logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: 2.2 -> 2.4: rewrite don't work right anymore / Zert- prob
Author
M*I*B



Joined: 04 Dec 2019
Posts: 3
Location: DE, Meissendorf

PostPosted: Wed 04 Dec '19 9:39    Post subject: 2.2 -> 2.4: rewrite don't work right anymore / Zert- prob Reply with quote

Good morning from germany...

and at 1st excuse my ugly english pls.

After about 20 years I switched with my VPS from one supplier to another provider. On the occasion, I have also installed the latest versions. This includes ...

Apache 2.4.41 x64
PHP 7.3.12 x64
MariaDB 10.4.10 x64
hMailServer 5.6.8

All is running under "Windows Server 2016 Datacenter"


Current problems number one:

On Apache 2.2, I've always used such a design in vHost to redirect from HTTP to HTTPS like this:

Code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https:/%{HTTP_HOST}$1 [NC,R=301,L]


Now on Apache 2.4 this rule runs against the wall and generates an infinite loop (enter i.e. "mydomain.de" results in "mydomain.dehttps://mydomain.dehttps://mydomain.dehttps://mydomain.dehttps://mydomain.de .... endless) or a BAD_REQUEST. However, if I call the page directly with https: // blablub, everything works fine. However, there is nothing in the logfiles; for the Apache that seems to be perfectly ok?!?

Another rule distinguishes whether the client called the domain or the subdomain mail. The previously worked in this way under Apache 2.2:

Code:
<VirtualHost ... for the side>
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^mail\. [NC]
RewriteRule ^(.*)$ https:/%{HTTP_HOST}$1 [NC,R=301,L]
... blablub ...
<VirtualHost ... for the webmail>
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^mail\. [NC]
RewriteRule (.*) https:/%{HTTP_HOST}$1 [NC,R=301,L]



QUESTION:
What I'm doing wrong? Where are the differences to Apache 2.2? How to fix that?


Current problem number two:

Another problem is that (not always) Apache uses a wrong certificate. When I call Domain1, Apache delivers the certificate from Domain2 to the browser ... or not. That seems to happen by random. At first I thought I had exchanged the Zerts, but that's not the case. The Zerts are integrated in each vHost like this:

Code:
SSLCertificateKeyFile "C: / ... path ... / domain-x / .well-known / private.key"
SSLCertificateFile "C: / ... path ... / domain-x / .well-known / certificate.crt"
SSLCertificateChainFile "C: / ... path ... / domain-x / .well-known / ca_bundle.crt"



There is also an error message in the log, which I can not interpret because of lack of knowledge:

Quote:
[ssl: warn] [pid 6780: tid 552] AH01909: domain-x.de:443:0 server certificate does not include ID to which matches the server name



What do that mean? How can I just bend that? I never had this problem with the Apache 2.2 ...
Back to top
M*I*B



Joined: 04 Dec 2019
Posts: 3
Location: DE, Meissendorf

PostPosted: Wed 04 Dec '19 11:53    Post subject: Reply with quote

UPDATE about SSL:

Input in the browser:

http://domain_1.de -> https://domain_2.de//error/HTTP_BAD_REQUEST.html.var
? Why does it redirect to another vHost in case of an error, which means that also the certificate does not match the URL anymore?
And why Apache try to open the MultiLanguage thing? I haven't activate that!

I also built a completely different VirtualHost, but that does not change the behavior:

Code:
<VirtualHost domain_1.de>
   <IfModule ssl_module>
      SSLEngine on
      SSLCertificateKeyFile "C:/...pfad.../domain_1/.well-known/domain_1.key"
      SSLCertificateFile "C:/...pfad.../domain_1/.well-known/domain_1.crt"
      SSLCertificateChainFile "C:/...pfad.../domain_1/.well-known/domain_1_ca.crt"
      SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
      <IfModule rewrite_module>
         RewriteEngine On
#         RewriteCond %{HTTPS} off
#         RewriteRule (.*) https:/domain_1.de$1 [NC,R=301,L]
         RewriteCond %{SERVER_PORT} !=443
         RewriteRule ^(.*)$ https://domain_1.de/$1 [R=301,L]
      </IfModule>
   </IfModule>

   ServerAdmin administrator@domain_1.de
   DocumentRoot "C:/...pfad.../domain_1"
   ServerName   domain_1.de
   ServerAlias   www.domain_1.de
   ErrorLog "C:/...pfad.../apache/err domain_1.log"
   CustomLog "C:/...pfad.../apache/acc domain_1.log" combined
</VirtualHost>
Back to top
Jan-E



Joined: 09 Mar 2012
Posts: 1248
Location: Amsterdam, NL, EU

PostPosted: Wed 11 Dec '19 7:11    Post subject: Re: 2.2 -> 2.4: rewrite don't work right anymore / Zert- Reply with quote

M*I*B wrote:
On Apache 2.2, I've always used such a design in vHost to redirect from HTTP to HTTPS like this:

Code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https:/%{HTTP_HOST}$1 [NC,R=301,L]

You are missing a forward slash. Try
Code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}$1 [NC,R=301,L]
Back to top
M*I*B



Joined: 04 Dec 2019
Posts: 3
Location: DE, Meissendorf

PostPosted: Wed 11 Dec '19 17:55    Post subject: Reply with quote

Hi Jan,

you are right. I have take a look into the backup and in one of the v-hosts there exist is this typo. All other are correct. Just a bad deal picking up this one for posting here Rolling Eyes

But meanwhile I have kill the whole Apache- stuff and use an other webserver right now. After arround 17 years of using Apache it's time for an other solution...

Ty a lot...

Topic can be closed
Back to top


Reply to topic   Topic: 2.2 -> 2.4: rewrite don't work right anymore / Zert- prob View previous topic :: View next topic
Post new topic   Forum Index -> Apache