Page 1 of 3

[SOLVED] Forcing SSL over https

Posted: 2012/01/20 07:45:32
by DarkSnake-Kobra
[Moderator edit: Fix two typos in Subject. Was: "Forrcing SSL over httpq"]
I'm trying to redirect users so that when they visit my site over http they are redirected to https. However, I got SSL working I just can't get it to force it. I'll get a bad request error.

[quote]Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Hint: https://cyberstealthlabs.org/
Apache/2.2.15 (CentOS) Server at cyberstealthlabs.org Port 443[/quote]

Information for general problems.
[code]
== BEGIN uname -rmi ==
2.6.32-220.2.1.el6.i686 i686 i386
== END uname -rmi ==

== BEGIN rpm -qa \*-release\* ==
centos-release-6-2.el6.centos.7.i686
rpmforge-release-0.5.2-2.el6.rf.i686
epel-release-6-5.noarch
== END rpm -qa \*-release\* ==

== BEGIN cat /etc/redhat-release ==
CentOS release 6.2 (Final)
== END cat /etc/redhat-release ==

== BEGIN getenforce ==
Disabled
== END getenforce ==

== BEGIN free -m ==
total used free shared buffers cached
Mem: 1250 391 858 0 60 231
-/+ buffers/cache: 99 1150
Swap: 9999 0 9999
== END free -m ==

== BEGIN rpm -qa yum\* rpm-\* python | sort ==
python-2.6.6-29.el6.i686
rpm-build-4.8.0-19.el6.i686
rpm-libs-4.8.0-19.el6.i686
rpm-python-4.8.0-19.el6.i686
yum-3.2.29-22.el6.centos.noarch
yum-metadata-parser-1.1.2-16.el6.i686
yum-plugin-fastestmirror-1.1.30-10.el6.noarch
yum-plugin-priorities-1.1.30-10.el6.noarch
yum-plugin-security-1.1.30-10.el6.noarch
yum-utils-1.1.30-10.el6.noarch
== END rpm -qa yum\* rpm-\* python | sort ==

== BEGIN ls /etc/yum.repos.d ==
CentOS-Base.repo
CentOS-Debuginfo.repo
CentOS-Media.repo
epel.repo
epel-testing.repo
mirrors-rpmforge
mirrors-rpmforge-extras
mirrors-rpmforge-testing
rpmforge.repo
== END ls /etc/yum.repos.d ==

== BEGIN cat /etc/yum.conf ==
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=16&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release

# This is the default, if you make this bigger yum won't see if the metadata
# is newer on the remote and so you'll "gain" the bandwidth of not having to
# download the new metadata and "pay" for it by yum not having correct
# information.
# It is esp. important, to have correct metadata, for distributions like
# Fedora which don't keep old packages around. If you don't like this checking
# interupting your command line usage, it's much better to have something
# manually check the metadata once an hour (yum-updatesd will do this).
# metadata_expire=90m

# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d
== END cat /etc/yum.conf ==

== BEGIN yum repolist all ==
Loaded plugins: fastestmirror, priorities, security
Loading mirror speeds from cached hostfile
* base: mirror.ubiquityservers.com
* epel: mirrors.servercentral.net
* extras: mirror.spro.net
* rpmforge: apt.sw.be
* updates: mirror.team-cymru.org
repo id repo name status
base CentOS-6 - Base enabled: 4,764
c6-media CentOS-6 - Media disabled
centosplus CentOS-6 - Plus disabled
contrib CentOS-6 - Contrib disabled
debug CentOS-6 - Debuginfo disabled
epel Extra Packages for Enterprise Linux 6 - i3 enabled: 5,613
epel-debuginfo Extra Packages for Enterprise Linux 6 - i3 disabled
epel-source Extra Packages for Enterprise Linux 6 - i3 disabled
epel-testing Extra Packages for Enterprise Linux 6 - Te disabled
epel-testing-debuginfo Extra Packages for Enterprise Linux 6 - Te disabled
epel-testing-source Extra Packages for Enterprise Linux 6 - Te disabled
extras CentOS-6 - Extras enabled: 3
rpmforge RHEL 6 - RPMforge.net - dag enabled: 4,142
rpmforge-extras RHEL 6 - RPMforge.net - extras disabled
rpmforge-testing RHEL 6 - RPMforge.net - testing disabled
updates CentOS-6 - Updates enabled: 162
repolist: 14,684
== END yum repolist all ==

== BEGIN egrep 'include|exclude' /etc/yum.repos.d/*.repo ==
== END egrep 'include|exclude' /etc/yum.repos.d/*.repo ==

== BEGIN sed -n -e "/^\[/h; /priority *=/{ G; s/\n/ /; s/ity=/ity = /; p }" /etc/yum.repos.d/*.repo | sort -k3n ==
== END sed -n -e "/^\[/h; /priority *=/{ G; s/\n/ /; s/ity=/ity = /; p }" /etc/yum.repos.d/*.repo | sort -k3n ==

