both ssl and non-ssl on single port
I would like to make my apache2 webserver serve both http and https on the same port.
With the different method i tried it was either not working on http or on https..
How can I do this?
Update:
If I enable SSL and then visit the with http I get page like this:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
<blockquote>Hint: <a href="https://server/"><b>https://server/</b></a></blockquote></p>
<hr>
<address>Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny16 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g Server at server Port 443</address>
</body></html>
Because of this, it seems very much possible to have both http and https on the same port.
A first step would be to change this default-page so it would present a 301-Moved header.
Update2: According to this, it is possible. Now, the question is just how to configure apache to do it.
SSL trafic can not work on same port as non-SSL traffic, TLS can do that but it is not used on web servers TLS is mostls used on SMTP server precisesly because of that reason
The same question was already asked several times (see two examples beneath) by different people, and it was always said, it is not possible by using Apache alone, you would have to use some other software or make your own listener of some kind:
Apache2 Rewrite http to https on port 5553
Apache answer both HTTP and HTTPS on the same port
Also I could not find any official Apache document that mentions http and https traffic on same port without some redirecting.
Keep in mind that when people say SSL they usually mean SSL/TLS which are not the same.
I would take this answer from apache.org as a definitive NO to your question to working with http and https on same port
Can we have both http and https listening on the same port?
Comment 1 Eric Covener 2011-11-22 14:36:45 UTC
No, and bugzilla is not for support or Q&A. Try the users mailing list.
https://issues.apache.org/bugzilla/show_bug.cgi?id=52228
You can try the mod_rewrite module but I suggest that you open another question on how to use it to make https redirects (you will still need to have multiple ports). I haven't worked with it so can't give you details about how to do it.
Like I said don't know much about the module so my guess is that you would need three ports. One non-SSL port for mod_rewrite to listen, one non-SSL for http traffic and one SSL port for https, you would have to make the 999 port for mod_rewrite and then have your services listen on two different port for http and https.
Pay attention to what Shane Madden said in his comment, http request on SSL enabled port would only give you errors even if you put mod_rewrite on that port.
It is possible to redirect http to https by using a custom ErrorDocument.
Having the whole webserver run on both http and https is not possible at the current version of Apache though.
Sadly, there is a bug in Apache 2.2-16 which has not been fixed yet because of which the redirection does only work in Apache 2.4.
For further infos have a look here: https://issues.apache.org/bugzilla/show_bug.cgi?id=50823
Update
Here is a proof-of-concept snippet I testet with apache 2.4:
<?php
if ($_SERVER["REDIRECT_STATUS"] == "400" && preg_match("/.*?Reason: You're speaking plain HTTP to an SSL-enabled server port\..*/", $_SERVER["REDIRECT_ERROR_NOTES"])) {
header("Location: https://localhost:999");
} else {
//echo normal error message
}
?>
Use it by setting ErrorDocument 400 /redirect-400-error.php in your apache config file.
You can find more info on the implementation of custom ErrorDocuments here.
Easy Solution:
ErrorDocument 400 https://server:port/
Now you get a "Found" redirect, and no nasty error message.