Centos 7 + Apache 2.4.6 ssl redirect

So I guess I was not the only one who noticed some stuff regarding vhosts and especially SSL have changed with the 2.4.* release of apache 2. I’ve been searching for quite some time to find a solution to redirect vhost 80 to https (443) and I finally got it working. I’d like to share this solution with you all.

Pre-requisites:
* Centos 7
* Apache 2.4.6 or higher (You can check this with httpd -v)
* Have at least one working DNS server (BIND)

Step 1: Configuring standard conf files

Now we will alter the ssl.conf

Step 2: Creating a test folder and file + logging folder

Logging folder:

Step 3: Creating a vhost container file file

First we make a http entry for sysinfo2, after that we create an ssl vhost container. We’re going to forward 80 –> 443

If you want to redirect to another machine or hostname use the following rules:

Check if the vhost.conf is correct:

Step 5: Configuring the firewall:
Use the following commands

Step 6: Installing ssl and generating ssl certificate:

Generating the certificate:

!!! Important, if you want a wildcard ssl certificate, please use these settings !!!
When asked for you FQDN type in www.domain.com (www in front of your own domain).
At common name type: *.domain.com (the * will allow you to use it for every subdomain on your domain!)

Set to the correct rights:

Run the script:

Now you can enter the details as asked by the script
* FQDN means fully qualifid domain name. For example www.domain.com or sysinfo2.domain.com.

The script will place your certifates in /etc/httpd/ssl
In the vhosts.conf file replace the .key and .cert files with the ones you just generated.

Do not forget to check and restart the httpd service:

Step 7: Configuring the DNS server:
I’m just showing you what you should apply here.
In your forward zone:

In your reversed zone:

Restart your named server just to be sure.

Step 8: Check if it works
Now we can test if it works (Don’t forget to change it to your own ip / hostname)

If everything works out you will get a message that your connection is not secure.
Do not worry. This is because we use a self signed certificate rather than one from a certificate authority.

Click advanced and proceed to continue.

The webbrowser will now show a php overview site and in the address bar you will https:// in front of your url with a red cross in front of it.

Leave a Reply

Your email address will not be published. Required fields are marked *