Global Redirection of port 80 to 443
Solution 1
Try adding this to your httpd.conf;
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
From here - >http://www.sslshopper.com/apache-redirect-http-to-https.html
This uses mod_rewrite so make sure you have that installed beforehand.
The recommended method is as you state to set this in the VHOST file for each site as described here;
http://wiki.apache.org/httpd/RedirectSSL
However, the Apache wiki does document the above rewrite method on more detail;
http://wiki.apache.org/httpd/RewriteHTTPToHTTPS
Solution 2
Redirecting port 80 to 443 is trivial with iptables, but from your description you clearly do not want to run http on port 443: You want people to be redirected from http to https.
You are clearly aware that this can be done in Apache for each virtual host, but you prefer not to use that to avoid configuration oopses; otherwise sgtbeano's solution is what I would recommend.
Based on that I would recommend you stop using Apache on port 80 and that you run another webserver on port 80 that does the simple redirect.
You could even run a separate instance of Apache on port 80 with a different configuration dir. This will also avoid the configuration oopses, but may be harder to maintain (not many people expect 2 different instances of Apache on the same host with 2 different sets of config files). In this case you can use sgtbeano's config for the port 80 instance.
Related videos on Youtube
flickerfly
Updated on September 18, 2022Comments
-
flickerfly over 1 year
I'd like to setup my linux box so that anything hitting port 80 would simply be told ask that of 443. I want it to be regardless of domain, IP or whatever specific details may exist. If it can be requested of port 80, it should be told nope. We do that on 443.
I'll be using Apache on 443 so could bind it to 80 easy enough, but don't see the solution as having to include Apache on port 80.
To be clear, I'm looking for a solution that would require no changes to the vhosts. I understand global redirects that can be passed down with inheritance. That requires vhost changes. I'm looking for something more all-encompassing and less prone to "Oops, I forgot that line and now port 80 is exposing my data unencrypted."
How would you go about solving that problem? iptables, apache, custom shell script with netcat and some magic to make it go SSL?
-
HTTP500 over 10 yearsA proxy / local traffic manager.
-
-
plasmid87 over 10 yearsIf not editing the Apache configuration is key, I'd recommend this approach and use nginx with a configuration from answers to this question. I'm recommending nginx (a complete web server) over "shell script magic" as under load these style solutions tend to exhibit poor performance.
-
flickerfly over 10 yearsThanks Ole Tange, this most closely addresses my thoughts. plasmid87, thanks for the evaluation of a script versus nginx. I think it'd also be more clear that two web servers are running than if we had two apache servers. I was originally skeptical looking over the config, but looks like nginx can do a redirect of 80 to 443 across all potential hostnames. That in fact may mean I could simply switch to a single instance of nginx instead of apache. Would that make sense?
-
Ole Tange over 10 yearsI would like to stress that I agree with @plasmid87: Run a real web server and not some shell magic: Chances are that an untested shell script will not cover all corner cases.
-
plasmid87 over 10 years@flickerfly It is really straightforward doing HTTP to HTTPS redirects with Nginx, a single listen block with
return 301 https://$host$request_uri;
will send back a 301 redirect to any connecting clients ($host
and$request_uri
is automatically mined from the incoming request). You'll still need two webservers running if you want to keep the Apache configuration - one for the content (Apache) and one to do the redirect (Nginx). -
roaima almost 4 years"Redirecting port 80 to 443 is trivial with iptables" - redirecting the port, sure, but given they're different protocols how would that be useful?