LeeTheCoder LeeTheCoder - 24 days ago 7
Apache Configuration Question

Installed SSL certificate, but when I goto my domain I have to include https:// before the URL

So I've been messing around with Apache, and I bought a SSL certificate. I finally got it installed, but now when I goto my domain with the URL (leethecoder.com) I assume it's trying to use HTTP? And my server, of course, with a SSL certificate is not listening on port 80. But, if I include https:// before the URL (https://leethecoder.com), it works. Is there a way I can make the server force the basic URL (leethecoder.com) goto port 443?

This is my current

/sites-enabled/
configuration file.

LoadModule ssl_module modules/mod_ssl.so
Listen 443
<VirtualHost *:443>
ServerName www.leethecoder.com
ServerAlias www.leethecoder.com leethecoder.com
Options -Indexes
DocumentRoot /var/www/leethecoder.com/public_html/
SSLEngine on
SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
SSLCertificateKeyFile /etc/ssl/private/sslkey.key
SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
ErrorLog /var/www/leethecoder.com/logs/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Answer

IMO, this is "properly" (you're currently an A-, the below might help to get an A+):

<VirtualHost *:80>
  ServerName leethecoder.com
  ServerAlias *.leethecoder.com
  UseCanonicalName Off
  ErrorLog /var/www/leethecoder.com/logs/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  RedirectPermanent / https://leethecoder.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName www.leethecoder.com
  UseCanonicalName Off
  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLHonorCipherOrder on
  SSLCipherSuite "-ALL EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES"
  SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
  SSLCertificateKeyFile /etc/ssl/private/sslkey.key
  SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
  ErrorLog /var/www/leethecoder.com/logs/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  RedirectPermanent / https://leethecoder.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName leethecoder.com
  UseCanonicalName Off
  ErrorLog /var/www/leethecoder.com/logs/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
  DocumentRoot /var/www/leethecoder.com/public_html
  <Directory /var/www/leethecoder.com/public_html/>
    Allow From All
  </Directory>
  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLHonorCipherOrder on
  SSLCipherSuite "-ALL EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EDH+aRSA+AESGCM EECDH+ECDSA+AES EECDH+aRSA+AES EDH+aRSA+AES RSA+3DES"
  SSLCertificateFile /etc/ssl/leethecoder.com/leethecoder_com.crt
  SSLCertificateKeyFile /etc/ssl/private/sslkey.key
  SSLCertificateChainFile /etc/ssl/leethecoder.com/foobundle.ca-bundle
</VirtualHost>

This is, of course, assuming that your variables are valid, you prefer the https without the www, and that you're OK for your clients to use that cipher suite. Also, that you've enabled the site, and disabled any other conflicting sites.

Comments