Join Log in
Score:0
Nick Bedford avatar Server

Apache 2.4.52 HTTPS Rewrite no longer works on Ubuntu 22.04

fr flag
Nick Bedford

I have been forcing HTTPS upgrade through mod_rewrite for years on Ubuntu 18.04 LTS servers. I recently upgraded a few of these servers to Ubuntu 22.04.1 LTS to ensure the latest security and Apache versions could be used.

Everything seemed fine until I discovered that every one of the different Apache configurations that ensures http:// is always upgraded to https:// no longer works.

Here are my current configuration files. Certbot is even setting it up correctly but it doesn't work on the :80 configuration. All of the required modules are enabled.

I know mod_rewrite works because Laravel still functions. I'm completely baffled! I've tried RedirectMatch, Redirect, RewriteRule etc. Every result on Google says to do all these same things. Certbot even sets it up "correctly".

<VirtualHost *:80>
        ServerName mydomain.com.au
        ServerAdmin [email protected]

        DocumentRoot "/var/www/mydomain.com.au/public"

        ErrorLog "/var/log/apache2/mydomain.com.au-error.log"
        CustomLog "/var/log/apache2/mydomain.com.au-access.log" common

        # Not exactly needed...
        <Directory "/var/www/mydomain.com.au/public">
                DirectoryIndex index.php
                Options FollowSymLinks
                AllowOverride All
                Require all granted
        </Directory>

        RewriteEngine on
        RewriteCond %{SERVER_NAME} =mydomain.com.au
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

        # This actually works in browsers at least
        Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

</VirtualHost>

<VirtualHost *:443>
        ServerName mydomain.com.au
        ServerAdmin [email protected]

        DocumentRoot "/var/www/mydomain.com.au/public"

        Header unset Upgrade
        Protocols http/1.1 # AWS ELB runs HTTP/2

        ErrorLog "/var/log/apache2/mydomain.com.au-error.log"
        CustomLog "/var/log/apache2/mydomain.com.au-access.log" common

        <Directory "/var/www/mydomain.com.au/public">
                DirectoryIndex index.php
                Options FollowSymLinks
                AllowOverride All
                Require all granted
        </Directory>

        <FilesMatch "\.(php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>

        SSLEngine on
        Include /etc/letsencrypt/options-ssl-apache.conf

        SSLCertificateFile /etc/letsencrypt/live/mydomain.com.au/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com.au/privkey.pem

        Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
</VirtualHost>

Update

I've since forced HTTPS in the Laravel project and required cookies to be only sent over secure connections which prevents any sessions from logging in. Browsers prevent forms from being sent insecurely these days too.

I'm just surprised at why the Apache HTTPS upgrade just does not work in the slightest now.

335
0 + 2
kz flag
MrWhite
What happens exactly? If literally nothing happens then it perhaps suggests you are connecting to a _different_ vHost? (But how then are you seemingly browsing your site?) (Using mod_rewrite for this is certainly unnecessary. A simple mod_alias `Redirect` directive is all that's required. No need to check the `SERVER_NAME` when already in the vHost for `SERVER_NAME`. But you say you've tried that as well?)
0
Reply
Nick Bedford avatar
fr flag
Nick Bedford
@MrWhite it's definitely the correct server (there's only one and I've confirmed it). The `RewriteCond` check is put in by certbot anyway. Not even the simple `Redirect` works (placed before the Rewrite lines). I've tried it all and none of it was working.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.