Apache2: How to host apps at different ports with SSL?

Question

I'm trying to achieve quite simple task actually.

I bind application to a port, I enable SSLEngine at each VirtualHost entry for that port. Everything works beside one thing: if you type url that starts with HTTP://, not HTTPS://, you get the Bad Request error hinting you to use HTTPS:// request scheme. So the real question is how to redirect (302) from http://sub.domain.tld:4000/ to https://sub.domain.tld:4000?

Example seen there: http://isil.monsternett.no:8443

Thanks.

Edit:

Maybe I'm making mistake in core structure? This is what I use:

Listen 4000
NameVirtualHost 0.0.0.0:4000


<VirtualHost 0.0.0.0:4000>
    RewriteEngine On
    ...
</VirtualHost>


Listen 4001
NameVirtualHost 0.0.0.0:4001

<VirtualHost 0.0.0.0:4001>
    RewriteEngine On
    ...
</VirtualHost>


Listen N
NameVirtualHost 0.0.0.0:N


<VirtualHost 0.0.0.0:N>
    RewriteEngine On
    ...
</VirtualHost>

score 1 · Accepted Answer · edited Apr 13 '17 at 12:33

1

Apache Httpd, like most servers, doesn't support using the same port for two different protocols (HTTP and SSL/TLS here).

Doing so would require the server to be able to detect the protocol based on the content of the initial request: whether it's looks like an HTTP request or if it's an SSL/TLS Client Hello message. Some servers can do this (e.g. Grizzly in Java), but this is very unusual. Apache Httpd doesn't support this.

(As a side note, you'd be better off making sure that your users expect to use HTTPS anyway, since HTTP -> HTTPS redirections are only partly useful anyway.)

edited Apr 13 '17 at 12:33

Community

1

answered May 28 '12 at 10:31

Bruno

901
8
16

Thank you. Yes, the issue is very much like esthetic. Thank you for comprehensive answer. – Aleksandr Makov May 28 '12 at 13:37

score 0 · Answer 2 · edited May 15 '13 at 12:12

If your web page is hosted on port 9001, just enable any port on your linux box and make these changes in /etc/httpd/conf.d/ssl.conf. Then, set your listen port to 9002 and create your SSL certificate and key and put the following configuration in your httpd.conf file:

Listen 9001
<VirtualHost *:9001>
ServerAdmin root@localhost
DocumentRoot /mnt/work/httpd
<Directory "/mnt/work/httpd">
Options FollowSymLinks
 AllowOverride AuthConfig
</Directory>
  SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateKeyFile /etc/httpd/www.test.example.com.key
SSLCertificateFile /etc/httpd/www.test.example.com.crt
RewriteCond %{HTTPS} off
RewriteRule (.*) https://www.test.example.com:9002%{REQUEST_URI}

And your .htaccess file should look like this:

AuthType Digest
AuthName "realm"
AuthDigestProvider file
AuthGroupFile /dev/null
AuthUserFile /mnt/work/httpd/digest_auth
Require user username

Apache2: How to host apps at different ports with SSL?

2 Answers2