RE: [users@httpd] Forwarding IP to HTTPS. [EXT]

Mon, 12 Oct 2020 11:05:12 -0700 

Redirect doesn't allow you to distinguish between 301s and 302s which you can 
do with mod_rewrite {very useful feature tbh when it comes to bits like this} - 
the user is using WordPress so will almost certainly be using mod_rewrite to 
handle the nice URLs....

As for the issue without a server name - you don't need one in the 800 unless 
you are doing something clever - as for the redirects it doesn't break but you 
can put one in - just make sure that it is included first! 
-----Original Message-----
From: Frank <[email protected]> 
Sent: 12 October 2020 18:10
To: [email protected]
Subject: Re: [users@httpd] Forwarding IP to HTTPS. [EXT]

James,

Unless the user has many hosts, I would recommend against using mod_rewrite 
here. It isn't needed. And your vhost should include an explicity ServerName 
directive.

On 12/10/20 11:56 AM, James Smith wrote:
> So I would do this for the virtual host sections – assuming you are 
> only running ONE externally facing website – there are other things 
> you would need to do if you were running multiple ones
> 
> ## Send all traffic on port 80 to the primary domain over SSL…
> 
> 
> <VirtualHost *:80>
> 
>   RequestHeader unset X-is-ssl
> 
>   RewriteEngine     on
> 
>   RewriteRule       ^(.*)$ 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.example.com-25-257BREQUEST-5FURI-257D&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=ERvrDk3V3OmOKQ_c29so3_jWrThxEfgCkxLIfX3sIvw&s=cugyNGRH0HsECtkleCMZbzrYIt0BcYfZk-Y6c00UdxE&e=
>  
> [R=permanent,L,NE]
> 
> </VirtualHost>
> 
>  
> 
> ## Send all traffic on port 443 which isn't the primary domain to the 
> primary domain ## This implicitly picks up the IP for the host, the 
> actual hostname OR the unqualified domain name example.com
> 
>  
> 
> <VirtualHost *:443>
> 
>   RewriteEngine     on
> 
>   RewriteRule       ^(.*)$ 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.example.com_-25-257BREQUEST-5FURI-257D&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=ERvrDk3V3OmOKQ_c29so3_jWrThxEfgCkxLIfX3sIvw&s=m4O1DurIDDG4G-kw46brnnEEXNZ9c4pJi52RMgXto3Y&e=
>   [R,L,NE]
> 
> </VirtualHost>
> 
>  
> 
> <VirtualHost *:443>
> 
>   Header always set Strict-Transport-Security "max-age=63072000; 
> includeSubdomains; preload"
> 
>   ServerAdmin root@localhost
> 
>   ServerName 
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.example.com&d=
> DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oD
> X0XM7vQ&m=ERvrDk3V3OmOKQ_c29so3_jWrThxEfgCkxLIfX3sIvw&s=mw3MrVOeeCL66Y
> rcxABO8NMrnnmzLmHQBeAdm0m8VYA&e=
> 
>   ## Do not use Server Alias here for alternative domains - only use 
> for test/dev sites...
> 
>   DocumentRoot /var/www/wp
> 
>   <Directory "/var/www/wp">
> 
>     Options Indexes FollowSymLinks
> 
>     AllowOverride all
> 
>     Require all granted
> 
>   </Directory>
> 
>  
> 
>   ## Put the rest of your wordpress stuff here...
> 
> </VirtualHost>
> 
>  
> 
> *From:*Jason Long <[email protected]>
> *Sent:* 12 October 2020 16:39
> *To:* [email protected]
> *Subject:* Re: [users@httpd] Forwarding IP to HTTPS. [EXT]
> 
>  
> 
> Excuse me,
> 
> Can you clean my configuration?
> 
>  
> 
> On Monday, October 12, 2020, 07:06:17 PM GMT+3:30, Frank 
