This probably isnt the place for this but I will ask anyway because I am at my wits end and cant seem to get this working. Seem to be 2 or 3 tech savvy people on here.

Does anyone know how to enforce https on a website? I dont want people to be able to access http at all, and if the input this I want it to automatically switch to ssl. I have tried using a .htaccess with rewrite, I have tried a redirect within the httpd.conf file and it still doesnt work.

And yes reloading the config everytime!

Im on ubuntu for the record, dont know if that matters,

Have you tried the following link:

http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html

http://www.hovercontrol.com/images/tpix.gif
1. Master Battery/Electrical Switch ON
2. Master Avionics Switch ON
3. Check Fuel Levels
4. Fuel Valve Master ON
5. Nav Lights ON
6. Depress engine start
7. Monitor Rotor RPM until 100%
8. Calibrate Altimeter for your flight.


Oh, webserver .......errrm try the techy bods section: http://forum.caithness.org/forumdisplay.php?46-Technical-Support

Hi,

never noticed that bit in the forum! Sorry!

Alan,

Did that earlier, well did it without looking at the site and it doesnt work, or at least i cant get it too.

Ill just keep mumbling through lol!

Sorry just noticing this, what Allan suggested should work?

Couple of questions:


Are the mod_rewrite and mod_ssl modules installed and enabled? try issuing a 'sudo a2enmod ssl rewrite && sudo service apache2 force-reload'
Is the site in question enabled and listening on both 80 and 443? are there suitable host file entries?
What's in the ports.conf file?
Any error messages when you restart or force a reload?
Anything in the /var/log/apache2/ logs?
What does a 'netstat -alntp | grep apache' return?

If you could post or pastebin an anonymised version of the config file that might help.

It should look roughly like this, either in one file or in two separate files



<VirtualHost *:80>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin webmaster@domain.com
DocumentRoot /var/www/path/to/documentroot

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>

<Directory /var/www/path/to/documentroot>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>

ServerSignature Off
</VirtualHost>

<VirtualHost *:443>
ServerName domain.com
ServerAlias www.domain.com
ServerAdmin webmaster@domain.com
DocumentRoot /var/www/path/to/documentroot

SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

SSLCertificateFile /path/to/file/ssl.crt
SSLCertificateKeyFile /path/to/file/ssl.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /usr/local/apache/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>

<Directory /var/www/path/to/documentroot>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>

ServerSignature Off
</VirtualHost>

Hi,

1. Its a Dell Quad core server, 3.2GHz with 4Gb RAM.
2. Yes and yes. SSL works perfectly as does the unencrypted, but when it tries the divert (with this statement in httpd.conf - Redirect permanent / https//site.com) I am told this below. I am certain this syntax is bang on and i have treble checked it with about 10 sources!:

The page isn't redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete

3: Defo reloaded. Did it about a hundred times (sudo service apache2 force-reload)
4: Entries for both ports. When I start apache without an entry I am normally given an error that there isnt an entry for said port. I dont get that on startup. And like I said, if you navigate to the https url it works perfectly as does the http as long as I remove that redirect from the .conf.

I also tried but that didnt work either!

Clearly I am doing something wrong. I will post my config file tommorow, my head is literally done with it today!


Do you think it might be the fact I am running it as a virtual host might be an issue with the redirect? I was going to pan another site on the same server but I changed my mind and there is no reason I cant go back to just sticking it all as default.

Right, I actually rewrote my original post when I reread your first, so not sure which you're replying to.

The first thing to do is to remove all the existing rewrite and redirect stuff and then edit or remove the .htaccess files with similar statements. Then do the rewrite stuff. The redirect would work but I'd recommend doing the rewrite as above in my examples.

It won't be the virtual host stuff, I've had a similar setup in the past.

If that doesn't work, if you can edit out any identifiable information and post the config files here or in a pastebin.

EDIT: Just to confirm the rewrite has to be on and within the port 80 Virtual host file (between the tags). It's can't be a .htaccess as that'll be accessed by both sites or a redirect outside of the virtual host stuff inside the httpd.conf and it can't be between the port 443 virtual host definition. That's assuming individual sites are configured in site-available/sites-enabled. If all your virtualhosts are configured in httpd.conf then it has be within the sites port 80 virtual host tags.

Hi,

Right got it working! Syntax was wrong in my .htaccess file, althogh I swore I had it working before with the old syntax.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}


What little hair I have left is gone!!

Many thanks for your help!

I've had a few of those annoying syntax errors you just can't see, nice to know someone else works with Linux professionally. I thought I was the only one in the village.

You are RecQuery, you are! There is only one of you m8!

Well its professionally, but im no pro if that make sense! Got about 4-5 years experience with it from use at home and form bits and bobs at BT. Seen real pro's with linux and they talk a different language!

they talk a different language!

It's called English you bloody plum :lol:

Well with commands like: finger, unzip, mount, gasp, touch and strip (there are lots more actually but I'm stopping here) I have received the odd dirty look from people.