Score:0

What is a good practice when setting www vs. non-www server (apache)?

us flag

I have tried to configure a non-www website on Ubuntu 18.04 with Apache 2.4 and I've managed to make things work, my https://example.me works fine. But, www.example.me subdomain is also active (because I've added ServerAlias). The https://www.example.me opens as well and shows no certificate which makes me confused - shouldn't it redirect to https://example.com ? What is a good practice here - should I have both www and non-www subdomains and a separate conf file for each? Should I use only one of them with permanent redirection? Why is redirection not working here, do I need some other directive?

Kind regards.

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/mysite.me.crt
        SSLCertificateKeyFile /etc/apache2/ssl/mysite.me.key
        SSLCertificateChainFile /etc/apache2/ssl/mysite.me.crt
        DocumentRoot /var/www/html
        ServerName https://example.me
        ServerAlias www.example.me
        UseCanonicalName Off

        ProxyPreserveHost On
        ProxyRequests On
        ProxyVia On

        #ErrorLog /var/log/httpd/tomcat.error.log
        #CustomLog /var/log/httpd/tomcat.log combined

       <Proxy *>
               Order deny,allow
               Allow from all
       </Proxy>
        Include /etc/apache2/sites-available/redirect.conf

        ProxyPass / ajp://localhost:8009/
        ProxyPassReverse / ajp://localhost:8009/
</VirtualHost>

<VirtualHost *:80>
        ServerAdmin [email protected]
        ServerName example.me
        DocumentRoot /var/www/html
        UseCanonicalName Off
        Redirect permanent "/" "https://example.me/"

        ProxyPreserveHost On
        ProxyRequests On
        ProxyVia On

        #ErrorLog /var/log/httpd/tomcat.error.log
        #CustomLog /var/log/httpd/tomcat.log combined

       <Proxy *>
               Order deny,allow
               Allow from all
       </Proxy>
        Include /etc/apache2/sites-available/redirect.conf

        ProxyPass / ajp://localhost:8009/
        ProxyPassReverse / ajp://localhost:8009/

        #ProxyPass / http://localhost:8080/
        #ProxyPassReverse / http://localhost:8080/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>
in flag
If you want to know why the redirect does not work you should include your redirect configuration file into the question.
c.mtd17 avatar
us flag
That redirection contains some two thousand rules with redirection from old website to the new one.
Score:0
cn flag
Bob

First, please note that permanent redirects are cached by your web browser, so if you made a change and are testing a modified configuration, take pre-cautions and/or adjust your test methodology. More about that here.


IMHO your configuration is also riddled with errors and incorrect assumptions.


DO NOT ENABLE / ALLOW proxy requests!!!

    ProxyPreserveHost On
    ProxyRequests On
    ProxyVia On
   <Proxy *>
           Order deny,allow
           Allow from all
   </Proxy>

The directives above are to create a forward proxy. Even worse, it is open proxy, that can and will be abused by anybody wants to hide their IP-address using your web server.

You do not need ProxyRequests On for a reverse proxy and the ProxyPass directives to work.

Please remove those.


In your HTTP VirtualHost

When you only have one VirtualHost it becomes the default VirtualHost (for that port and address). A longer description here. So unless you have additional VirtualHost blocks defined, this single entry:

<VirtualHost *:80>
        ServerAdmin [email protected]
        ServerName example.me

will be used for all plain http requests, i.e. both http://example.me/some-page.htm?foo=bar , http://www.example.me , http://your.ip-address/ etc. That VirtualHost will be used even when there is no explicit ServerAlias www.example.com designating www.example.com as an alternate host name for that particular VirtualHost.

 Redirect permanent "/" "https://example.me/"

Instructs that all requests will result in a redirect response to https://example.me/ in other words:

 http://example.me/some-page.htm?foo=bar  ==>  https://example.me/some-page.htm?foo=bar
 http://www.example.me                    ==>  https://example.me/
 http://your.ip-address/bob/is.awe-some   ==>  https://example.me/bob/is.awe-some

When you redirect everything away it also makes no sense to then have any other directives normally intended to display content in that VirtualHost, so you can omit the DocumentRoot, ProxyPass etc and keep a very minimal plain http VirtualHost:

<VirtualHost *:80>
        ServerAdmin [email protected]
        ServerName example.me
        UseCanonicalName Off

        Redirect permanent "/" "https://example.me/"

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

In your HTTPS VirtualHost the same holds true: if there are no other VirtualHosts it will be the default used for any request.

The only thing is of course the server TLS certificate; that is only valid for the hostnames included in there, other hostnames will result in an invalid certificate error/warning.

You probably will need to check the contents of the file you include here:

Include /etc/apache2/sites-available/redirect.conf
c.mtd17 avatar
us flag
Thank you Bob for such a detailed explanation. They are actually using proxy for tomcat and some other app... I "inherited" this server from someone else and I'm trying to see what is a good practice and how to configure it and why is invalid certificate warning present with www.example.me. Do you maybe see it in this configuration? Should I add another virtualhost for www and link certificate there? Redirect.conf contains some two thousand rules for redirection of data from old to the new website...
cn flag
Bob
You do not need to have a forward proxy enabled when using a reverse proxy or ajp
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.