7

This is essentially the same question as htaccess force https and redirect www to non-www, but no other subdomains (i.e., I want to configure Apache to redirect all non-HTTPS and/or "www" URLs to HTTPS non-www URLs), but I want to configure Apache via a Virtual Host rather than an .htaccess file (since I read that avoiding .htaccess has some benefits).

I was able to get the following answer to work when using an .htaccess file: https://stackoverflow.com/a/34333450/1468130 But it did not work when I tried transferring that answer's configuration to my Virtual Hosts configuration; "https://www.domain.com" never redirected to "https://domain.com".

I read up on the differences between .htaccess and Virtual Host .conf files, and found this http://tltech.com/info/rewriterule-in-htaccess-vs-httpd-conf/ and this: https://www.digitalocean.com/community/questions/can-you-use-virtual-host-config-conf-to-redirect-www-domain-to-non-www?answer=15129 which seemed to hint that I could just wrap the configuration in a <Directory> block and it would work. Unfortunately, it doesn't ("https://www.domain.com" is still never redirected to "https://domain.com"), so I'm wondering if the Internet knew what I was doing wrong:

<VirtualHost *:80>
        ServerName domain.com
        ServerAlias www.domain.com

        ServerAdmin admin@domain.com
        DocumentRoot /var/www/domain.com/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        <Directory /var/www/domain.com/>
                RewriteEngine On

                # match any URL with www and rewrite it to https without the www
                RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
                RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]

                # match urls that are non https (without the www)
                RewriteCond %{HTTPS} off
                RewriteCond %{HTTP_HOST} !^(www\.)(.*) [NC]
                RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
        </Directory>
</VirtualHost>

I've also tried configuring <VirtualHost *:443> as Dusan Bajic suggested in the comments, but that has no effect either; https://www.domain.com still won't redirect to https://domain.com:

<VirtualHost *:443>
        ServerName domain.com
        ServerAlias www.domain.com

        ServerAdmin admin@domain.com
        DocumentRoot /var/www/domain.com/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLCertificateFile /etc/letsencrypt/live/domain.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateChainFile /etc/letsencrypt/live/domain.com/chain.pem

        <Directory /var/www/domain.com/>
                RewriteEngine On

                # match any URL with www and rewrite it to https without the www
                RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
                RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]
        </Directory>
</VirtualHost>

Also per the comments, I have tried the above *:443 configuration paired with a *:80 configuration with the <Directory> block changed to only redirect HTTP to HTTPS. But when I do that, "www" never gets removed.

<Directory /var/www/paradoxmayhem.com/>
        RewriteEngine On

        RewriteCond %{SERVER_NAME} =www.paradoxmayhem.com [OR]
        RewriteCond %{SERVER_NAME} =paradoxmayhem.com
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</Directory>
Community
  • 1
  • 1
Jackson
  • 9,188
  • 6
  • 52
  • 77
  • At first glance. it looks like there is nothing `.htaccess` specific in your rules and they should work fine if you move them out of `` – Dusan Bajic Sep 03 '16 at 06:58
  • Oh. `` obviously has no effect on `https://` requests, you have to put the rules (in fact only the first `www`->`non-www` rule) in – Dusan Bajic Sep 03 '16 at 07:05
  • Good point, I tried configuring `` (and added my config to the post), but it still won't redirect from `https://www.domain.com` to `https://domain.com`. – Jackson Sep 03 '16 at 15:37
  • Don't ever use 301 while testing or you will be cached and lose track on whether its working as expected or not. Use 302 until u get it right then change to 301. Try clearing your cache and remove rules and check your browser with firebug or some developer tool to ensure its not redirecting, then add the rules 1 by 1, ensure rule 1 is working if so add next one. Confirm everything is wrong than change to 301. If you are configuring directly on the Virtualhost then yes on the 443 u just need to redirect from www to non-www, – Prix Sep 03 '16 at 16:53
  • and on the 80 you could simple redirect to https without messing with www/non-www – Prix Sep 03 '16 at 16:53
  • I've had my cache disabled throughout this entire endeavor. Also, I tried just redirecting 80 to https w/o rewriting www to non-www (see edit), but that resulted in www never being rewritten. It's as if the `*:443` config is always ignored... – Jackson Sep 03 '16 at 17:46

1 Answers1

10

Got it! Apparently, when I used letsencrypt (certbot) to configure SSL, it automatically created another virtual host file (at /etc/apache2/sites-enabled/domain.com-le-ssl.conf), which has its own definition for the domain.com *:443 Virtual Host, and seems to have taken precedence over any of the *:443 configuration I tried to set up before. I added the following code to the -le-ssl.conf file, and now my redirects finally work in all the cases I desired, using 100% Apache Virtual Host configuration:

<Directory /var/www/domain.com/>
        RewriteEngine On

        # match any URL with www and rewrite it to https without the www
        RewriteCond %{HTTP_HOST} ^(www\.)(.*) [NC]
        RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]
</Directory>
Jackson
  • 9,188
  • 6
  • 52
  • 77
  • 2
    ha! I had the most bizarre issue with letsencrypt mucking with the domain.com-le-ssl.conf (it put an entry in for port 80??) which was making ONE SUBDOMAIN ROUTE (out of many sites and domains) hosted on same ip address not be redirected to https. Your issue/answer gave me a hint/nudge in the right direction. Thank you! – Skyguard May 31 '18 at 21:34