[opensuse] Apache Default Site Redirect
Hi All, So I have just set up ssl on my new web server as you may have seen from my other thread. Now in the default apache config for HTTP I have simply added the following to redirect to the virtualhost I wish to see as default: RewriteEngine on RewriteCond %{SERVER_NAME} =www.mysite.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] So now what happens when I type in the IP or local hostname of the server, and by extension any other ServerName which is not defined in the apache config, I get redirected to www.mysite.com But I wish to achieve this with the default HTTPS site too. However I get a self signed certificate error if I use the default SSL certs, and also if I use the ssl cert for www.mysite.com it says bad domain. Which I expected. So my question is, how can I redirect all HTTPS requests by default to my www.mysite.com site without getting certificate errors? Can this be done? Thanks Paul -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Paul Groves wrote:
Hi All,
So I have just set up ssl on my new web server as you may have seen from my other thread.
Now in the default apache config for HTTP I have simply added the following to redirect to the virtualhost I wish to see as default: RewriteEngine on RewriteCond %{SERVER_NAME} =www.mysite.com
s/=/!/ ?
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
So now what happens when I type in the IP or local hostname of the server, and by extension any other ServerName which is not defined in the apache config, I get redirected to www.mysite.com
But I wish to achieve this with the default HTTPS site too. snip] So my question is, how can I redirect all HTTPS requests by default to my www.mysite.com site without getting certificate errors? Can this be done?
Nope, can't be done. -- Per Jessen, Zürich (17.6°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 11/10/18 16:59, Per Jessen wrote:
Paul Groves wrote:
Hi All,
So I have just set up ssl on my new web server as you may have seen from my other thread.
Now in the default apache config for HTTP I have simply added the following to redirect to the virtualhost I wish to see as default: RewriteEngine on RewriteCond %{SERVER_NAME} =www.mysite.com
s/=/!/ ?
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
So now what happens when I type in the IP or local hostname of the server, and by extension any other ServerName which is not defined in the apache config, I get redirected to www.mysite.com
But I wish to achieve this with the default HTTPS site too. snip] So my question is, how can I redirect all HTTPS requests by default to my www.mysite.com site without getting certificate errors? Can this be done?
Nope, can't be done.
Well that is a pain. I imagine this would be a very useful feature to a lot of people. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 11/10/18 16:59, Per Jessen wrote:
Paul Groves wrote:
Hi All,
So I have just set up ssl on my new web server as you may have seen from my other thread.
Now in the default apache config for HTTP I have simply added the following to redirect to the virtualhost I wish to see as default: RewriteEngine on RewriteCond %{SERVER_NAME} =www.mysite.com
s/=/!/ ?
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
So now what happens when I type in the IP or local hostname of the server, and by extension any other ServerName which is not defined in the apache config, I get redirected to www.mysite.com
But I wish to achieve this with the default HTTPS site too. snip] So my question is, how can I redirect all HTTPS requests by default to my www.mysite.com site without getting certificate errors? Can this be done?
Nope, can't be done.
Well that is a pain. I imagine this would be a very useful feature to a lot of people. I guess I'm not understanding completely what you're trying to achieve, Paul. Could you elaborate? I don't have indepth knowledge, but have puzzled out some vhost constructions that might help you achieve what you want. F.e. my music subdomain is an (almost) empty vhost with a proxy to music2 domain at my home IP. This no doubt will require some changes your setup. FWIW I don not use rewrites in my apache configs. On a number of occasions
Op donderdag 11 oktober 2018 20:48:46 CEST schreef Paul Groves: they appeared to be the culprits in f.e. Owncloud/Nextcloud not working properly. -- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 11/10/18 20:01, Knurpht-openSUSE wrote:
On 11/10/18 16:59, Per Jessen wrote:
Paul Groves wrote:
Hi All,
So I have just set up ssl on my new web server as you may have seen from my other thread.
Now in the default apache config for HTTP I have simply added the following to redirect to the virtualhost I wish to see as default: RewriteEngine on RewriteCond %{SERVER_NAME} =www.mysite.com
s/=/!/ ?
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
So now what happens when I type in the IP or local hostname of the server, and by extension any other ServerName which is not defined in the apache config, I get redirected to www.mysite.com
But I wish to achieve this with the default HTTPS site too. snip] So my question is, how can I redirect all HTTPS requests by default to my www.mysite.com site without getting certificate errors? Can this be done?
Nope, can't be done.
Well that is a pain. I imagine this would be a very useful feature to a lot of people. I guess I'm not understanding completely what you're trying to achieve, Paul. Could you elaborate? I don't have indepth knowledge, but have puzzled out some vhost constructions that might help you achieve what you want. F.e. my music subdomain is an (almost) empty vhost with a proxy to music2 domain at my home IP. This no doubt will require some changes your setup. FWIW I don not use rewrites in my apache configs. On a number of occasions
Op donderdag 11 oktober 2018 20:48:46 CEST schreef Paul Groves: they appeared to be the culprits in f.e. Owncloud/Nextcloud not working properly.
