Apache Redirection Question: All Traffic to Wordpress Site

Tessando
Tessando used Ask the Experts™
on
Originally I thought this would be a Wordpress question but now I want to approach this from a different perspective.

I am running a LAMP Stack in AWS using Amazon Linux. I have a company website that is a Wordpress site.

I have six domains that I want to (1) force from HTTP to HTTPS and (2) forward to "https://CompanysSite.com".

The other domains are variants, so, for example I want "http://CompanySite-inc.com" to forward to "https://CompanySite.com". And it's totally okay to have the domain name be changed to "https://CompanysSite.com" from whatever domain it came in on.

Is there a way to do this globally at the Apache level, perhaps using Mod-ReWrite? I just don't know enough about Apache to add that to the script in order to have all traffic sent to "https://CompanySite.com".

Thanks for your help!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Here's a template I use for upgrading HTTP -> HTTPS.

<VirtualHost *:80>
   ServerName  www.WEBSITE
   ServerAdmin support@WEBSITE
   RewriteEngine on
   RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
   RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [NC,L,R=302]
   Include logging.conf
</VirtualHost>

<VirtualHost *:80>
   ServerName  WEBSITE
   ServerAdmin support@WEBSITE
   RewriteEngine on
   RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [NC,L,R=302]
   Include logging.conf
</VirtualHost>

<IfModule mod_ssl.c>

   <VirtualHost *:443>

      ServerName  www.WEBSITE
      ServerAdmin support@WEBSITE

      RewriteEngine on
      RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
      RewriteRule ^(.*)$ https://%1%{REQUEST_URI} [L,R=302]

      Include logging.conf

      SSLEngine on
      SSLUseStapling on

      SSLCertificateFile    /etc/letsencrypt/live/WEBSITE/fullchain.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/WEBSITE/privkey.pem

      # Enable HTTP Strict Transport Security with a 2 year duration
      Header always set Strict-Transport-Security "max-age=63072000; preload"

   </VirtualHost>

   <VirtualHost *:443>

      ServerName  WEBSITE
      ServerAdmin support@WEBSITE

      DocumentRoot /sites/OWNER/WEBSITE/TYPE

      <Directory /sites/OWNER/WEBSITE/TYPE>
          Options +Indexes +FollowSymLinks
          AllowOverride All 
          Require all granted
      </Directory>

      Include logging.conf

      SSLEngine on
      SSLUseStapling on

      SSLCertificateFile    /etc/letsencrypt/live/WEBSITE/fullchain.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/WEBSITE/privkey.pem

      # Enable HTTP Strict Transport Security with a 2 year duration
      Header always set Strict-Transport-Security "max-age=63072000; preload"

   </VirtualHost>

</IfModule>

Open in new window


Do yourself a favor + always use 302 redirects. 301s are fine, until something goes wrong. If something goes wrong, you can never change a 301 target, because every visitor will have the old target cached in the browser, so changing a 301 target means old visitors will end up one place + new visitors another.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Note: You'll use the above stanza for all your incoming domains + also generate LetsEncrypt SSL certs for all incoming domains.

Then if you'd like them to all forward to one domain, that's fine.

You'll accomplish this by changing the DocumentRoot line to another 302 redirect.

So in your Apache sites directory you'll have one /etc/apache2/sites-enabled/somesite.com file for each domain you serve.
TessandoIT Administrator

Author

Commented:
This is really great, David. Thank you for sharing this. I have a couple questions related to your script:

1. Is this done in the .htaccess file? (This is a generic install of Wordpress)

2a. In the <VirtualHost *:80> section, I presume I put in the ORIGINAL site (the site that exists there currently that I want to forward new domains to.

2b. Do I need to adjust the information in the <IfModule mod_ssl.c> for each additional domains? This would be lines 22, 23, 34,35, 44, 45, 47, 49, 60,61

3. Do I need to do any additional configuration to use "Let's Encrypt"? Or does this handle it?

Thanks for your help with this. I appreciate your wide breathe of knowledge that you share with the world.

Thanks
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

David FavorFractional CTO
Distinguished Expert 2018

Commented:
1. Is this done in the .htaccess file? (This is a generic install of Wordpress)

No.

All these directives live in each /etc/apache2/sites-enabled/host.domain.com.conf file, where I config each domain + each host with it's own config file, so each host/domain can be up/down with no effect on other hosts. This comes in very handing where some domains might have 100s of hosts running, each of this must have maintenance done individually at times.

2a. In the <VirtualHost *:80> section, I presume I put in the ORIGINAL site (the site that exists there currently that I want to forward new domains to.

Yes.

What I do in vi is %s/WEBSITE/foo.com/g to update an entire config file for the foo.com domain.

Net result is...

http://foo.com      -> https://foo.com
http://www.foo.com  -> https://foo.com
https://www.foo.com -> https://foo.com

Open in new window


2b. Do I need to adjust the information in the <IfModule mod_ssl.c> for each additional domains? This would be lines 22, 23, 34,35, 44, 45, 47, 49, 60,61

Up to you.

I have 1x conf file for foo.com + www.foo.com together as a pair.

Then 1x conf file for every host.foo.com host which runs for the domain.

