSLEngine on
    SSLCertificateFile "C:/Main/LocalCert/richard/richard.crt"
    SSLCertificateKeyFile "C:/Main/LocalCert/richard/richard.key"
    SSLCertificateChainFile "C:/Main/LocalCert/richard/LECA.crt"
</VirtualHost>

# Default security
#Require all denied
#AllowOverride none
#DirectoryIndex disabled
Options -Indexes -MultiViews +SymLinksIfOwnerMatch

AddDefaultCharset utf-8

# To prevent hang on any GET request (IE bug?):
AcceptFilter http none
AcceptFilter https none

# Modules used
#LoadModule access_compat_module modules/mod_access_compat.so for compatibility with Apache 2.2
LoadModule alias_module modules/mod_alias.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_debug_module modules/mod_log_debug.so
LoadModule mime_module modules/mod_mime.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule ssl_module modules/mod_ssl.so

# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
    Require all denied
</Files>

ErrorLog "logs/error.log"
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common
    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>
    CustomLog "logs/access.log" combined
</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ C:/Web/cgi-bin/
    ScriptAlias cgi-bin/ C:/Web/cgi-bin/
</IfModule>

<Directory C:/Web/cgi-bin>
    AllowOverride None
    Options +ExecCGI
    Require ip 127.0.0.1
    Require host localhost
</Directory>

<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
</IfModule>

ErrorDocument 400 /error.php
ErrorDocument 401 /error.php
ErrorDocument 403 /error.php
ErrorDocument 404 /error.php
ErrorDocument 405 /error.php
ErrorDocument 408 /error.php
ErrorDocument 409 /error.php
ErrorDocument 414 /error.php
ErrorDocument 500 /error.php
ErrorDocument 501 /error.php
ErrorDocument 503 /error.php
ErrorDocument 505 /error.php

# Always allow error page
<Files "/err.php">
    Require ip 127.0.0.1
    Require host localhost
</Files>

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

#<Directory C:/>
#   Allow from 127.0.0.1
#   Allow from localhost
#   Allow from 192.168.1.0/24
#</Directory>

# PHP

# Use PHP as a CGI binary:
#ScriptAlias /php "/Progra~2/PHP/"
#Action application/x-httpd-php "/php/php.exe "

# Use PHP as a module
#ds Must be full path for Apache:
LoadFile "C:/Progra~2/PHP/php5ts.dll"
LoadModule php5_module "C:/Progra~2/PHP/php5apache2_4.dll"
PHPIniDir "C:/Progra~2/PHP"

#AddHandler application/x-httpd-php .php
<FilesMatch \.php$>
    SetHandler application/x-httpd-php
</FilesMatch>

# Temporarily prevent all caching of served files
Header unset Cache-Control

# Set default basedirs for safety
php_value open_basedir "C:\Web;C:\ProgramData\MySQL\MySQL Server 5.6\data;"

2. HOSTS file

127.0.0.5 www.richardjaybrown.com richardjaybrown.com

3. .htaccess file in C:\Web\richard

DirectoryIndex index.html

3. Some Tests (browser URLs)

http://www.richardjaybrown.com/ should redirect to https://www.richardjaybrown.com/ locally
http://richardjaybrown.com/ should redirect to https://www.richardjaybrown.com/ locally
http://localhost/spring should redirect to http://localhost/spring locally
http://localhost should not redirect
http://localhost/web/site should not redirect
David Spector
  • 113
  • 8
  • 1
    You should first try to reduce your apache configuration to contain only the minimum to demonstrate the problem. Then post the config here (and not on pastebin). – Tomáš Pospíšek Nov 26 '17 at 20:36
  • There is very little that I feel confident in removing as being irrelevant. As to Pastebin, this was preferred elsewhere, so I thought it was a good idea to use here. I was looking for someone very familiar with how VirtualHost works, someone who could see the problem more or less instantly. Anyone who can answer my question with confidence has their own opinion as to whether Pastebin should be used or not. I now believe that nobody really understands how VirtualHost interacts with localhost in this situation, even the Apache developers. Otherwise, the documentation would be clearer. – David Spector Nov 27 '17 at 01:00
  • You would help attract eyes if you remove things like "noone understands it" etc. Be humble, show exactly what you did and precisely the error messages you get. And I agree that pastebin is not a good idea, add the relevant stuff directly in your question. – Patrick Mevzek Nov 27 '17 at 15:37
  • Your `Listen` and `VirtualHost` are not related. You used IP `127.0.0.5` in your `VirtualHost` so you should use the same in your `Listen` because otherwise the default one is `127.0.0.1`. What were your reasons to use the one in `.5` ? What do you gain? – Patrick Mevzek Nov 27 '17 at 15:41
  • Patrick, Thank you. I have now tried to be humble. I cannot show the precise error messages because there are no error messages in this problem. I have eliminated the use of Pastebin. I used IP `127.0.0.5` because one commenter suggested it. It lets Apache distiguish virtual servers by IP address, which it seems to like better than domain names. But problems remain and I am still missing some basic understanding of how VirtualHosts interact with main server directives. – David Spector Nov 27 '17 at 18:59

1 Answers1

-1

I think to make it work in your local, you don't need the certificates of the host. Also I think you don't need the apache configuration file. But if you need to make your site work in your local, you should use the file hosts and add the domainname, That means that you will edit the file, /etc/hosts in linux, add another ip like: 127.0.0.5 www.richardjaybrown.com Then en your apache config file, instance of Then when in your browser you add www.richardjaybrown.com it will be redirected to your local www.richardjaybrown.com, because you have added to your local that if this name it is searched, it will be resolved first in your computer, but with this solution you won't have access to your production site: www.richardjaybrown.com

David Alcaraz
  • 1
  • To make https work locally, I must use certificates, because that is the way TLS works. As you can see, I copied the certificates from the production computer to the local computer. But your idea to use 127.0.5 for the richard website sounds perfect: to distinguish the websites by IP address, which is better supported by Apache than distinguishing by hostname. However, note that my attempt at solution does not access the production server in any way. – David Spector Nov 27 '17 at 00:54
  • `Listen` is both used to specify the port(s) and IPs (If no IP Apache listen on all of them) – Patrick Mevzek Nov 27 '17 at 15:38
  • I have finally fixed all the problems. Should I delete this posting or post the config file that works? – David Spector Nov 28 '17 at 18:05