So I have a web server running on my Arch Linux server. The document root for my server is the default '/srv/http' directory. My question is how can I force my website to use HTTPS / 443 encryption for my /wiki & /webmail paths? Generally when I go to my website the URL is as follows: www.iamghost.com (This is just the main site and runs on port 80) www.iamghost.com/wiki (This is just a folder under my docement root '/srv/http/wiki') www.iamghost.com/webmail (This too is just another folder under my document root '/srv/http/webmail') I would like to use my existing SSL certificates (self signed and generated with openssl) to force the 'wiki' & 'webmail' folders to run on port 443 rather than port 80. I don't know how to do this so I am posting my 'httpd.conf' file below so maybe someone can show or help me add the following entries to get this to work. My public and private SSL keys are stored in '/etc/ssl' and are already working for Postfix on the same server. Just to explain again, my main site www.iamghost.com is fine running on port 80 but when I click on the wiki or webmail links, I would like them to use SSL since logins are required for both. They're both just folders under my document root. My 'httpd.conf': Code: ServerRoot "/etc/httpd" Listen 80 LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_dbm_module modules/mod_authn_dbm.so LoadModule authn_anon_module modules/mod_authn_anon.so LoadModule authn_dbd_module modules/mod_authn_dbd.so LoadModule authn_default_module modules/mod_authn_default.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_dbm_module modules/mod_authz_dbm.so LoadModule authz_owner_module modules/mod_authz_owner.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so LoadModule authz_default_module modules/mod_authz_default.so LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule file_cache_module modules/mod_file_cache.so LoadModule cache_module modules/mod_cache.so LoadModule disk_cache_module modules/mod_disk_cache.so LoadModule mem_cache_module modules/mod_mem_cache.so LoadModule dbd_module modules/mod_dbd.so LoadModule dumpio_module modules/mod_dumpio.so LoadModule reqtimeout_module modules/mod_reqtimeout.so LoadModule ext_filter_module modules/mod_ext_filter.so LoadModule include_module modules/mod_include.so LoadModule filter_module modules/mod_filter.so LoadModule substitute_module modules/mod_substitute.so LoadModule deflate_module modules/mod_deflate.so LoadModule ldap_module modules/mod_ldap.so LoadModule log_config_module modules/mod_log_config.so LoadModule log_forensic_module modules/mod_log_forensic.so LoadModule logio_module modules/mod_logio.so LoadModule env_module modules/mod_env.so LoadModule mime_magic_module modules/mod_mime_magic.so LoadModule cern_meta_module modules/mod_cern_meta.so LoadModule expires_module modules/mod_expires.so LoadModule headers_module modules/mod_headers.so LoadModule ident_module modules/mod_ident.so LoadModule usertrack_module modules/mod_usertrack.so LoadModule unique_id_module modules/mod_unique_id.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule version_module modules/mod_version.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_scgi_module modules/mod_proxy_scgi.so LoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so LoadModule ssl_module modules/mod_ssl.so LoadModule mime_module modules/mod_mime.so LoadModule dav_module modules/mod_dav.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule asis_module modules/mod_asis.so LoadModule info_module modules/mod_info.so LoadModule suexec_module modules/mod_suexec.so LoadModule cgi_module modules/mod_cgi.so LoadModule cgid_module modules/mod_cgid.so LoadModule dav_fs_module modules/mod_dav_fs.so LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so LoadModule imagemap_module modules/mod_imagemap.so LoadModule actions_module modules/mod_actions.so LoadModule speling_module modules/mod_speling.so LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule php5_module modules/libphp5.so <IfModule !mpm_netware_module> <IfModule !mpm_winnt_module> User http Group http </IfModule> </IfModule> ServerAdmin [email protected] ServerName www.iamghost.com:80 DocumentRoot "/srv/http" <Directory /> Options FollowSymLinks AllowOverride None Order deny,allow Deny from all </Directory> <Directory "/srv/http"> Options Indexes FollowSymLinks Includes AllowOverride None Order allow,deny Allow from all </Directory> <IfModule dir_module> DirectoryIndex index.html </IfModule> <FilesMatch "^\.ht"> Order allow,deny Deny from all Satisfy All </FilesMatch> ErrorLog "/var/log/httpd/error_log" LogLevel warn <IfModule log_config_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module> # You need to enable mod_logio.c to use %I and %O LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio </IfModule> CustomLog "/var/log/httpd/access_log" common </IfModule> <IfModule alias_module> ScriptAlias /cgi-bin/ "/srv/http/cgi-bin/" </IfModule> <IfModule cgid_module> </IfModule> <Directory "/srv/http/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> DefaultType text/plain <IfModule mime_module> TypesConfig conf/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz </IfModule> Include conf/extra/httpd-multilang-errordoc.conf Include conf/extra/httpd-autoindex.conf Include conf/extra/httpd-languages.conf Include conf/extra/httpd-userdir.conf Include conf/extra/httpd-default.conf # Secure (SSL/TLS) connections #Include conf/extra/httpd-ssl.conf Include conf/extra/php5_module.conf # # Note: The following must must be present to support # starting without SSL on platforms with no /dev/random equivalent # but a statically compiled-in mod_ssl. # <IfModule ssl_module> SSLRandomSeed startup builtin SSLRandomSeed connect builtin </IfModule>
That looks like exactly what I need. Just to be clear on what I read, .htaccess file will only force https:// on specific pages and not prompt web surfers for a password, right?