This makes working with many hosts so easy, where 1x host can be placed in maintenance mode, migrated, upgraded, whatever... while all other hosts continue working.

3. Do I need to do any additional configuration to use "Let's Encrypt"? Or does this handle it?

I normally use 2x additional files.

logging.conf - which contains all logging directives.

global.conf - which contains all HTTPS global settings, which setup HTTP2 + TLSv1.2 or TLSv1.3, depending on various project factors.

4. Thanks for your help with this. I appreciate your wide breathe of knowledge that you share with the world.

You're welcome.

LAMP tech has become so complex over the years.

Having a solid starting point can save a massive amount of time.
TessandoIT Administrator

Author

Commented:
Thank you, David. Going back to question number 1, my Apache configurations are in a different location. Specifically they reside at:

/etc/httpd/

From there, there are three folders, all with config files in them: "conf", "conf.d" and "conf.modules.d".

I do like the idea of configuring the incoming sites with configuration files, such that I can generally have more control over what happens.

Is this the location where I'd put those in /etc/httpd/ or /etc/httpd/conf ?

Thanks again for your help. If I can get this handled it will be a great breakthrough.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Every Distro places config files different places.

You'll have to logically map over my comments above to however your Distro manages Apache config files.

So /etc/httpd looks to be how your Distro manages Apache config files.

You'll just have to get into your config files, rummage around, determine how best to deal with your Distro's config file approach.

One of the reasons I prefer working with Ubuntu, is the package management + config file layout are all... granular... and... self documenting...

With Ubuntu, simply glancing at /etc explains how everything works.

With AWS... you'll have to figure out how all this works.

Worst case, run this in one window...

inotifywait -mrq /etc

Open in new window


Then in another window, do a hard Apache restart... which might be...

service httpd restart

Open in new window


In the first window, you'll see a trace of the exact order in which config files are read.

Using inotifywait can save a massive amount of time, as you can see an exact startup sequence, rather than guessing...
David FavorFractional CTO
Distinguished Expert 2018

Commented:
You said, "Thanks again for your help. If I can get this handled it will be a great breakthrough."

You're welcome!

Hang in there!
TessandoIT Administrator

Author

Commented:
Thank you, David. It took me overnight to find out how to get inotify installed on Amazon Linux, but once I found it, it was simple to implement.

I ran that command and performed your instruction of restarting Apache using a different terminal window and it does appear that httpd.conf is the first in line.  

Since I'm fairly new to examining these sorts of log files, I've pasted a chunk into the code window below, all in chronological order. This might be overkill, however it does confirm for me that I need to made those adjustments to the httpd.conf file. Once this is confirmed I will dive into it, likely not until next week simply due to workload at the moment.

Does it appear to you that httpd.conf is the first in line?

Thanks again for your assistance. I will get this handled.