> <[email protected] <mailto:[email protected]>> wrote:
> 
>  
> 
>  
> 
> James,
> 
> Omitting an explicit ServerName in name-based vhosts is a bad idea as 
> well. You can create conflicts or ambiguities.
> 
> 
> On 12/10/20 11:22 AM, James Smith wrote:
>> This would be my set-up in your case - note as someone said it was too 
>> complex I've removed the extra security bits I'd left in by accident...
>> 
>> ## Port 80 && 443 default configs...
>> 
>> <VirtualHost *:80>
>>  RequestHeader unset X-is-ssl
>>  RewriteEngine    on
>>  RewriteRule      ^(.*)$ 
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com-25&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=ERvrDk3V3OmOKQ_c29so3_jWrThxEfgCkxLIfX3sIvw&s=A8EKvfUUPo1cemy_DRQyzWH7n8UvFx5myg5M7r0b380&e=
>>   [mydomain.com%]
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com
> -25&d=DwMFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1
> ecj4oDX0XM7vQ&m=aSXzAFTQK2MqTd4h8-yDESDKjJwJfq6x0sy97DB2Dlg&s=rP2yXysk
> ai3avho4gNa3ivaQdP6NyvIGOONKga7UWLA&e=>{REQUEST_URI}
> [R=permanent,L,NE]
>> </VirtualHost>
>> 
>> <VirtualHost *:443>
>>  RewriteEngine    on
>>  RewriteRule      ^(.*)$ 
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com_-25&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=ERvrDk3V3OmOKQ_c29so3_jWrThxEfgCkxLIfX3sIvw&s=ueoNZtVbLE1sHVM3T0rcs5Nc_sLHgqvUtNtezSaLZIo&e=
>>   [mydomain.com]
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mydomain.com
> _-25&d=DwMFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge
> 1ecj4oDX0XM7vQ&m=aSXzAFTQK2MqTd4h8-yDESDKjJwJfq6x0sy97DB2Dlg&s=0xY2vrA
> mBv9NS93So6uL5BSAVrWQQPPc8fQe6cF_oHo&e=>{REQUEST_URI}
> [R,L,NE]
>> </VirtualHost>
>> 
>> ## Port 443 default - this is our main server...... so your main apache 
>> config stuff should be in here with SSL configured correctly..
>> 
>> <VirtualHost *:443>
>>  ServerName 
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.mydomain.com&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=ERvrDk3V3OmOKQ_c29so3_jWrThxEfgCkxLIfX3sIvw&s=Pq870e0oOU5bb6s-jPfEyYU__hJUeQOHvv1AZX--fP0&e=
>>   
>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.mydomain.com&d=DwIFaQ&c=D7ByGjS34AllFgecYw0iC6Zq7qlm8uclZFI0SqQnqBo&r=oH2yp0ge1ecj4oDX0XM7vQ&m=ERvrDk3V3OmOKQ_c29so3_jWrThxEfgCkxLIfX3sIvw&s=Pq870e0oOU5bb6s-jPfEyYU__hJUeQOHvv1AZX--fP0&e=
>>  >  ...
>>  ...
>>  ...
>>  ...
>>  ...
>> </VirtualHost>
>>  
>> If you have more than one domain then you will need to add rules on 
>> port 80 to preserve the hostname & also blocks for each additional 
>> domain
>> 
>> 
>> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> <mailto:[email protected]>
> For additional commands, e-mail: [email protected] 
> <mailto:[email protected]>
> 
> -- The Wellcome Sanger Institute is operated by Genome Research 
> Limited, a charity registered in England with number 1021457 and a 
> company registered in England with number 2742969, whose registered 
> office is
> 215 Euston Road, London, NW1 2BE.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]




-- 
 The Wellcome Sanger Institute is operated by Genome Research 
 Limited, a charity registered in England with number 1021457 and a 
 company registered in England with number 2742969, whose registered 
 office is 215 Euston Road, London, NW1 2BE.

Reply via email to