It didn't work for me and I don't understand what I did wrong or missed. I went to the folder that I wish to force 'https' on and created the .htaccess file and in that file I have the following: Code: RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{REQUEST_URI} wiki RewriteRule ^(.*)$ https://www.iamghost.com/wiki/$1 [R,L] I restarted Apache and tried my site directly: https://www.iamghost.com/wiki Any clues on what I am doing wrong? I just thought about this but how does Apache even know where to look and find my SSL certificates? It seems like something's missing from that URL. I would expect that I would have to point Apache to the path of my SSL keys stored on the server. At no point have I done this or know where I need to do it. Thoughts?
Can you post the vhost configuration? Do you have Code: AllowOverride all in it? Instead of using an .htaccess file, you can put the directives directly in the vhost configuration.
I posted my current 'httpd.conf' file above and I didn't see any 'vhost' sections listed so I can only assume this is in a separate configuration file on my web server. If you look at my 'httpd.conf' I posted above, you can see that there are entries listed for '/srv/http' that have 'AllowOverride none'. Code: <[B]Directory "/srv/http"[/B]> Options Indexes FollowSymLinks Includes [B][COLOR="Red"]AllowOverride None[/COLOR][/B] Order allow,deny Allow from all </Directory> Do I need to change this and if so, which particular one in my httpd.conf do I need to adjust? Secondly, I found a configuration file called '/etc/httpd/conf/extra/httpd-vhosts.conf' and that file has the following: Code: # Virtual Hosts # # If you want to maintain multiple domains/hostnames on your # machine you can setup VirtualHost containers for them. Most configurations # use only name-based virtual hosts so the server doesn't need to worry about # IP addresses. This is indicated by the asterisks in the directives below. # # Please see the documentation at # <URL:http://httpd.apache.org/docs/2.2/vhosts/> # for further details before you try to setup virtual hosts. # # You may use the command line option '-S' to verify your virtual host # configuration. # # Use name-based virtual hosting. # NameVirtualHost *:80 # # VirtualHost example: # Almost any Apache directive may go into a VirtualHost container. # The first VirtualHost section is used for all requests that do not # match a ServerName or ServerAlias in any <VirtualHost> block. # <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/etc/httpd/docs/dummy-host.example.com" ServerName dummy-host.example.com ServerAlias www.dummy-host.example.com ErrorLog "/var/log/httpd/dummy-host.example.com-error_log" CustomLog "/var/log/httpd/dummy-host.example.com-access_log" common </VirtualHost> <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/etc/httpd/docs/dummy-host2.example.com" ServerName dummy-host2.example.com ErrorLog "/var/log/httpd/dummy-host2.example.com-error_log" CustomLog "/var/log/httpd/dummy-host2.example.com-access_log" common </VirtualHost> Do I copy any entries from the 'vhosts.conf' file into my 'httpd.conf' file or do I do all my alterations / editing in the 'vhosts.conf' file? Thanks for all your help!
The vhosts.conf is included in your httpd.conf, so you don't need to copy its contents to httpd.conf. If you've found the correct vhost configuration for your site, you can add Code: AllowOverride all to it and restart Apache.
Just to be clear, I have two "DIRECTORIES" in my 'httpd.conf' file and which specifically do I need to edit or do I edit them both? Code: DocumentRoot "/srv/http" <Directory /> Options FollowSymLinks AllowOverride All Order deny,allow Deny from all </Directory> <Directory "/srv/http"> Options Indexes FollowSymLinks Includes AllowOverride All Order allow,deny Allow from all </Directory> Is that how it should look above? This is still confusing for me because all my SSL settings are in '/etc/httpd/conf/extra/httpd-ssl.conf'. Nothing pertinent to my site is listed in '/etc/httpd/conf/extra/httpd-vhost.conf'. Do I need add / modify my 'vhost.conf' file? When I simply change the 'AllowOverride All' in my 'httpd.conf' file, it breaks the Wiki URL.
