0

I configured an Apache server on my Ubuntu 18.04 computer with HTTPS support.

I have a SSL Certificate for *.example.com so my solution for have HTTPS on example.com was to redirect it to www and then redirect to HTTPS for all the subdomains.

Here is my HTTP version redirection config:

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^/?(.*) http://www.%{SERVER_NAME}/$1 [R,L]
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

I have tried replacing the %{SERVER_NAME} with %{HTTP_HOST}

I also restarted apache2 many times and tried clearing the cache of my browsers but it keeps redirecting to https://www.

P.S. I am not an Apache expert so please tell me if I am using the syntax wrong

mathmaniac88
  • 111
  • 1
  • 1
  • 8
  • If you want HTTPS on example.com, you'll need to have a certificate for `example.com`. I don't know why your redirects aren't working as expected given the config above. I'd expect it to redirect to http://www. with that config shown. – toppledwagon Jul 29 '18 at 21:44
  • it redirects to www. but not www.example.com – mathmaniac88 Jul 29 '18 at 21:46
  • It's not clear what it is you are trying to do, or why you would be redirecting to HTTP at all in this situation? The above will certainly result in an _unconditional_ "2nd redirect" to `https://www.` when requesting a host without the www subdomain (either HTTP or HTTPS) - although that is still dependendent on your server config. "it redirects to www. but not www.example.com" - not sure what you mean by that either? Note that whether `SERVER_NAME` and `HTTP_HOST` are interchangeable is dependent on the server config - from your directives, you should be using `HTTP_HOST`, not `SERVER_NAME`. – MrWhite Jul 29 '18 at 22:05
  • In what _context_ are these directives? Directly in the server config or VirtualHost? – MrWhite Jul 29 '18 at 23:04
  • "...to redirect it to www and then redirect to HTTPS for all the subdomains." ... "but it keeps redirecting to `https://www.`" - but isn't that your intention? Or do you mean that it is literally redirecting to just `https://www.` and not `https://www.example.com`? (Although that would seem to be "impossible"?) – MrWhite Jul 31 '18 at 21:22

2 Answers2

1

Here's how I do it, but I don't use a .htaccess file - I put it directly into the Apache VirtualHost config - Note that I'm on Debian systems, and they take a different path to configuration with the *-available vs *-enabled directories, and main global server config elsewhere... 

<VirtualHost 10.0.2.15:80>
  ServerName example.com
  ServerAlias www.example.com
  RewriteEngine on
  RewriteRule ^/(.*)$ https://www.example.com/$1 [R,L]
</VirtualHost>
<VirtualHost 10.0.2.15:443>
    ServerName example.com
    ServerAlias www.example.com
    ServerAdmin webmaster@example.com
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    CustomLog ${APACHE_LOG_DIR}/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    DocumentRoot /var/www-example.com
    <directory /var/www-example.com>
        Options All
                AllowOverride All
                Require all granted
    </directory>
    ErrorLog ${APACHE_LOG_DIR}/ssl-example.com-error.log
    CustomLog ${APACHE_LOG_DIR}/ssl-example.com-access.log combined
</VirtualHost>
ivanivan
  • 1,488
  • 7
  • 6
  • Thank you for behaving as a real sysadmin not using a `.htaccess` files when you have access to the main server config! But redirecting HTTP to HTTPS is [text-book example](https://httpd.apache.org/docs/2.4/rewrite/avoid.html#redirect) of when NOT to use mod_rewrite, btw. `Redirect "/" "https://www.example.com/"` is even more efficient. – HBruijn Jul 30 '18 at 07:58
  • You don’t appear to canonicalise the www subdomain when requesting HTTPS. – MrWhite Jul 30 '18 at 10:06
  • @HBruijn - been a while since I set it up but I recall just using `"/'` didn't re-direct/rewrite requests for specific files and keep GET/POST info – ivanivan Jul 30 '18 at 22:17
  • @MrWhite - nope, but then I don't care about SEO on my stuff. – ivanivan Jul 30 '18 at 22:19
0

Since I'm using Let's Encrypt via https://sslforfree.com I played around there and I figured I could generate a single SSL certificate for *.example.com and example.com which eliminated the need to redirect to www. :)

Enter *.example.com example.com in the search bar of the website

mathmaniac88
  • 111
  • 1
  • 1
  • 8