Basically I have www.mysite.com and several other sites hosted on this server. They are all name based virtualhosts. I was looking to have it so that when I go to: http://192.168.*.* https://192.168.*.* http://www.local https://www.local or any other un-specified virtual host, it would redirect to www.mysite.com Although this is easy with http, I have hit the milestone in https whereby the certificate for www.mysite.com throws a bad domain error. Looking into it further I believe that per is right and this cannot be done due to the nature of how ssl works. So I believe the solution would be to set up a default virtualhost as a fallback host, which I have done. I have used the default configuration for apache and made a /srv/www/default directory with a basic html page. Seems a little clunky but it is working. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op donderdag 11 oktober 2018 21:11:12 CEST schreef Paul Groves:
On 11/10/18 20:01, Knurpht-openSUSE wrote:
Op donderdag 11 oktober 2018 20:48:46 CEST schreef Paul Groves:
On 11/10/18 16:59, Per Jessen wrote:
Paul Groves wrote:
Hi All,
So I have just set up ssl on my new web server as you may have seen from my other thread.
Now in the default apache config for HTTP I have simply added the following to redirect to the virtualhost I wish to see as default: RewriteEngine on RewriteCond %{SERVER_NAME} =www.mysite.com
s/=/!/ ?
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
So now what happens when I type in the IP or local hostname of the server, and by extension any other ServerName which is not defined in the apache config, I get redirected to www.mysite.com
But I wish to achieve this with the default HTTPS site too. snip] So my question is, how can I redirect all HTTPS requests by default to my www.mysite.com site without getting certificate errors? Can this be done?
Nope, can't be done.
Well that is a pain. I imagine this would be a very useful feature to a lot of people.
I guess I'm not understanding completely what you're trying to achieve, Paul. Could you elaborate? I don't have indepth knowledge, but have puzzled out some vhost constructions that might help you achieve what you want. F.e. my music subdomain is an (almost) empty vhost with a proxy to music2 domain at my home IP. This no doubt will require some changes your setup. FWIW I don not use rewrites in my apache configs. On a number of occasions they appeared to be the culprits in f.e. Owncloud/Nextcloud not working properly.
Basically I have www.mysite.com and several other sites hosted on this server. They are all name based virtualhosts.
I was looking to have it so that when I go to: http://192.168.*.* https://192.168.*.* http://www.local https://www.local
or any other un-specified virtual host, it would redirect to www.mysite.com
Although this is easy with http, I have hit the milestone in https whereby the certificate for www.mysite.com throws a bad domain error. Looking into it further I believe that per is right and this cannot be done due to the nature of how ssl works.
So I believe the solution would be to set up a default virtualhost as a fallback host, which I have done.
I have used the default configuration for apache and made a /srv/www/default directory with a basic html page.
Seems a little clunky but it is working.
OK, Per understood well, and this cannot be done. Or you would have to run a webserver on each device with a RedirectPermanent / https://www.mysite.com Which I think would make lots of other software useless. -- Gertjan Lettink a.k.a. Knurpht openSUSE Board Member openSUSE Forums Team -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Paul Groves wrote:
On 11/10/18 16:59, Per Jessen wrote:
Paul Groves wrote:
Hi All,
So I have just set up ssl on my new web server as you may have seen from my other thread.
Now in the default apache config for HTTP I have simply added the following to redirect to the virtualhost I wish to see as default: RewriteEngine on RewriteCond %{SERVER_NAME} =www.mysite.com
s/=/!/ ?
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
So now what happens when I type in the IP or local hostname of the server, and by extension any other ServerName which is not defined in the apache config, I get redirected to www.mysite.com
But I wish to achieve this with the default HTTPS site too. snip] So my question is, how can I redirect all HTTPS requests by default to my www.mysite.com site without getting certificate errors? Can this be done?
Nope, can't be done.
Well that is a pain. I imagine this would be a very useful feature to a lot of people.
The reason it does not work is - in comparison to http, when you are using https, you first need an encrypted connection. This can only be established if the site you are visiting can be properly identified and provided it has a certificate to match the name. For a default vhost you would need a certificate to match all the (otherwise unmatched) possible names and addresses. -- Per Jessen, Zürich (12.4°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/10/2018 08.32, Per Jessen wrote:
The reason it does not work is - in comparison to http, when you are using https, you first need an encrypted connection. This can only be established if the site you are visiting can be properly identified and provided it has a certificate to match the name. For a default vhost you would need a certificate to match all the (otherwise unmatched) possible names and addresses.
For my illustration :-) You say all possible names and addresses. So if I were to set up a site on my dynamic address, it would not work, because being dynamic the address is subject to change, right? Or would be it possible to do, when the IP changes: · change the certificate on the fly · update the dns to point to the new IP This is just for learning, I do not intend to set a site for the moment :-) -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
Carlos E. R. wrote:
On 12/10/2018 08.32, Per Jessen wrote:
The reason it does not work is - in comparison to http, when you are using https, you first need an encrypted connection. This can only be established if the site you are visiting can be properly identified and provided it has a certificate to match the name. For a default vhost you would need a certificate to match all the (otherwise unmatched) possible names and addresses.
For my illustration :-)
You say all possible names and addresses. So if I were to set up a site on my dynamic address, it would not work, because being dynamic the address is subject to change, right?
For http, it would work just fine. For https, the problem would be the same.
Or would be it possible to do, when the IP changes:
· change the certificate on the fly · update the dns to point to the new IP
The IP address is irrelevant for the certificate. -- Per Jessen, Zürich (19.1°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Carlos E. R. -
Knurpht-openSUSE -
Paul Groves -
Per Jessen