I want to redirect all HTTP and HTTPS requests to a single HTTPS URL, so the users only access the application through this URL. Redirection of HTTP requests to HTTPS works but I'm struggling with the second part.
So far, my virtualhosts look like this :
<VirtualHost 10.201.100.81:80>
ServerName sdvlirp
ServerAlias sdvlirp.si.intra.net irp-dev
<IfModule rewrite_module>
RewriteEngine On
RewriteRule ^(.*)$ https://irp-dev.intra.net%{REQUEST_URI} [R=301]
</IfModule>
</VirtualHost>
<VirtualHost 10.201.100.81:443>
ServerName irp-dev.intra.net
ErrorLog "logs/https_irp-dev.intra.net-error_log"
CustomLog "logs/https_irp-dev.intra.net-access_log" common
SSLEngine On
SSLProtocol -ALL +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
SSLSessionCacheTimeout 300
SSLCompression Off
SSLCertificateFile "/applis/irpdev/certs/irp-dev.intra.net.pem"
SSLCertificateKeyFile "/applis/irpdev/certs/irp-dev.intra.net.key"
SSLCACertificateFile "/applis/irpdev/certs/cacerts.pem"
Header Set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;"
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog "logs/ssl_request_log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
How would you do it?
Thanks in advance for your help.