...
/etc/httpd/conf/ OPEN httpd.conf
/etc/httpd/conf/ ACCESS httpd.conf
/etc/httpd/ OPEN,ISDIR conf.modules.d
/etc/httpd/conf.modules.d/ OPEN,ISDIR 
/etc/httpd/ ACCESS,ISDIR conf.modules.d
/etc/httpd/conf.modules.d/ ACCESS,ISDIR 
/etc/httpd/ ACCESS,ISDIR conf.modules.d
/etc/httpd/conf.modules.d/ ACCESS,ISDIR 
/etc/httpd/ CLOSE_NOWRITE,CLOSE,ISDIR conf.modules.d
/etc/httpd/conf.modules.d/ CLOSE_NOWRITE,CLOSE,ISDIR 
/etc/httpd/conf.modules.d/ OPEN 00-base.conf
/etc/httpd/conf.modules.d/ ACCESS 00-base.conf
/etc/ OPEN ld.so.cache
/etc/ CLOSE_NOWRITE,CLOSE ld.so.cache
/etc/ OPEN ld.so.cache
/etc/ CLOSE_NOWRITE,CLOSE ld.so.cache
/etc/httpd/conf.modules.d/ CLOSE_NOWRITE,CLOSE 00-base.conf
/etc/httpd/conf.modules.d/ OPEN 00-dav.conf
/etc/httpd/conf.modules.d/ ACCESS 00-dav.conf
/etc/httpd/conf.modules.d/ CLOSE_NOWRITE,CLOSE 00-dav.conf
/etc/httpd/conf.modules.d/ OPEN 00-lua.conf
/etc/httpd/conf.modules.d/ ACCESS 00-lua.conf
/etc/ OPEN ld.so.cache
/etc/ CLOSE_NOWRITE,CLOSE ld.so.cache
/etc/httpd/conf.modules.d/ CLOSE_NOWRITE,CLOSE 00-lua.conf
/etc/httpd/conf.modules.d/ OPEN 00-mpm.conf
/etc/httpd/conf.modules.d/ ACCESS 00-mpm.conf
/etc/httpd/conf.modules.d/ CLOSE_NOWRITE,CLOSE 00-mpm.conf
/etc/httpd/conf.modules.d/ OPEN 00-optional.conf
/etc/httpd/conf.modules.d/ ACCESS 00-optional.conf
/etc/httpd/conf.modules.d/ CLOSE_NOWRITE,CLOSE 00-optional.conf
/etc/httpd/conf.modules.d/ OPEN 00-proxy.conf
/etc/httpd/conf.modules.d/ ACCESS 00-proxy.conf
/etc/httpd/conf.modules.d/ CLOSE_NOWRITE,CLOSE 00-proxy.conf
/etc/httpd/conf.modules.d/ OPEN 00-ssl.conf
/etc/httpd/conf.modules.d/ ACCESS 00-ssl.conf
/etc/httpd/conf.modules.d/ CLOSE_NOWRITE,CLOSE 00-ssl.conf
/etc/httpd/conf.modules.d/ OPEN 01-cgi.conf
/etc/httpd/conf.modules.d/ ACCESS 01-cgi.conf
/etc/httpd/conf.modules.d/ CLOSE_NOWRITE,CLOSE 01-cgi.conf
/etc/httpd/conf.modules.d/ OPEN 15-php-conf.7.0
/etc/httpd/conf.modules.d/ ACCESS 15-php-conf.7.0
/etc/ OPEN ld.so.cache
/etc/ CLOSE_NOWRITE,CLOSE ld.so.cache
/etc/httpd/conf.modules.d/ CLOSE_NOWRITE,CLOSE 15-php-conf.7.0
/etc/httpd/conf/ ACCESS httpd.conf
/etc/httpd/conf/ ACCESS httpd.conf
/etc/httpd/ OPEN,ISDIR conf.d
/etc/httpd/conf.d/ OPEN,ISDIR 
/etc/httpd/ ACCESS,ISDIR conf.d
/etc/httpd/conf.d/ ACCESS,ISDIR 
/etc/httpd/ ACCESS,ISDIR conf.d
/etc/httpd/conf.d/ ACCESS,ISDIR 
/etc/httpd/ CLOSE_NOWRITE,CLOSE,ISDIR conf.d
/etc/httpd/conf.d/ CLOSE_NOWRITE,CLOSE,ISDIR 
/etc/httpd/conf.d/ OPEN autoindex.conf
/etc/httpd/conf.d/ ACCESS autoindex.conf
/etc/httpd/conf.d/ CLOSE_NOWRITE,CLOSE autoindex.conf
/etc/httpd/conf.d/ OPEN notrace.conf
/etc/httpd/conf.d/ ACCESS notrace.conf
/etc/httpd/conf.d/ CLOSE_NOWRITE,CLOSE notrace.conf
/etc/httpd/conf.d/ OPEN php-conf.7.0
/etc/httpd/conf.d/ ACCESS php-conf.7.0
/etc/httpd/conf.d/ CLOSE_NOWRITE,CLOSE php-conf.7.0
/etc/httpd/conf.d/ OPEN ssl.conf
/etc/httpd/conf.d/ ACCESS ssl.conf
/etc/httpd/conf.d/ ACCESS ssl.conf
/etc/httpd/conf.d/ ACCESS ssl.conf
/etc/httpd/conf.d/ CLOSE_NOWRITE,CLOSE ssl.conf
/etc/httpd/conf.d/ OPEN userdir.conf
/etc/httpd/conf.d/ ACCESS userdir.conf
/etc/httpd/conf.d/ CLOSE_NOWRITE,CLOSE userdir.conf
/etc/httpd/conf.d/ OPEN welcome.conf
/etc/httpd/conf.d/ ACCESS welcome.conf
/etc/httpd/conf.d/ CLOSE_NOWRITE,CLOSE welcome.conf
/etc/httpd/conf/ CLOSE_NOWRITE,CLOSE httpd.conf

Open in new window



...
Fractional CTO
Distinguished Expert 2018
Commented:
Aside: This inotifywait incantation output might be easier to read...

inotifywait -mr --timefmt '%Y-%m-%d-%T' --format '%T %w%f %e' -e OPEN /etc/httpd

Open in new window


Note: Looks like /etc/httpd/conf/httpd.conf is the starting point for your config files.

Couple oddities.

1) Seems as if no virtual host directory (where domain + host config files) is being accessed.

I so prefer Debian/Ubuntu Distros as all /etc files are laid out sensibly.

Trying to read the AWS docs... geez... what a catastrophe... It's unclear from a quick glance where these files live.

Check your /etc/httpd/conf/httpd.conf for clues.

2) You're config is referencing PHP-7.0 which has been deprecated for a while, so PHP-7.0 is either hackable now or will likely become hackable in the future, because no security patches will every be provided for PHP-7.0 ever again.

Fix: Upgrade to latest PHP, which as of today is... PHP-7.3.6.1so much newer than what you're running.

Note: If your site requires high performance, be sure to install PHP-7.4 when it releases, as PHP-7.4 rolls in massive performance increases.

Tip: If you run Ubuntu + setup the latest stable PHP repository, then all PHP updates install normally, so no special attention is required.

3) If you aren't using WebDAV, deinstall all related packages.

4) If you aren't using LUA, deinstall all related packages.

Tip: If you aren't using some Apache module, then deinstall it, as this means less ways into a system for hackers.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial