Ubuntu – https redirect to virtual host directory and http not working

apache-http-serversslUbuntu

System configuration

  1. ubuntu14.04 (64bit)
  2. XAMPP 1.8.3-5
    • Apache/2.4.10
      (Unix) OpenSSL/1.0.1i PHP/5.5.15 mod_perl/2.0.8-dev Perl/v5.16.3

I have read on new features of apache 2.4

NameVirtualHost directive
No longer needed and is now deprecated.

So instead of NameVirtual hostI tried other ip-based virtual hosts.

Below changes I have made to work with

httpd.conf

uncommented Include line inside <IfModule ssl_module> block

<IfModule ssl_module>
<IfDefine SSL>
Include etc/extra/httpd-ssl.conf
</IfDefine>
</IfModule>

httpd-ssl.conf

create apache ssl certificate and add log files on respective location 

<VirtualHost localhost:443>

DocumentRoot "/opt/lampp/htdocs/wsdl"
ServerName wsdl.local
ServerAlias wsdl.local
ServerAdmin myemail@email.com
ErrorLog "/opt/lampp/logs/wsdl_error_log"
TransferLog "/opt/lampp/logs/wsdl_access_log"
SSLEngine on
SSLCertificateFile "/opt/lampp/apache2/ssl/wsdl.crt"
SSLCertificateKeyFile "/opt/lampp/apache2/ssl/wsdl.key"
</VirtualHost>

here is the error log file

wsdl_error_log

[Fri Nov 21 15:43:12.001231 2014] [ssl:warn] [pid 5322] AH01906: wsdl.local:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Nov 21 15:43:12.001350 2014] [ssl:warn] [pid 5322] AH01909: wsdl.local:443:0 server certificate does NOT include an ID which matches the server name
[Fri Nov 21 15:43:13.001886 2014] [ssl:warn] [pid 5323] AH01906: wsdl.local:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Fri Nov 21 15:43:13.001960 2014] [ssl:warn] [pid 5323] AH01909: wsdl.local:443:0 server certificate does NOT include an ID which matches the server name

My problem is

  • http://localhost >> Bad request
  • https://localhost/wsdl/ >> not working
  • https://192.168.xx.xx/ >> Secure Connection Failed (Error code: ssl_error_rx_record_too_long)
  • https://192.168.xx.xx/wsdl/ >> SSL connection Error

while

  • http://192.168.xx.xx/ >> working (just like the defualt xammpp)
  • http://localhost navigate to http://localhost/wsdl directory

P.S localhost behaves same as 127.0.0.1 in each condition

Please suggest What something extra I have to add to make it workful? like

  • adding something on /etc/hosts or any other configuration
    or
  • um commenting Include etc/extra/httpd-vhosts.conf in httpd.conf

update

created proper certificate
Note: write wsdl.local

The most important item that is requested is the line that reads
"Common Name (e.g. server FQDN or YOUR name)". You should enter the
domain name you want to associate with the certificate, or the
server's public IP address if you do not have a domain name.

added virtual host address in /etc/hosts

127.0.0.1 wsdl.local

altered /opt/lampp/etc/extra/ httpd-ssl.conf 

<VirtualHost *:80>
    DocumentRoot "/opt/lampp/htdocs"
    ServerName localhost
</VirtualHost>

<VirtualHost _default_:443> <-- added back _default_
ServerAlias www.wsdl.local  <-- alias append with www

<Directory "/opt/lampp/htdocs/wsdl"> <-- wraped directory in "
    Options All
    AllowOverride All
    order allow,deny
    allow from all
    #SSLRequireSSL <-- commented
</Directory>

and I notice changes in URL behavior

  • http://wsdl.local/ http://localhost & http://127.0.0.1 >> URL changed to http://wsdl.local/xampp/ and display XAMPP main page

  • https://wsdl.local/ & https://localhost/ navigated to wsdl directory (which is desired )

  • https://127.0.0.1/ >> URl turns into https://127.0.0.1/xampp/ and Object not found

But this is still not expected, what require is

http[s]://localhost/ and http[s]://127.0.0.1/ take me to XAMPP main page

http[s]://wsdl.local would navigated to wsdl directory

Best Answer

Step 1: Use OpenSSL to produce the keys that are used to secure your site. These keys are used when encrypting and decrypting the traffic to your secure site.

$openssl genrsa -out mydomain.key 1024

Step 2: Generate your own certificate .

 $ openssl req -new -key mydomain.key -x509 -out mydomain.crt

Step 3: Keep the pricate key in the directory /etc/apache2/ssl.key/ and certificate in the directory /etc/apache2/ssl.crt/.

Note: The ssl.key directory must be only readable by root.

Step 4: Now you need to edit httpd.conf file in /etc/apache2.

Now this file should include content like this:

> <VirtualHost *:80>
> 
> ServerAdmin keshav.mohta@dotsquares.com
> 
> DocumentRoot /opt/lampp/htdocs/wsdl
> 
> ServerName www.mydomain.com
> 
> ServerAlias mydomain.com
> 
> </VirtualHost>


<VirtualHost *:443>

ServerAdmin keshav.mohta@dotsquares.com

DocumentRoot /opt/lampp/htdocs/wsdl

ServerName mail.mydomain.com

SSLEngine on

SSLCertificateFile /etc/apache2/ssl.crt/mydomain.crt

SSLCertificateKeyFile /etc/apache2/ssl.key/mydomain.key

ErrorLog "/opt/lampp/logs/wsdl_error_log"

TransferLog "/opt/lampp/logs/wsdl_access_log"

</VirtualHost>


<Directory /srv/www/htdocs/mydomain-secure>
SSLRequireSSL
</Directory>

Don't change Listen 80 to 443 in /etc/httpd/conf/httpd.conf. SSL is configured in /etc/httpd/conf.d/ssl.conf. SSL is enabled and listening by default with a self signed certificate.

You can get to the default site using SSL just by browsing to https://localhost (you don't need to add the port to the end of the URL).

If you want to forward all HTTP requests to HTTPS (which is what I believe you are trying to achieve), you can either add a permanent redirect, or use the Apache module mod_rewrite.

The easiest and most secure way is to set up a permanent redirect. Enable named virtual hosts and add a Redirect directive to the VirtualHost in /etc/httpd/conf/httpd.conf.

Related Question