Join Log in
Score:2
Ishayahu avatar Server

Apache on debian don't redirect http to https correctly

id flag
Ishayahu

Debian 11

config file: /etc/apache2/sites-enabled/000-default.conf

<VirtualHost *:80>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
    ServerName zabbix.example.ru

</VirtualHost>
<VirtualHost *:443>
    ServerName zabbix.example.ru
    DocumentRoot "/usr/share/zabbix/"
</VirtualHost>

If I open in brouser zabbix.example.ru it will be open by https. But if I open manualy http://zabbix.example.ru it doesn't redirect to https

The same setting (as I understand) perfectly forks for me on FreeBSD, but it looks like on Debian I should make something other

/usr/sbin/apachectl -S

VirtualHost configuration:
*:80                   zabbix.lasil.ru (/etc/apache2/sites-enabled/000-default.conf:1)
*:443                  zabbix.lasil.ru (/etc/apache2/sites-enabled/000-default.conf:9)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/run/apache2/" mechanism=default
Mutex mpm-accept: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

UPD: I was a little wrong about problem. Not only there is no redirect, but such an error is also issued

Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Apache/2.4.54 (Debian) Server at zabbix.example.ru Port 80
474
3 + 5
John Hanley avatar
cn flag
John Hanley
For your update, your Virtual Host for port 443 does not have an SSL certificate configured. Therefore it is speaking HTTP and not HTTPS.
1
Reply
kz flag
MrWhite
Or, they have seemingly enabled SSL on port 80?! @JohnHanley
0
Reply
John Hanley avatar
cn flag
John Hanley
Port 80 does not have HTTPS enabled. If it was enabled, the error message would be different.
1
Reply
kz flag
MrWhite
@JohnHanley "You're speaking plain HTTP to an SSL-enabled server port." - Only HTTP (port 80) requests get this message (server rejects the request and the redirect does not happen). HTTPS (port 443) requests appear to be working just fine (there is a valid SSL cert).
0
Reply
John Hanley avatar
cn flag
John Hanley
@MrWhite - Oops, I read the port numbers backwards. How is SSL enabled on port 80? The VirtualHost does not show that configuration.
1
Reply
Score:2
vidarlo avatar Server
ar flag
vidarlo

You want a permanent, unconditional redirect. Simply don't use mod_rewrite:

<VirtualHost *:80>
    ServerName zabbix.example.ru
    Redirect permanent / https://zabbix.example.ru/
</VirtualHost>
+ 2
Ishayahu avatar
id flag
Ishayahu
I still got error. By the way I see I didn't mention an important thing, please see question update
0
Reply
vidarlo avatar
ar flag
vidarlo
Have you included *ALL* of your `/etc/apache2/sites-enabled/000-default.conf` in the question?
0
Reply
Score:1
Ishayahu avatar Server
id flag
Ishayahu

Thank's to all.

After reading comments I understand that site configuration (where was enabled SSL) (that was in /etc/apache2/conf-enabled/ folder) wasn't limited to any VirtualHost, so it was enabled to all server, not only to port 443

I moved it to VirtualHost on port 433 and problem was solved

+ 1
vidarlo avatar
ar flag
vidarlo
Apache doesn't are about *where* the *file* is located. It cares about in what type of config it's located. Apache has different sections with different scopes, e.g. vhost, directory, serverwide etc.
3
Reply
Score:0
avatar Server
eg flag
Thomas Chung

In my case, I had to disable 000-default site.

# a2dissite 000-default
# systemctl reload apache2

Cheers!

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.