Proper SSL config for SSL - Apache2 ignores DocumentRoot

Question

So here's my current config:

<VirtualHost *:443>
    DocumentRoot "/var/www/keypad"
    ServerName keypad.io
    SSLOptions +StrictRequire
    <Directory />
            SSLRequireSSL
    </Directory>
    SSLProtocol -all +TLSv1
    SSLEngine on
    SSLCertificateFile /cert/cert.crt
    SSLCertificateKeyFile /cert/key.key
    SSLCACertificateFile /cert/inter.crt
</VirtualHost>
<VirtualHost *:80>
    ServerName keypad.io
    ServerAlias www.keypad.io
    DocumentRoot /var/www/keypad
    Redirect permanent / https://keypad.io/
</VirtualHost>

Which results in being able to access the site at both http:// and https://

I end up with an infinite redirect loop for some reason, with https:// in the address bar.

If I remove the *:80 Host entirely, http:// quits working and https:// ignores the DocumentRoot property and gives me the apache welcome page. No matter what I do in the *:443 host block, I get an encrypted connection to the welcome page.

I want BOTH http:// and https:// to direct the client to an SSL encrypted version of my site. My apache2.conf is default. I haven't done a thing to it.

Output of apache -version

Server version: Apache/2.4.7 (Ubuntu)
Server built:   Jul 22 2014 14:36:38

Any thoughts?

EDIT: I added the extra '/' (and removed SSLv3 as suggested) and still have an infinite redirect loop. Any help is definitely appreciated.

You might want to remove that `+SSLv3` given the recent announcement. — Zoredache, Oct 15 '14 at 17:51

score 0 · Answer 1 · answered Oct 15 '14 at 18:03

There is a slash missing in your Redirect directive:

<VirtualHost *:443>
    DocumentRoot "/var/www/keypad"
    ServerName keypad.io
    SSLOptions +StrictRequire
    <Directory />
            SSLRequireSSL
    </Directory>
    SSLProtocol -all +TLSv1 +SSLv3
    SSLEngine on
    SSLCertificateFile /cert/cert.crt
    SSLCertificateKeyFile /cert/key.key
    SSLCACertificateFile /cert/inter.crt
</VirtualHost>
<VirtualHost *:80>
    ServerName keypad.io
    ServerAlias www.keypad.io
    DocumentRoot /var/www/keypad
    Redirect permanent / https://keypad.io/
</VirtualHost>

Without the slash request:

 curl -v http://keypad.io/bla

Will redirect you to the https://keypad.iobla location.

Adding the slash has no effect on the redirect loop, but I still understand that it is necessary once I actually do get it working. — subdavis, Oct 16 '14 at 20:01

Proper SSL config for SSL - Apache2 ignores DocumentRoot

1 Answers1