-
Bug
-
Resolution: Done
-
Major
-
RH358 - RHEL 8.1 0
-
None
-
en-US (English)
URL:
Reporter RHNID: p.tselios
Section: -
Language: en-US (English)
Workaround: Tell students that there are 2 ways to do this and that at this moment the recommended by Apache Foundation way is to use the Redirect directive.
Description: In SG, page 303 we discuss about the HTTP to HTTPS redirection.
However, this is not recommended from Apache foundation!
Specifically, Apache Foundation says that mod_rewrite should be our last resort!
https://httpd.apache.org/docs/2.4/rewrite/avoid.html
On the same page, it's clear that the recommended way to redirect http to HTTPS is to use the "Redirect" directive:
Taking this into consideration, the solution of the GE in page 304 (step 4.3) should be:
<VirtualHost *:80>
ServerName wwwX.example.com
Redirect "/" "https://wwwX.example.com/"
</VirtualHost>
<VirtualHost *:443>
ServerName wwwX.example.com
ServerName wwwX.example.com
SSLEngine On
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNull:!MD5
SSLHonorCipherOrder on
SSLCertificateFile /etc/pki/tls/certs/wwwX.crt
SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/wwwX.key
DocumentRoot /srv/wwwX/www
</VirtualHost>
</VirtualHost>