Is it possible to run an Apache VirtualHost on port 443 with SSL off?
Solution 1
The answer is to simply disable mod-ssl altogether
sudo a2dismod ssl
sudo apachectl restart
Solution 2
define port 443 as http in your ports.conf (for debian)
e.g.
NameVirtualHost *:443
Listen 443 http
Jesse
Updated on September 18, 2022Comments
-
Jesse over 1 year
I am running a site completely over SSL using a load balancer in front of Apache doing all the certificate handling and decryption. I let HTTP traffic through the load balancer so Apache can handle doing redirects. When the traffic is redirected to the HTTPS page, the load balancer does the decryption and forwards the request to any port I want.
http --> load balancer:80 --> apache:80 --> 301 url:443
https --> load balancer:443 --decrypted traffic--> apache:ANY PORT I WANT
I can use any port besides 80 for all my vhosts to avoid a redirect loop (port 444 works fine in the config below), but for consistency among Apache configs with non-production environments I'd like to know if I can use port 443 for the VirtualHosts despite the fact that SSL is actually NOT enabled in Apache.
I thought I could just put
SSLEngine off
in the<VirtualHost *:443>
to force this port without SSL since, as the default SSL port Apache appears to try to enable SSL, but Apache doesn't start with this config on Debian 6. (I've commented out everything in /etc/apache2/ports.conf btw.)[error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile]
So...how can I use port 443 with SSL disabled?
NameVirtualHost *:80 Listen 80 <VirtualHost *:80> # Force SSL RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R=301,L] </VirtualHost> NameVirtualHost *:443 Listen 443 <VirtualHost *:443> SSLEngine Off DocumentRoot /var/www <Directory /var/www/> Options All AllowOverride All Order allow,deny allow from all </Directory> </VirtualHost>
The answer is to simply disable mod-ssl altogether
sudo a2dismod ssl sudo apachectl restart
-
gokva about 12 yearsinteresting, I would have thought that would work. I will give it a try when I am home later and see if I can replicate it, if you don't get any better answers in the mean time.
-
Jesse about 12 yearsThought of the answer right after posting this. Just run...
sudo a2dismod ssl
sudo apachectl restart
-