# Redirect to https

## ferp2

OK, there are other posts on this subject, which I've read and followed to no avail. I have apache2 running open-xchange. If I enter sub.domain.com in the address bar, I get a 400 page telling me that I've made a

 *Quote:*   

> Bad Request
> 
> Your browser sent a request that this server could not understand.
> 
> Reason: You're speaking plain HTTP to an SSL-enabled server port.
> ...

 

The first problem is that when you click on the link (https://domain.com:80/) it doesn't go anywhere. That's because the server is domain.com but DNS points to sub.domain.com.

Anyway, that's neither here nor there, because what I really want is for the user, who enters http://sub.domain.com, to get automatically redirected to https://sub.domain/cgi-bin/login.pl.

Now that should be easy enough, but it's not. If I create the following in /etc/apache2/conf/commonapache2.conf:

```
<VirtualHost dfsarchitects.com:80>

       ServerName ox.dfsarchitects.com

       DocumentRoot /var/www/localhost/htdocs

       RewriteEngine on

       RewriteCond %{SERVER_PORT} ^80$

       RewriteRule ^/(.*) https://ox.dfsarchitects.com/cgi-bin/login.pl$1 [L,R]

       RewriteLog "/var/log/apache2/rewrite_log"

       RewriteLogLevel 4

</VirtualHost>
```

I can't restart apache2 and I get the following in /var/log/apache2/error_log

 *Quote:*   

>  [warn] RSA server certificate CommonName (CN) `OX SSL Test-Only certificate' does NOT match server name!?
> 
> [error] Illegal attempt to re-initialise SSL for server (theoretically shouldn't happen!)

 

So, does anyone know how to get the proper redirection to occur.

Thanks

----------

## Spooky Ghost

Part of the problem looks like that you have your SSL configuration setup incorrectly.  Even if you aren't intending to run anything on 80 this should still be talking HTTP not HTTPS.  By default your client is going to talk http at port 80 and it aborts because this is failing, you would need to successfully negotiate the SSL session before receiving any additional http protocol instructions.

----------

## dashnu

```
<VirtualHost *:80>

    ServerName www.domain.net

    DocumentRoot /var/www/www.domain.net/htdocs

     RewriteEngine on

     RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)

     RewriteRule .* - [F]

    LogFormat "%v %l %u %t \"%r\" %>s %b" comonvhost

    CustomLog logs/access_www.log comonvhost

    RedirectMatch permanent ^/$ https://www.domain.net

</VirtualHost>

```

I do it that way, Of course you also need to set up a vhost in /etc/apache2/conf/modules.d/41_mod_ssl.default-vhost.conf

I am not sure this is the best way to do it but it has been working for a year or so now with no issues.

You may want to look into your certs. I create my own certs and I do not receive the errors you posted.

----------

## ferp2

Thanks for your suggestion, init_zero, but it doesn't work. error_log is telling me "Illegal attempt to re-initialize SSL for Server". In any case the open-xchange server is not virtual hosted. My DocumentRoot is /var/www/localhost/htdocs. I've tried putting the mod_rewrite directives in a .htaccess file in /var/www/localhost/htdocs. When that didn't work, I tried putting the mod_rewrite directives in /etc/apache2/conf/commonapache2.conf. Unfortunately that didn't work either. No matter what I do I end up with a 400 Bad Request page. It's like the 400 Bad Request page is overriding the mod_rewrite directives. I even tried commenting out

```
<Directory />

SSLRequireSSL

</Directory>

```

I still got the same 400 Bad Request message. 

I created my own certs, just as the howto recommended, so I don't think the problem is there. 

As far as the client failing to reach port 80, that's what we want.  We don't want any connections made on port 80. If somebody enters sub.domain.tld, the client assumes http://. What happens is that he gets a 400 Bad Request error, which is perfectly fine because the client cannot connect on port 80. The link on the 400 page allows the user to access the server via https. Unfortunately, as I explained, because dns is sub.domain.tld and apache is domain.tld, the link leads nowhere. Still, even it it did lead somewhere, I'd rather the client enter sub.domain.tld and be automatically redirected to https://sub.domain.tld/cgi-bin/login.pl. The is where the mod_rewrite code, which I have spread into every corner of apache2's cofig files without any success whatsoever, comes in handy  :Wink: 

Something's amiss, but I don't know what...