== BEGIN cat /etc/fstab ==

#
# /etc/fstab
# Created by anaconda on Thu Jan 19 13:35:59 2012
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
UUID=f7c81bdd-96ec-4f33-8e63-9b813d66b887 / ext4 defaults 1 1
UUID=084a3928-f588-4a8c-bb93-58b0674cc074 /boot ext4 defaults 1 2
UUID=ce3d4b12-37b0-4bba-a3ee-1ccdd7e0f943 swap swap defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
== END cat /etc/fstab ==

== BEGIN df -h ==
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 27G 2.3G 24G 9% /
tmpfs 626M 0 626M 0% /dev/shm
/dev/sda1 194M 45M 139M 25% /boot
== END df -h ==

== BEGIN fdisk -l ==

Disk /dev/sda: 40.0 GB, 40000000000 bytes
255 heads, 63 sectors/track, 4863 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0003a68d

Device Boot Start End Blocks Id System
/dev/sda1 * 1 26 204800 83 Linux
Partition 1 does not end on cylinder boundary.
/dev/sda2 26 1301 10240000 82 Linux swap / Solaris
/dev/sda3 1301 4863 28615680 83 Linux
== END fdisk -l ==

== BEGIN blkid ==
/dev/sda1: UUID="084a3928-f588-4a8c-bb93-58b0674cc074" TYPE="ext4"
/dev/sda2: UUID="ce3d4b12-37b0-4bba-a3ee-1ccdd7e0f943" TYPE="swap"
/dev/sda3: UUID="f7c81bdd-96ec-4f33-8e63-9b813d66b887" TYPE="ext4"
== END blkid ==

== BEGIN cat /proc/mdstat ==
Personalities :
unused devices: <none>
== END cat /proc/mdstat ==

== BEGIN pvs ==
== END pvs ==

== BEGIN vgs ==
No volume groups found
== END vgs ==

== BEGIN lvs ==
No volume groups found
== END lvs ==

== BEGIN rpm -qa kernel\* | sort ==
kernel-2.6.32-220.2.1.el6.i686
kernel-2.6.32-220.el6.i686
kernel-devel-2.6.32-220.2.1.el6.i686
kernel-firmware-2.6.32-220.2.1.el6.noarch
kernel-headers-2.6.32-220.2.1.el6.i686
== END rpm -qa kernel\* | sort ==

== BEGIN lspci -nn ==
00:00.0 Host bridge [0600]: Intel Corporation 82845G/GL[Brookdale-G]/GE/PE DRAM Controller/Host-Hub Interface [8086:2560] (rev 01)
00:02.0 VGA compatible controller [0300]: Intel Corporation 82845G/GL[Brookdale-G]/GE Chipset Integrated Graphics Device [8086:2562] (rev 01)
00:1d.0 USB controller [0c03]: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #1 [8086:24c2] (rev 01)
00:1d.1 USB controller [0c03]: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #2 [8086:24c4] (rev 01)
00:1d.2 USB controller [0c03]: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #3 [8086:24c7] (rev 01)
00:1d.7 USB controller [0c03]: Intel Corporation 82801DB/DBM (ICH4/ICH4-M) USB2 EHCI Controller [8086:24cd] (rev 01)
00:1e.0 PCI bridge [0604]: Intel Corporation 82801 PCI Bridge [8086:244e] (rev 81)
00:1f.0 ISA bridge [0601]: Intel Corporation 82801DB/DBL (ICH4/ICH4-L) LPC Interface Bridge [8086:24c0] (rev 01)
00:1f.1 IDE interface [0101]: Intel Corporation 82801DB (ICH4) IDE Controller [8086:24cb] (rev 01)
00:1f.3 SMBus [0c05]: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) SMBus Controller [8086:24c3] (rev 01)
00:1f.5 Multimedia audio controller [0401]: Intel Corporation 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) AC'97 Audio Controller [8086:24c5] (rev 01)
01:05.0 Modem [0703]: Intel Corporation FA82537EP 56K V.92 Data/Fax Modem PCI [8086:1080] (rev 04)
01:09.0 Ethernet controller [0200]: Broadcom Corporation BCM4401 100Base-T [14e4:4401] (rev 01)
== END lspci -nn ==

== BEGIN lsusb ==
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
== END lsusb ==

== BEGIN rpm -qa kmod\* kmdl\* ==
== END rpm -qa kmod\* kmdl\* ==

== BEGIN ifconfig -a ==
eth0 Link encap:Ethernet HWaddr 00:0F:1F:5B:EE:A9
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20f:1fff:fe5b:eea9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:78621 errors:0 dropped:0 overruns:0 frame:0
TX packets:82209 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:22641297 (21.5 MiB) TX bytes:36888563 (35.1 MiB)
Interrupt:17

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2028 errors:0 dropped:0 overruns:0 frame:0
TX packets:2028 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:85424 (83.4 KiB) TX bytes:85424 (83.4 KiB)

