Ssl – Forwarding 80 to 443 on Nagios woes

.htaccesscentos6mod-rewritenagiosssl

I perhaps just need some extra insight because I don't see where I'm going wrong.
I used an SSL Cert to secure our nagios server. We want to specifically require all traffic over nagios (like 2 users, lol) to use SSL.

So I thought, oh, mod_rewrite + Rewrite Rule in .htaccess, right?

So I went into the DocumentRoot and did a vi .htaccess (one didn't already exist) and then I put in the following rule;

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://our.server.org/$1 [R,L]

This does absolutely nothing. Does nada.

Whhhyy..

Note: AllowOverride all in httpd.conf is on. Also, I verified that the module is not uncommented out … but note, I couldn't find the mod_rewrite module installed so I copied it over from another server and placed it in modules/mod_rewrite.so . It was weird because it was enabled in the httpd.conf file, but then didn't exist in modules …

I'm a baddie 🙁

Best Answer

Here's my redirecting non-ssl VirtualHost in its entirety:

<VirtualHost *:80>
  ServerAdmin root@example.com
  ServerName www.example.com
  ServerAlias example.com

  RewriteEngine on
  RewriteCond %{HTTPS} !=on
  RewriteRule ^/(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

  LogLevel warn    
  CustomLog /var/log/apache2/access.log vhost_combined
  ErrorLog /var/log/apache2/error.log
</VirtualHost>

This belongs in the Apache config rather than in .htaccess.

The main difference is in our RewriteCond lines, where yours is %{SERVER_PORT} 80 and mine is %{HTTPS} !=on.

Related Solutions

Tomcat – Apache2 – mod_expire and mod_rewrite not working in httpd.conf – serving content from tomcat

Probably the ProxyPass / directive you have in your config routes all requests to the Tomcat backend, bypassing all your mod_rewrite directives. You can try to remove the ProxyPass directive and use RewriteRule with the [P] flag after your other rewrites:

mod_rewrite: P|proxy

For the expire headers the situation is worse — in another similar question a solution was not found.

Option +FollowSymLinks would be needed for using mod_rewrite in .htaccess files; in your case it is not required, because you can put everything in the Apache config. Moving rules from config to .htaccess is pointless and can only make things slower. However, there is an important difference between .htaccess and the Apache config — in .htaccess patterns in RewriteRule are matched against relative filesystem paths (which never start with /), while in the VirtualHost context these patterns are matched against the URL path after the hostname, which always starts with /. Therefore at least one of your rules is incorrect:

RewriteRule ^content/(js|css)/([a-z]+)-([0-9]+)\.(js|css)$ /content/$1/$2.$4

should be

RewriteRule ^/content/(js|css)/([a-z]+)-([0-9]+)\.(js|css)$ /content/$1/$2.$4

(note the additional slash in the beginning).

Ssl – Apache: rewrite port 80 and 443 – multiple SSL vhosts setup

Remember that when you make an HTTPS connection to https://domain2.org (which is really a connection to https://domain2.org:443), the order is roughly

Browser opens connection to IP on port 443
Apache looks for a VirtualHost matching the combination IP:443
In this case it finds the VirtualHost for domain1.org
Apache sends the SSL certificate associated with that VirtualHost (i.e. the cert for domain1.org)
[The rest of the SSL negotiation]
Browser sends its HTTP request headers, including the Host: header telling Apache what domain it thinks it's talking to.
If applicable, mod_rewrite processing of the HTTP request headers happens here.

i.e. when Apache decides which certificate to send, it hasn't yet received the information that mod_rewrite would use to do the redirect.

To get around this you'd need a single certificate that was valid for both domains. This could be either a wildcard certificate (if the situation is domain1.example.com and domain2.example.com, get a certificate for *.example.com), or you could try to get an SSL certificate with a Subject of "domain1.org", but a Subject Alternate Name of "domain2.org".

In either case you'd need to do the redirection in the main Apache config files - if it's in a .htaccess file in domain2.org's DocumentRoot, then requests that use domain1.org's VirtualHost will go to a different DocumentRoot directory, and won't ever see the file.

Best Answer

Related Solutions

Tomcat – Apache2 – mod_expire and mod_rewrite not working in httpd.conf – serving content from tomcat

Ssl – Apache: rewrite port 80 and 443 – multiple SSL vhosts setup

Related Topic