HTTP -> HTTPS Redirection with OpenBSD's httpd

Question

Running OpenBSD 4.4-stable with the built-in httpd daemon and PHP5 which has been moved from an Ubuntu 8.04-server box. Since the movement phpMyAdmin seems to generate the following error every so often (and sometimes all the time, like logging in):

Bad Request
Your browser sent a request that this server could not understand.

Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

The address for phpMyAdmin is under an https:// URL, and when this error occurs phpMyAdmin is trying to use http://domain.com:443/ which obviously won't work.

I also have a mod_rewrite rule to always force HTTPS but since the browser is forcing the 443 port it never gets fired.

Any ideas how to remedy this?

[EDIT]

Here is my vhost directives since those were requested:

<VirtualHost *:80>
    DocumentRoot    /var/www/htdocs
    RewriteEngine   On
    RewriteCond     %{HTTPS} off
    RewriteRule     (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<VirtualHost *:443>
    DocumentRoot    /var/www/htdocs
    ErrorLog        logs/error_log
    TransferLog     logs/access_log
    RewriteCond     %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule     .* - [F]
</VirtualHost>

[EDIT 2]

I turned off the rewrite rule and everything works like a charm :/ Not sure what to make of that since the same rewrite rule works elsewhere.

Answer 1

In my setup of PHPMyAdmin I have an apache config that looks like this:

<VirtualHost 72.233.89.20:80>
    ServerName mysql
    ServerAlias mysql.*
    UseCanonicalName Off
    DocumentRoot /var/www/phpmyadmin/html/
    DirectoryIndex index.html index.htm index.php
    AddType application/x-httpd-php .php

    php_admin_value open_basedir /var/www/phpmyadmin/
    php_admin_value file_uploads 1
    php_admin_value upload_tmp_dir /var/www/phpmyadmin/phptmp/
    php_admin_value session.save_path /var/www/phpmyadmin/phptmp/
</VirtualHost>
#
######
# Interface for https (openssl)
######
#
<IfModule mod_ssl.c>
<VirtualHost 72.233.89.20:443>
        ServerName mysql
        ServerAlias mysql.*
        UseCanonicalName Off
        DocumentRoot /var/www/phpmyadmin/ssl
        SSLEngine on
        SSLCertificateFile    /etc/httpd/conf/ssl/server.crt
        SSLCertificateKeyFile /etc/httpd/conf/ssl/server.key
        DirectoryIndex index.html index.htm index.php
        AddType application/x-httpd-php .php

        php_admin_value open_basedir /var/www/phpmyadmin/
        php_admin_value file_uploads 1
        php_admin_value upload_tmp_dir /var/www/phpmyadmin/phptmp/
        php_admin_value session.save_path /var/www/phpmyadmin/phptmp/
</VirtualHost>
</IfModule>

Note how it is set up on port 80 and port 443.

In the webroot of http (port 80) I just have a .htaccess file that looks like this:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

To redirect it all to SSL.

All of the PHPMyAdmin files live in the SSL directory.

I suggest setting up your vhost to serve on both port 80 and port 443. PHPMyAdmin itself is just a php script, it does not force any port. It is all about how your webserver/vhosts are configured.

Answer 2

Since browsers generally don't redirect from port 80 to port 443, it may be the first page returned from phpmyadmin that's causing the change. Take a look at your phpmyadmin configuration to see what differences occur with:

• config.inc.php

  $cfg['ForceSSL'] boolean

Whether to force using https while accessing phpMyAdmin.

According to the documentation, it is on by default, but since you have mod_rewrite working, there might be a 'disconnect?'

And it seems that these days everyone's pointing at putting in a provision for Microsoft IE such as:

• SSL and MSIE clients

SetEnvIf User-Agent ".MSIE." nokeepalive ssl-unclean-shutdown

Otherwise, ...

By any chance would using the OpenBSD Apache 2.0.x packages make a difference for you ?

It seems that your Ubuntu configuration will have used Apache 2.0 and you've moved your system (and configurations) onto a default OpenBSD configuration using Apache 1.3.x

I think you'll need to at least look at the php_admin_value's shown by WerkkreW.

WHEN the simple things don't work, we can always bump up the LogLevel data and look at the results from there. It's noisy, but always an option.

Enable SSLOptions StdEnvVars in Apache Configuration

StdEnvVars When this option is enabled, the standard set of SSL related CGI/SSI environment variables are created. This per default is disabled for performance reasons, because the information extraction step is a rather expensive operation. So one usually enables this option for CGI and SSI requests only.