Erreur de redirection Apache, ISPConfig3 et https sur http
J'ai un problème curieux. Puisque mon serveur n'a pas de certificat SSL, et je veux éviter un avertissement laids "Ce site est insécurisé", j'ai décidé de rediriger https sur http.
J'ai mon site, disons donc
Quand je fais
Il redirige
Comment conçu, mais quand je fais
Je ne reçois pas de redirection et mon navigateur me dit que le site Web est dangereux.
TL; DR:
je veux
j'ai
Voici mon default-ssl.vhost
Et le mien vhost pour le site
Je ne peux tout simplement pas comprendre pourquoi j'ai un tel comportement et c'est fou. Des dossiers vhost - Ce sont des fichiers par défaut. ISPConfig, légèrement changé pour rediriger et changer Documentroot Correspondre à la structure MVC Site Internet.
J'ai mon site, disons donc
mywebsite.com
Quand je fais
[url=https://www.mywebsite.com]https://www.mywebsite.com[/url]
Il redirige
[url=http://mywebsite.com]http://mywebsite.com[/url]
Comment conçu, mais quand je fais
[url=https://mywebsite.com]https://mywebsite.com[/url]
Je ne reçois pas de redirection et mon navigateur me dit que le site Web est dangereux.
TL; DR:
je veux
https://*mywebsite.com to redirect to http://*mywebsite.com
j'ai
[url=https://mywebsite.com]https://mywebsite.com[/url] not redirecting
[url=https://www.mywebsite.com]https://www.mywebsite.com[/url] redirecting to [url=http://mywebsite.com]http://mywebsite.com[/url]
Voici mon default-ssl.vhost
<ifmodule mod_ssl.c="">
<virtualhost *:443="">
ServerAdmin webmaster@localhost
DocumentRoot /
<directory></directory>
Options FollowSymLinks
AllowOverride None
<directory var="" www=""></directory>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<directory "="" cgi-bin"="" lib="" usr="">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<directory "="" doc="" share="" usr="">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</directory>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
# SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
# SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SSLCertificateFile /etc/ssl/certs/******.******.com.crt
SSLCertificateKeyFile /etc/ssl/private/*******.******.com.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<location></location>
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<filesmatch "\.(cgi|shtml|phtml|php)$"="">
SSLOptions +StdEnvVars
</filesmatch>
<directory cgi-bin="" lib="" usr="">
SSLOptions +StdEnvVars
</directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) {HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
</virtualhost>
</ifmodule>
Et le mien vhost pour le site
<directory mywebsite.com="" var="" www="">
AllowOverride None
Order Deny,Allow
Deny from all
</directory>
<virtualhost *:80="">
DocumentRoot /var/www/mywebsite.com/web
ServerName mywebsite.com
ServerAlias www.mywebsite.com
ServerAdmin webmaster@mywebsite.com
ErrorLog /var/log/ispconfig/httpd/mywebsite.com/error.log
ErrorDocument 400 /error/400.html
ErrorDocument 401 /error/401.html
ErrorDocument 403 /error/403.html
ErrorDocument 404 /error/404.html
ErrorDocument 405 /error/405.html
ErrorDocument 500 /error/500.html
ErrorDocument 503 /error/503.html
<directory mywebsite.com="" var="" web="" www="">
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</directory>
<directory client0="" clients="" var="" web="" web6="" www="">
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</directory>
# Clear PHP settings of this website
<filesmatch "\.ph(p3?|tml)$"="">
SetHandler None
</filesmatch>
# php as fast-cgi enabled
<ifmodule mod_fcgid.c="">
# SocketPath /tmp/fcgid_sock/
# IdleTimeout n (3600 seconds)
# An idle fastcgi application will be terminated after IdleTimeout seconds.
IdleTimeout 3600
# ProcessLifeTime n (7200 seconds)
# A fastcgi application will be terminated if lifetime expired, even no error is detected.
ProcessLifeTime 7200
# MaxProcessCount n (1000)
# The max count of total fastcgi process count.
# MaxProcessCount 1000
# DefaultMinClassProcessCount n (3)
# The minimum number of fastcgi application instances for any one fastcgi application.
# Idle fastcgi will not be killed if their count is less than n
# Set this to 0, and tweak IdleTimeout
DefaultMinClassProcessCount 0
# DefaultMaxClassProcessCount n (100)
# The maximum number of fastcgi application instances allowed to run for
# particular one fastcgi application.
DefaultMaxClassProcessCount 100
# IPCConnectTimeout n (3 seconds)
# The connect timeout to a fastcgi application.
IPCConnectTimeout 8
# IPCCommTimeout n (20 seconds)
# The communication timeout to a fastcgi application. Please increase this
# value if your CGI have a slow initialization or slow respond.
IPCCommTimeout 360
# BusyTimeout n (300 seconds)
# A fastcgi application will be terminated if handing a single request
# longer than busy timeout.
BusyTimeout 300
</ifmodule>
<directory mywebsite.com="" var="" web="" www="">
AddHandler fcgid-script .php .php3 .php4 .php5
FCGIWrapper /var/www/php-fcgi-scripts/web6/.php-fcgi-starter .php
Options +ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</directory>
<directory client0="" clients="" var="" web="" web6="" www="">
AddHandler fcgid-script .php .php3 .php4 .php5
FCGIWrapper /var/www/php-fcgi-scripts/web6/.php-fcgi-starter .php
Options +ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</directory>
# add support for apache mpm_itk
<ifmodule mpm_itk_module="">
AssignUserId web6 client0
</ifmodule>
<ifmodule mod_dav_fs.c="">
# DO NOT REMOVE THE COMMENTS!
# IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
# WEBDAV BEGIN
# WEBDAV END
</ifmodule>
DocumentRoot /var/www/mywebsite.com/web/public
SetEnv APPLICATION_ENV development
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^/(.*)$ $1 [R=301,L]
</virtualhost>
Je ne peux tout simplement pas comprendre pourquoi j'ai un tel comportement et c'est fou. Des dossiers vhost - Ce sont des fichiers par défaut. ISPConfig, légèrement changé pour rediriger et changer Documentroot Correspondre à la structure MVC Site Internet.
Aucun résultat connexe trouvé
Invité:
Pour répondre aux questions, connectez-vous ou registre
1 réponses
Blanche
Confirmation de:
après
Coordination SSL. Si vous ne cliquez pas sur OK lorsque l'avertissement apparaît, le navigateur n'établira pas la connexion et ne recevra donc pas de redirection.