Global Redirection of port 80 to 443

apache-2.2 redirect https shell-scripting
17,615

Solution 1

Try adding this to your httpd.conf;

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

From here - >http://www.sslshopper.com/apache-redirect-http-to-https.html

This uses mod_rewrite so make sure you have that installed beforehand.

The recommended method is as you state to set this in the VHOST file for each site as described here;

http://wiki.apache.org/httpd/RedirectSSL

However, the Apache wiki does document the above rewrite method on more detail;

http://wiki.apache.org/httpd/RewriteHTTPToHTTPS

Solution 2

Redirecting port 80 to 443 is trivial with iptables, but from your description you clearly do not want to run http on port 443: You want people to be redirected from http to https.

You are clearly aware that this can be done in Apache for each virtual host, but you prefer not to use that to avoid configuration oopses; otherwise sgtbeano's solution is what I would recommend.

Based on that I would recommend you stop using Apache on port 80 and that you run another webserver on port 80 that does the simple redirect.

You could even run a separate instance of Apache on port 80 with a different configuration dir. This will also avoid the configuration oopses, but may be harder to maintain (not many people expect 2 different instances of Apache on the same host with 2 different sets of config files). In this case you can use sgtbeano's config for the port 80 instance.

Share:
17,615

Related videos on Youtube

flickerfly
Author by

flickerfly

Updated on September 18, 2022

Comments

  • flickerfly
    flickerfly over 1 year

    I'd like to setup my linux box so that anything hitting port 80 would simply be told ask that of 443. I want it to be regardless of domain, IP or whatever specific details may exist. If it can be requested of port 80, it should be told nope. We do that on 443.

    I'll be using Apache on 443 so could bind it to 80 easy enough, but don't see the solution as having to include Apache on port 80.

    To be clear, I'm looking for a solution that would require no changes to the vhosts. I understand global redirects that can be passed down with inheritance. That requires vhost changes. I'm looking for something more all-encompassing and less prone to "Oops, I forgot that line and now port 80 is exposing my data unencrypted."

    How would you go about solving that problem? iptables, apache, custom shell script with netcat and some magic to make it go SSL?

    • HTTP500
      HTTP500 over 10 years
      A proxy / local traffic manager.
  • plasmid87
    plasmid87 over 10 years
    If not editing the Apache configuration is key, I'd recommend this approach and use nginx with a configuration from answers to this question. I'm recommending nginx (a complete web server) over "shell script magic" as under load these style solutions tend to exhibit poor performance.
  • flickerfly
    flickerfly over 10 years
    Thanks Ole Tange, this most closely addresses my thoughts. plasmid87, thanks for the evaluation of a script versus nginx. I think it'd also be more clear that two web servers are running than if we had two apache servers. I was originally skeptical looking over the config, but looks like nginx can do a redirect of 80 to 443 across all potential hostnames. That in fact may mean I could simply switch to a single instance of nginx instead of apache. Would that make sense?
  • Ole Tange
    Ole Tange over 10 years
    I would like to stress that I agree with @plasmid87: Run a real web server and not some shell magic: Chances are that an untested shell script will not cover all corner cases.
  • plasmid87
    plasmid87 over 10 years
    @flickerfly It is really straightforward doing HTTP to HTTPS redirects with Nginx, a single listen block with return 301 https://$host$request_uri; will send back a 301 redirect to any connecting clients ($host and $request_uri is automatically mined from the incoming request). You'll still need two webservers running if you want to keep the Apache configuration - one for the content (Apache) and one to do the redirect (Nginx).
  • roaima
    roaima almost 4 years
    "Redirecting port 80 to 443 is trivial with iptables" - redirecting the port, sure, but given they're different protocols how would that be useful?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Apache HTTPS redirect from old domain to new HTTPS Domain
How to redirect http to https for IP and domain on Apache2
redirected you too many times
Redirect HTTPS to HTTP except for specific URL
Apache Redirect TO IP Address (non-URL)
Conditional https redirect to http depending on URL? (Apache)
Apache Redirect from https to https
apache force if url has specific pattern redirect to https
IIS HTTP to HTTPS relative redirect
how to redirect page to https in php?