Apache虚拟主机将http重定向到https

Question

我知道这个问题已被多次询问和回答。但是我似乎无法让它适用于我的场景。

我想将所有http流量重定向到https，并将https根目录重定向到登录页面。以下是vhost.conf文件中的虚拟主机。

<VirtualHost *:80>
    DocumentRoot /var/www
    ServerName sub-domain.mydomain.com
    ServerAdmin admin@example.com
    CustomLog /var/log/httpd/http_access.log common
    LOGFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
    ErrorLog /var/log/httpd/http_error.log
    TransferLog /var/log/httpd/http_transfer.log

    RewriteEngine on
    RewriteCond %{HTTPS} off
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1
    #Redirect permanent / https://%{HTTP_HOST}%/login/mylogin.jsp (Not used as I need to use a rewrite rule rather than redirect only the root)
</VirtualHost>

<VirtualHost *:443>
    DocumentRoot /var/www
    ServerName sub-domain.mydomain.com
    ServerAdmin admin@example.com
    CustomLog /var/log/httpd/https_access.log common
    LOGFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
    ErrorLog /var/log/httpd/https_error.log
    TransferLog /var/log/httpd/https_transfer.log

    SSLEngine on
    SSLOptions +StrictRequire
    SSLCertificateFile /etc/httpd/conf/mydomain.crt
    SSLCertificateKeyFile /etc/httpd/conf/mydomain.key
    SSLCertificateChainFile /etc/httpd/conf/intermediate.crt

    # HSTS (mod_headers is required) (15768000 seconds = 6 months)- ref https://mozilla.github.io/server-side-tls/ssl-config-generator/
    Header always set Strict-Transport-Security "max-age=15768000"

    JkMount .....  

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>

    <Directory "/var/www/cgi-bin">
        SSLOptions +StdEnvVars
        SSLRequireSSL
    </Directory>

    BrowserMatch "MSIE [2-5]" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0

    AddDefaultCharset utf-8
    AddType image/svg+xml svg svgz
    AddEncoding gzip svgz

    RewriteEngine on
    RewriteRule ^/$ /login/mylogin.jsp [R=permanent,L]
</VirtualHost>

https root to login redirect工作正常。但是我无法让http到https重定向工作。 我尝试了各种建议，如：

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1
RewriteRule ^/?(.*) https://%{SERVER_NAME}/%$1

根据这里的各种帖子。但是其中一些人没有工作，而且在一些建议中有评论提到查询字符串不能与%{REQUEST_URI}变量一起使用。

我需要一个很好的解决方案，它会将所有http流量重定向到https，同时保留其余的请求网址。 例如。

  

http://sub-domain.mydomain.com至https://sub-domain.mydomain.com

     

http://sub-domain.mydomain.com/somepage.html至https://sub-domain.mydomain.com/somepage.html

     

http://sub-domain.mydomain.com/thepage.html?day=tuesday&month=march至https://sub-domain.mydomain.com/thepage.html?day=tuesday&month=march

一旦我测试完毕，我会将重定向设为永久性，并且对重定向的工作满意。

我不想使用htaccess。

Answer 1

您已经处理了从“/”到“/login/mylogin.jsp”的特定重定向，因此它应该可以正常工作。 要将所有http流量重定向到HTTPS，可以使用RedirectMatch。

<VirtualHost *:80>
    DocumentRoot /var/www
    ServerName sub-domain.mydomain.com
    ServerAdmin admin@example.com
    CustomLog /var/log/httpd/http_access.log common
    LOGFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
    ErrorLog /var/log/httpd/http_error.log
    TransferLog /var/log/httpd/http_transfer.log

    RedirectMatch permanent ^/(.*)$ https://sub-domain.mydomain.com/$1

</VirtualHost>