我主持了几个单独的网站之一Apache服务器上:
siteexample
site重定向所有用户的HTTPS在应用程序中。
example是一个非HTTPS网站和HTTPS请求重定向到HTTP
为了为 example 代替的 example (当仅使用一个HTTPS虚拟主机是成为默认的站点因),我需要设置拿不到site一个HTTPS虚拟主机的example,但我必须使用自签名的证书,因为没有理由为网站使用SSL。
这意味着,当有人访问 example 他们得到一个浏览器警告页面,该SSL是自签名然后当他们点击立即继续他们重定向到HTTP
有什么办法来重定向HTTPS请求HTTP没有证书
这是当前虚拟主机:
<虚拟主机*:443> 服务器名about.example:443 的DocumentRoot/的Webdata <目录/的Webdata> 所有的AllowOverride 要求所有批准 < /目录> RewriteEngine叙述在 的RewriteCond%{} HTTPS上 (。*)重写规则的http://%{HTTP_HOST}%{REQUEST_URI} 在SSLEngine的 SSLProtocol所有-SSLv2 高的SSLCipherSuite:MEDIUM:A零位:MD5 了SSLCertificateFile /etc/httpd/ssl/ExampleCOM.crt 了SSLCertificateKeyFile /etc/httpd/ssl/AboutExampleCOM.key BrowserMatchMSIE [2-5]nokeepalive SSL-不洁关机降级-1.0动力响应-1.0< /虚拟主机>解决方案
从根本上说,这是一个问题。当透过HTTPS通讯时,TLS通信层设置任何交换之前,关于该网站的任何信息传输之前,即有关证书的警告发生。所以需要一个证书,让浏览器定义HTTPS时,自签名或无法连接。
的理想的情况下,和最佳实践,我们真的应该鼓励人们使用HTTPS作为默认的(我意识到这是一个成本和可恼人使用证书,并同时不应该有什么毛病自我签名的证书,经常有问题,浏览器消息等)。的
即使你有一个应用程序服务器,只能做HTTP',最好的做法一般是前与一个Web服务器(如nginx的或lighthttpd或某种形式的负载平衡器)的应用服务器也将提供您的HTTPS终止。 - 这是你仿佛能与您的HTT preWRITE这将请求转发到你的网站做
您可能会发现这是安装在大多数浏览器一些便宜的SSL证书提供商,但?
I am hosting a couple of seperate websites on one apache server:
site example
site redirects all users to HTTPS from within the application.
example is a non HTTPS website and HTTPS requests are redirects to HTTP
In order for accidental requests for example instead of example to not get site (due to when only one HTTPS vhost is used that becomes the default site) I need to set up an https vhost for example but I have to use a self signed cert as there is no reason for the site to use an SSL.
This means when someone visits example they get a browser warning page that the SSL is self signed and then as soon as they click continue they get redirected to HTTP
Is there any way to redirect HTTPS requests to HTTP without a certificate
This is the current vhost:
<VirtualHost *:443> ServerName about.example:443 DocumentRoot "/webdata" <Directory "/webdata"> AllowOverride All Require all granted </Directory> RewriteEngine On RewriteCond %{HTTPS} on RewriteRule (.*) %{HTTP_HOST}%{REQUEST_URI} SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile /etc/httpd/ssl/ExampleCOM.crt SSLCertificateKeyFile /etc/httpd/ssl/AboutExampleCOM.key BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 </VirtualHost>解决方案
Fundamentally, that's a problem. When communicating over HTTPS, the TLS communication layer is set up before anything is exchanged, i.e. the warning about the certificate happens before any information about the website is transferred. So a Certificate is needed to allow a browser to connect when https is defined, self signed or not.
Ideally, and for 'best practice' we should really be encouraging people to use HTTPS as default (I realise this is an expense and can be annoying with certificates, and whilst there shouldn't be anything wrong with self signed certificates, there often are problems and browser messages etc).
Even if you have an application server which 'can only do http', best practice is generally to front that application server with a Web Server (such as nginx or lighthttpd or some form of load balancer) which also will provide your https termination. - which is what you seem to have done with your httprewrite which forwards the request to your site.
You might find some cheap SSL-certificate providers which are installed in most browsers though?
更多推荐
如何HTTPS请求HTTP重定向没有证书(Apache的VirtualHosts)
发布评论