Apache Directives applied only to virtualhost *:443

Discussion in 'Installation/Configuration' started by Gia, Nov 29, 2016.

  1. Gia

    Gia New Member

    I'm using ISPConfig 3.1.1 on an Ubuntu 14.04 server.
    I'm using ProxyPass to set up a domain that will be served by another server on the same network. This server will host a WordPress site that uses both http and https.

    These are the directives I am using in the Apache Directives box in Options panel of the Web Domain in ISPConfig:
    RequestHeader set X-Forwarded-Proto "https"
    ProxyPreserveHost On
    ProxyPass / address to my server:80
    ProxyPassReverse / address to my server:80

    The directives get inserted in both <VirtualHost *:80> and <VirtualHost *:443> sections, while I need the first directive (RequestHeader set X-Forwarded-Proto "https") to be inserted only in the <VirtualHost *:443> section.

    Do you have any suggestion on how to achieve this directly from the Apache Directives box in Options panel, avoiding to manually edit the generated vhost file in sites-enabled?
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    There is currently no way to limit a directive to the ssl vhost only.
  3. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    You can test with <If>, eg. against the port number or whether https is in use. The same directives will be put into both vhost conifg's, but will be ignored in one or the other. Eg. I use this in places via apache config snippet:
    <If "%{HTTPS} == 'on'">
        <IfModule mod_headers.c>
            Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
            Header always set Content-Security-Policy: upgrade-insecure-requests
  4. Gia

    Gia New Member

    Thank you guys, it looks like Jesse's solution works perfectly!
    These are my new Apache Directives:

    <If "%{HTTPS} == 'on'">
    RequestHeader set X-Forwarded-Proto "https"
    ProxyPreserveHost On
    ProxyPass / http://server-ip-address:80/
    ProxyPassReverse / http://server-ip-address:80/

Share This Page