HTTP to HTTPS rewrite rule not working
ubuntu 14.04
Apache/2.4.7
I am posting here conf file for my virtual host and default ssl host. not able to figure what am I doing wrong.
http://<website_url> shows the index of the folder. I want to redirect this to https.
https://<website_url> opens fine.
IMPORTANT: I have not enabled the default SSL site.
cat default-ssl.conf|grep -v "#"
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
</IfModule>
And here is mywebsite configuration file:
cat www.mywebsite.com.conf|grep -v "#"
<VirtualHost *:443>
ServerName www.mywebsite.com:443
ServerAlias www.mywebsite.com
ServerAdmin [email protected]
DocumentRoot /var/www/www.mywebsite.com/html
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</IfModule>
SSLEngine on
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
ErrorLog ${APACHE_LOG_DIR}/ssl.error.log
CustomLog ${APACHE_LOG_DIR}/ssl.access.log combined
</VirtualHost>
If you want that http://www.mywebsite.com/ is always be sent over https you should use redirect because use mod_rewrite isn't the recommended behavior.
According to Redirect Request to SSL Apache wiki page:
When using SSL, you will frequently have at least two virtual hosts: one on port 80 to serve ordinary requests, and one on port 443 to serve SSL. If you wish to redirect users from the non-secure site to the SSL site, you can use an ordinary Redirect directive inside the non-secure VirtualHost
So, try to add this directive in your non-secure VirtualHost:
Redirect permanent / https://www.mywebsite.com/
If you want anyway use rewrite rule, you should add these lines in non-secure VirtualHost:
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e. http://www.mywebsite.com/foo/ to https://www.mywebsite.com/foo/
as described in HTTP to HTTPS Apache wiki page.
Your configuration doen't work, because it is not defined a non-secure VirtualHost (usually on port 80) that handles http requests and redirect them to secure VirtualHost.
Try adding these lines:
<VirtualHost *:80>
ServerName dev.dom1.com
Redirect permanent / https://dev.dom1.com/
</VirtualHost>
In this case you don't need a DocumentRoot because this VirtualHost is redirecting everything.
Rewrite rule shown in your configuration file protect secure VirtualHost from being accessed via http protocol, for example http://www.mywebsite.com:443/ will be https://www.mywebsite.com:443/
You should also check that your site linking to the correct page (https) from within your HTML pages.