如何HTTPS请求HTTP重定向没有证书(Apache的VirtualHosts) [英] How to redirect HTTPS requests to HTTP without a certificate (Apache VirtualHosts)
问题描述
我主持了几个单独的网站之一Apache服务器上:
site.com
example.com
site.com重定向所有用户的HTTPS在应用程序中。
example.com是一个非HTTPS网站和HTTPS请求重定向到HTTP
为了为 https://example.com 代替的 http://example.com (当仅使用一个HTTPS虚拟主机是成为默认的站点因),我需要设置拿不到site.com一个HTTPS虚拟主机的example.com,但我必须使用自签名的证书,因为没有理由为网站使用SSL。
这意味着,当有人访问 https://example.com 他们得到一个浏览器警告页面,该SSL是自签名然后当他们点击立即继续他们重定向到HTTP
有什么办法来重定向HTTPS请求HTTP没有证书
这是当前虚拟主机:
<虚拟主机*:443>
服务器名about.example.com:443
的DocumentRoot/的Webdata
<目录/的Webdata>
所有的AllowOverride
要求所有批准
< /目录> RewriteEngine叙述在
的RewriteCond%{} HTTPS上
(。*)重写规则的http://%{HTTP_HOST}%{REQUEST_URI} 在SSLEngine的
SSLProtocol所有-SSLv2
高的SSLCipherSuite:MEDIUM:A零位:MD5
了SSLCertificateFile /etc/httpd/ssl/ExampleCOM.crt
了SSLCertificateKeyFile /etc/httpd/ssl/AboutExampleCOM.key
BrowserMatchMSIE [2-5]nokeepalive SSL-不洁关机降级-1.0动力响应-1.0< /虚拟主机>
从根本上说,这是一个问题。当透过HTTPS通讯时,TLS通信层设置任何交换之前,关于该网站的任何信息传输之前,即有关证书的警告发生。所以需要一个证书,让浏览器定义HTTPS时,自签名或无法连接。
的理想的情况下,和最佳实践,我们真的应该鼓励人们使用HTTPS作为默认的(我意识到这是一个成本和可恼人使用证书,并同时不应该有什么毛病自我签名的证书,经常有问题,浏览器消息等)。的
即使你有一个应用程序服务器,只能做HTTP',最好的做法一般是前与一个Web服务器(如nginx的或lighthttpd或某种形式的负载平衡器)的应用服务器也将提供您的HTTPS终止。 - 这是你仿佛能与您的HTT preWRITE这将请求转发到你的网站做
您可能会发现这是安装在大多数浏览器一些便宜的SSL证书提供商,但?
I am hosting a couple of seperate websites on one apache server:
site.com example.com
site.com redirects all users to HTTPS from within the application.
example.com is a non HTTPS website and HTTPS requests are redirects to HTTP
In order for accidental requests for https://example.com instead of http://example.com to not get site.com (due to when only one HTTPS vhost is used that becomes the default site) I need to set up an https vhost for example.com but I have to use a self signed cert as there is no reason for the site to use an SSL.
This means when someone visits https://example.com they get a browser warning page that the SSL is self signed and then as soon as they click continue they get redirected to HTTP
Is there any way to redirect HTTPS requests to HTTP without a certificate
This is the current vhost:
<VirtualHost *:443>
ServerName about.example.com:443
DocumentRoot "/webdata"
<Directory "/webdata">
AllowOverride All
Require all granted
</Directory>
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile /etc/httpd/ssl/ExampleCOM.crt
SSLCertificateKeyFile /etc/httpd/ssl/AboutExampleCOM.key
BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>
Fundamentally, that's a problem. When communicating over HTTPS, the TLS communication layer is set up before anything is exchanged, i.e. the warning about the certificate happens before any information about the website is transferred. So a Certificate is needed to allow a browser to connect when https is defined, self signed or not.
Ideally, and for 'best practice' we should really be encouraging people to use HTTPS as default (I realise this is an expense and can be annoying with certificates, and whilst there shouldn't be anything wrong with self signed certificates, there often are problems and browser messages etc).
Even if you have an application server which 'can only do http', best practice is generally to front that application server with a Web Server (such as nginx or lighthttpd or some form of load balancer) which also will provide your https termination. - which is what you seem to have done with your httprewrite which forwards the request to your site.
You might find some cheap SSL-certificate providers which are installed in most browsers though?
这篇关于如何HTTPS请求HTTP重定向没有证书(Apache的VirtualHosts)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