== END ifconfig -a ==

== BEGIN brctl show ==
bridge name bridge id STP enabled interfaces
== END brctl show ==

== BEGIN route -n ==
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.1.44 0.0.0.0 UG 0 0 0 eth0
== END route -n ==

== BEGIN cat /etc/resolv.conf ==
; generated by /sbin/dhclient-script
nameserver 192.168.1.44
== END cat /etc/resolv.conf ==

== BEGIN grep net /etc/nsswitch.conf ==
#networks: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
netmasks: files
networks: files
netgroup: nisplus
== END grep net /etc/nsswitch.conf ==

== BEGIN chkconfig --list | grep -Ei 'network|wpa' ==
matahari-network 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
== END chkconfig --list | grep -Ei 'network|wpa' ==

[/code]

Re: Forcing SSL over https

Posted: 2012/01/20 09:40:01
by TrevorH
You don't say what you have tried to make this work? From the error it looks like you've just put in a redirect of port 80 to 443 using something like iptables and this will not work. The way that I've done this in the past is with a mod_rewrite rule that sends a redirect back to the client.

Re: Forcing SSL over https

Posted: 2012/01/21 00:13:54
by DarkSnake-Kobra
Sorry this was early in the morning I posted this and I was frustrated. Let me see if I can explain this right. I don't know much about SSL and tried following this [url=http://wiki.centos.org/HowTos/Https]guide[/url] and selecting the self created cert\keys with webmin under a new virtualhost which didn't work. I then followed this [url=http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-httpd-secure-server.html]guide[/url] for running genkey and which Apache was able to detect it and loaded it upon start.

This is the [url=http://www.howtoforge.com/perfect-server-centos-6.2-x86_64-with-apache2-ispconfig-3]guide[/url] I got off how to forge for a perfect webserver(only followed for a lamp server which is all I need)

In a nutshell this is what I did. I'm lost and confused by what I read. I read about the mod_rewrite, but I don't know anything about it or how to even use it.

[SOLVED] Forcing SSL over https

Posted: 2012/01/21 00:43:31
by pschaff
[quote]
DarkSnake-Kobra wrote:
Sorry this was early in the morning I posted this and I was frustrated. Let me see if I can explain this right. I don't know much about SSL and tried following this [url=http://wiki.centos.org/HowTos/Https]guide[/url] and selecting the self created cert\keys with webmin under a new virtualhost which didn't work.[/quote]
That Wiki page was created in 2008 and has not had a serious revision since.

[quote]
I then followed this [url=http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-httpd-secure-server.html]guide[/url] for running genkey and which Apache was able to detect it and loaded it upon start.[/quote]
You followed the RHEL5 guide. Perhaps the [url=http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html-single/Deployment_Guide/index.html]RHEL6 Deployment Guide[/url] or other current upstream docs would be more appropriate.

[quote]
This is the [url=http://www.howtoforge.com/perfect-server-centos-6.2-x86_64-with-apache2-ispconfig-3]guide[/url] I got off how to forge for a perfect webserver(only followed for a lamp server which is all I need)[/quote]
Those "Perfect" guides are generally abominations that recommend disabling SELinux and doing source installs.

[quote]
In a nutshell this is what I did. I'm lost and confused by what I read. I read about the mod_rewrite, but I don't know anything about it or how to even use it.[/quote]
Too many disparate, outdated, and/or non-standard guides. We have no idea of the current state of your system may be after all that, but a if you followed the [im]perfect guide, a fresh install would be where I would go next. Then take care what guides you follow, and if in doubt ask questions first.

Re: Forcing SSL over https

Posted: 2012/01/21 01:02:15
by TrevorH
So your site works if you go to the https version of it directly?

Re: Forcing SSL over https

Posted: 2012/01/22 07:33:59
by DarkSnake-Kobra
I did a clean install this time with the web server package without the how to forge customizations etc. What do I need to do so that when someone types http it automatically goes to https? Want to do it the right way this time so I haven't done anything other then updates, installing the development tools group and elreop/rpmforge with phpmyadmin.


@Trevor

Yes.

Re: Forcing SSL over https

Posted: 2012/01/22 14:02:59
by TrevorH
First thing to check is that both http and https are working correctly on their own before you start. Can you reach http://your.server.name and https://your.server.name at the moment?

Re: Forcing SSL over https

Posted: 2012/01/23 07:03:35
by DarkSnake-Kobra
HTTP appears to be working fine, but HTTPS does not load. system-config-firewall-tui is configured to allow https.

Re: Forcing SSL over https

Posted: 2012/01/23 09:35:23
by TrevorH
You will not be able to redirect http to https until you first fix https! And "HTTPS does not load" is not a meaningful error message to allow for remote debugging.

Re: Forcing SSL over https

Posted: 2012/01/24 02:58:01
by DarkSnake-Kobra
OK sorry I'm not sure what to provide. I'm not new to Linux, but just a casual user and only know some of the basic commands. I just have the standard apache configuration set.