Any help is appreciated.

I should have put this in the open-xchange forum here on Gentoo, since this problem seems to have to do exclusively with setting up open-xchange with Mike Fetherston's howto.

----------

## dashnu

I have mine set up for SSL only... I do block out 80 with a firewall though. 

/etc/apache2/conf/modules.d/41_mod_ssl.default-vhost.conf

```
ServerName ox.domain.com

DocumentRoot /var/www/localhost/htdocs

RewriteEngine on

RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)

RewriteRule .* - [F]

RedirectMatch permanent ^/$ https://ox.domain.com/cgi-bin/login.pl

```

User of course have to use httpS. That is all I do I have no idea what your issue could be. When starting up apache tail the logs do you see any errors when you fire up apache? Also google around for openssl , there is a way to check your certs I however do not rember off the top of my head. I also do not think it has anything to do with OX specifically. There is something going on with your apache install just not sure what.

----------

## ferp2

 *Quote:*   

> I have mine set up for SSL only... I do block out 80 with a firewall though.

 

So what happens if someone enters your_domain.tld, thinking he'll end up at the OX login but instead can't access the server. Your regular user doesn't know http from https, and when he enters the URL, the browser by default adds http:// not https://. That's why I want it so that when a user enters sub.domain.tld (default port 80 as in http://), he gets redirected to https://sub.domain.tld/cgi-bin/login.pl. I'm going to to paste this thread to the main OX thread so all concerned can see this issue.

Thanks

----------

## ekutay

As far as I can see from the snippets, you do not have a vhost listening on port 443. 

You specify 

```
<VirtualHost dfsarchitects.com:80>
```

 but servername 

```
ServerName ox.dfsarchitects.com
```

 and there your redirect is pointing to.

Try to invent a vhost listening on *:443 with the fitting servername 

```
ServerName ox.dfsarchitects.com
```

.

----------

## ferp2

Etukay, are you asking me to change

ServerName dfsarchitects.com

to

ServerName ox.dfsarchitects.com

I can't do that since the whole system is set up for dfsarchitects.com.

The reason ox.dfsarchitects.com exists is because that's the way dns has been set up and it's out of my control.

Here's another question: Where do I put <VirtualHost ox.dfsarchitects.com:80> 

Shouldn't it be

<VirtualHost ox.dfsarchitects.com:443>

In any case I think your answer is leading in the right direction, but I'm having trouble understanding it. Could you be a little more explicit, as in where the VirtualHost directive goes: apache2.conf or commonapache2.conf or 41_mod_ssl.default-vhost.conf.

----------

## ekutay

As I do not know the whole configuration I can only guess, but if you have the vhost listening only on port 80 for the given servername or serveralias you will be in trouble. To use the httpd with ssl you must have it listening on port 443. If this is the case, the apache must feel responsible for the passed servername, serveralias or ipaddress.

Try to invent another vhost with the correct port (443) or try my advice to use a wildcard for port 443 to get a connection established.

Regarding your question in which file to place the directives, I would presume the best place suiting is semantically in 41_mod_ssl.default-vhost.conf. Functionally it doesn't matter as al configurations are included using the include directive.

I can look later on one of my servers to check my configurations.

----------

## dashnu

yea man, Just create a vhost in /etc/apache2/conf/vhosts/vhosts.conf that does a redirect to https... Then in /etc/apache2/conf/modules.d/41_mod_ssl.default-vhost.conf with the *:443 ssl-vhost entry..

When you hit http:domain.com it sees that its a redirect and at that point apache looks for a SSL vhost that matches your redirect..

If you did what i said in my first post things would be working.

----------

