Thank you.I'm using Let's Encrypt SSL. Is it OK?
Sent from Yahoo Mail on Android
On Mon, Oct 12, 2020 at 7:27 PM, James Smith<j...@sanger.ac.uk> wrote:
#yiv3289296361 #yiv3289296361 -- _filtered {} _filtered {} _filtered
{}#yiv3289296361 #yiv3289296361 p.yiv3289296361MsoNormal, #yiv3289296361
li.yiv3289296361MsoNormal, #yiv3289296361 div.yiv3289296361MsoNormal
{margin:0cm;font-size:11.0pt;font-family:sans-serif;}#yiv3289296361 a:link,
#yiv3289296361 span.yiv3289296361MsoHyperlink
{color:blue;text-decoration:underline;}#yiv3289296361
.yiv3289296361MsoChpDefault {font-size:10.0pt;} _filtered {}#yiv3289296361
div.yiv3289296361WordSection1 {}#yiv3289296361
So I would do this for the virtual host sections – assuming you are only
running ONE externally facing website – there are other things you would need
to do if you were running multiple ones
## Send all traffic on port 80 to the primary domain over SSL…
<VirtualHost *:80>
RequestHeader unset X-is-ssl
RewriteEngine on
RewriteRule ^(.*)$ https://www.example.com%{REQUEST_URI}
[R=permanent,L,NE]
</VirtualHost>
## Send all traffic on port 443 which isn't the primary domain to the primary
domain
## This implicitly picks up the IP for the host, the actual hostname OR the
unqualified domain name example.com
<VirtualHost *:443>
RewriteEngine on
RewriteRule ^(.*)$ https://www.example.com/%{REQUEST_URI} [R,L,NE]
</VirtualHost>
<VirtualHost *:443>
Header always set Strict-Transport-Security "max-age=63072000;
includeSubdomains; preload"
ServerAdmin root@localhost
ServerName www.example.com
## Do not use Server Alias here for alternative domains - only use for
test/dev sites...
DocumentRoot /var/www/wp
<Directory "/var/www/wp">
Options Indexes FollowSymLinks
AllowOverride all
Require all granted
</Directory>
## Put the rest of your wordpress stuff here...
</VirtualHost>
From: Jason Long <hack3r...@yahoo.com.INVALID>
Sent: 12 October 2020 16:39
To: users@httpd.apache.org
Subject: Re: [users@httpd] Forwarding IP to HTTPS. [EXT]
Excuse me,
Can you clean my configuration?
On Monday, October 12, 2020, 07:06:17 PM GMT+3:30, Frank <thu...@apache.org>
wrote:
James,
Omitting an explicit ServerName in name-based vhosts is a bad idea as
well. You can create conflicts or ambiguities.
On 12/10/20 11:22 AM, James Smith wrote:
> This would be my set-up in your case - note as someone said it was too
> complex I've removed the extra security bits I'd left in by accident...
>
> ## Port 80 && 443 default configs...
>
> <VirtualHost *:80>
> RequestHeader unset X-is-ssl
> RewriteEngine on
> RewriteRule ^(.*)$ https://www.mydomain.com%
>[mydomain.com%]{REQUEST_URI} [R=permanent,L,NE]
> </VirtualHost>
>
> <VirtualHost *:443>
> RewriteEngine on
> RewriteRule ^(.*)$ https://www.mydomain.com/%
>[mydomain.com]{REQUEST_URI} [R,L,NE]
> </VirtualHost>
>
> ## Port 443 default - this is our main server...... so your main apache
> config stuff should be in here with SSL configured correctly..
>
> <VirtualHost *:443>
> ServerName www.mydomain.com
> ...
> ...
> ...
> ...
> ...
> </VirtualHost>
>
> If you have more than one domain then you will need to add rules on port 80
> to preserve the hostname & also blocks for each additional domain
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org -- The Wellcome
Sanger Institute is operated by Genome Research Limited, a charity registered
in England with number 1021457 and a company registered in England with number
2742969, whose registered office is 215 Euston Road, London, NW1 2BE.
