[Solved] HTTP to HTTPS redirect not working with recommended wiki configuration
Added by cmorgenstern over 10 years ago
I'm trying to host a small personal site on my home server (Linux 3.16.1-1-ARCH i686 GNU/Linux) using Lighttpd (1.4.35 (ssl)). I have an SSL certificate from a certificate authority that is correctly installed and working, and covers the following domains: myname.com and www.myname.com
Naturally, I would like to redirect all incoming HTTP traffic to use the secured HTTPS version of the site (https://myname.com and https://www.myname.com). However, after adding the redirect instructions (HowToRedirectHttpToHttps) to my lighttpd.conf file, attempting to access the site using simply myname.com or www.myname.com fails because the browser tries to request the page in HTTP and the redirect to HTTPS does not kick in for some reason. Currently, the only way I can access my site is by going to the exact HTTPS address (https://myname.com or https://www.myname.com).
I have also tried using a specific URL to test redirecting the opening page of the site (right now it's just a "Hello world!" deal), but this was also unsuccessful. I have loaded mod_redirect in my server.modules line, and the only other thing I can think of that might be fouling things up is that I'm using a non-standard port (8080), but this should be properly accounted for through the server.port = 8080.
Here is my lighttpd.conf file with the HTTP to HTTPS redirect at the very bottom. Running lighttpd -t -f /path/to/lighttpd.conf shows syntax OK, and the lighttpd.service systemd file is loaded and running with no errors according to "systemctl status lighttpd".
# This is a minimal example config
# See /usr/share/doc/lighttpd
# and http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions
# Base Server Configuration
server.port = "8080"
server.bind = "localhost"
server.username = "http"
server.groupname = "http"
server.document-root = "/home/myname/www/myname.com/html"
server.errorlog = "/var/log/lighttpd/error.log"
server.modules = (
"mod_redirect",
"mod_alias",
"mod_setenv"
)
# Enable access of phpMyAdmin at myname.com/phpmyadmin
alias.url = ( "/phpmyadmin" => "/home/myname/www/myname.com/html/phpmyadmin/" )
dir-listing.activate = "enable"
# Log SSL debug messages
debug.log-ssl-noise = "enable"
index-file.names = ( "index.html" )
mimetype.assign = (
".html" => "text/html",
".txt" => "text/plain",
".css" => "text/css",
".js" => "application/x-javascript",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".gif" => "image/gif",
".png" => "image/png",
"" => "application/octet-stream"
)
# Included modules with configuration files in /etc/lighttpd/conf.d
include "/etc/lighttpd/conf.d/cgi.conf"
include "/etc/lighttpd/conf.d/fastcgi.conf"
# SSL Settings
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/myname_com.pem"
ssl.ca-file = "/etc/lighttpd/ssl/myname_com.ca-bundle"
server.name = "myname.com"
server.document-root = "/home/myname/www/myname.com/html"
ssl.use-sslv2 = "disable"
setenv.add-environment = ( "HTTPS" => "on" )
}
# Redirect all HTTP requests to HTTPS
$HTTP["scheme"] == "http" {
# capture vhost name with regex conditional -> %0 in redirect pattern
# must be the most inner block to the redirect rule
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
Any help would be appreciated. Thank you!
Replies (8)
RE: HTTP to HTTPS redirect not working with recommended wiki configuration - Added by stbuehler over 10 years ago
1. Your server is only reachable on port 443 right now, it doesn't respond on port 80 (timeout) or 8080 (rejects connection) at all; how could "http://myname.com" be working if you are not running on port 80? You'd need some kind of port forwarding/proxy, and it would be helpful to know.
2. The $HTTP["host"] =~ ".*" captures hostname + port - but usually the port isn't present. You'd need to exclude the port in the regular expression, perhaps something like "^([^:]*)(:[0-9]+)?$" with a redirect target of "https://%1$0" (which doesn't work with ipv6 adresses though).
RE: HTTP to HTTPS redirect not working with recommended wiki configuration - Added by patrickdk over 10 years ago
Your nonstandard port 8080 is the problem
The %0 contains the hostname plus port, so your redirecting to https://example.com:8080/
$HTTP["host"] =~ "^(.*):8080" {
url.redirect = (".*" => "https://%1$0")
RE: HTTP to HTTPS redirect not working with recommended wiki configuration - Added by cmorgenstern over 10 years ago
1. Your server is only reachable on port 443 right now, it doesn't respond on port 80 (timeout) or 8080 (rejects connection) at all; how could "http://myname.com" be working if you are not running on port 80? You'd need some kind of port forwarding/proxy, and it would be helpful to know.
I don't think I said that it was accessible via "http://myname.com". On the contrary, I said that it was only accessible using https in the address.
I attempted both work-arounds for excluding the port from the expression (as suggested by stbuehler) and also setting the host to $HTTP["host"] =~ "^(.*):8080" (as suggested by patrickdk), but neither result seems to be working when I attempt to access the site without explicitly specifying https in the address.
I'll have to take a closer look at it tomorrow and do some more troubleshooting, but thank you very much for your suggestions so far. I think I'm getting close to solving this thanks to your help.
RE: HTTP to HTTPS redirect not working with recommended wiki configuration - Added by stbuehler over 10 years ago
I didn't say it was working; I asked rhetorically how it could be working - as far as you described your setup it seems unlikely it can.
I asked for proxy/portforwarding details, and you didn't give any - so I'm assuming there is none.
Change the server.port to 80, as otherwise it CANNOT work (you need to handle http on port 80 to get "http://myname.com" working).
If another webserver is already running on port 80... I'd say use another box to run your thing on.
RE: HTTP to HTTPS redirect not working with recommended wiki configuration - Added by cmorgenstern over 10 years ago
Ah, I see what you mean. My apologies.
On closer inspection, it appears that my ISP is being jerky about which ports I can open or not. Both port 80 and port 8080 appear listed as "filtered" (when scanned using nmap) after being correctly forwarded through my router. I guess the problem lies not with lighttpd, but with my ISP. Attempts to use an alternate port have also been stymied (attempts to forward an alternate port merely cause it to be listed as filtered).
In short, Comcast is a crappy ISP.
RE: HTTP to HTTPS redirect not working with recommended wiki configuration - Added by patrickdk over 10 years ago
How is this comcasts fault?
Using port 80 and 8080 works great for me on comcast.
Now if you payed for the residentual plan, that says in it's terms of service, you are not allowed to run servers, and a webserver is a server, then your breaking your contract you signed, and yes, they should block you.
RE: HTTP to HTTPS redirect not working with recommended wiki configuration - Added by cmorgenstern over 10 years ago
Yes, thank you, I am very much aware of that. Which is why I am only building and testing a small personal website that I will probably only unveil to the world at large after migrating it to a different server so that I am not in violation of Comcast's AUP.
Besides, I telephoned Comcast and confirmed that they were not blocking the ports, so it appears my router is not doing the job required to adequately forward them. Might install DD-WRT to see if I can regain some control.
Anyway, thank you for your assistance nonetheless.
RE: [Solved] HTTP to HTTPS redirect not working with recommended wiki configuration - Added by gstrauss about 8 years ago
tldr: problem with residential service from ISP, not a problem with lighttpd.