5

I have set up a Drupal 6 site on a dedicated server, and enabled SSL through the "Matrix" control panel which was installed on it.

The problem is now, the site ONLY loads pages from https. Most of the images wont load either, I presume this is related to the same thing. Ideally I want both http and https to work, then I can sort out the redirects for pages that need to be secure.

The error presented on attempting to load a regular http page is: 

**Bad Request**

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Can anyone point me in the right direction?

Edit:

In sites-enabled/domainname.co.uk there is a <VirtualHost> set up for the IP of the server, using port 80 like so:

<VirtualHost xx.xx.xx.xx:80>
        ServerName xx.co.uk
        ServerAlias www.xx.co.uk
        ServerAdmin webmaster@xx.co.uk
        DocumentRoot /home/default/xx.co.uk/user/htdocs
        ErrorLog /home/default/xx.co.uk/user/logfiles/error_log
        TransferLog /home/default/xx.co.uk/user/logfiles/access_log
        php_admin_value open_basedir /tmp:/home/default/xx.co.uk
        SuexecUserGroup xx matrixdomain
        ScriptAlias /cgi-bin/ /home/default/xx.co.uk/user/htdocs/cgi-bin/
        AddHandler server-parsed .shtml
        AddType text/html .shtml
        <Location />
                Options +Includes
        </Location>
# Begin user directives <--
# --> End user directives

Would I need to make another one for 443?

In ports.conf I have

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    # SSL name based virtual hosts are not yet supported, therefore no
    # NameVirtualHost statement here
    Listen 443
</IfModule>
jsims281
  • 165
  • 1
  • 1
  • 11

4 Answers4

5

Seems that your Apache httpd is misconfigured and tries to serve HTTPS on the HTTP port (take a look at your virtual host configuration for the Drupal site) or you are using a scheme like http://example.com:443/ to access your Drupal installation, which will not work either.

joschi
  • 20,747
  • 3
  • 46
  • 50
  • In sites-enabled/domainname.co.uk I have a set up for the IP of the server, using port 80 (e.g. 12.34.56.78:80). Would I need to make another one for 443? – jsims281 Sep 14 '09 at 11:27
  • Yes. And additionally the new VirtualHost has to contain some directives (see http://httpd.apache.org/docs/2.2/ssl/ssl_howto.html) to enable SSL for it. – joschi Sep 14 '09 at 17:42
  • The matrix control panel was doing a horrible job, wiping it out and doing the set up manually fixed the issue. – jsims281 Sep 28 '09 at 11:29
2

HTTP should be served on port 80 HTTPS should be served on port 443

Your site should work on: http://www.domain.com https://www.domain.com.

It could be one of a few things:

  • You are manual specifying the port, EG if you visit http://www.domain.com:443/, this would normally fail
  • The web server is configured incorrectly and is for some reason service SSL content on port 80. This would not normally happen unless there is a bug or something in your control panel. Have you restarted apache?
  • In the drupal configuration, it is set up that the website URL is "http://www.domain.com:443". This would always forward you to this location even if you type http://www.domain.com in your browser.
  • You have Drupal Secure Pages installed but is configured incorrectly. If you have it installed, visit https://www.domain.com/admin/build/securepages to configure it.

I think that summarizes what the issue could be, let us know your solution!

Dave Drager
  • 8,315
  • 28
  • 45
0

+1 Use the Secure Pages module (if you're not already)

Cheers

HTTP500
  • 4,827
  • 4
  • 22
  • 31
  • Am using that, but it's one step ahead of where I am now - I need to get the server to work on 80 before I can start picking pages to redirect... – jsims281 Sep 14 '09 at 11:37
-1

i thing follow doc will help u

Blockquote

Apache: Redirect http to https Apache secure connection – force HTTPS Connections

Let us say you have webmail sub-domain called http://mail.chida.in and you would like to redirect it to https secure connection i.e. https://mail.chida.in.

This will help you protect user privacy and sensitive information such as username and password remotely.

So how do you configure your Apache web server so that you prevent your web sites from being accessed without encryption? Redirect http to https Apache Configuration

First make sure Apache is configured for HTTPS connection and necessary SSL certificates are installed. No non-ssl access i.e. only accept https connections

Now open httpd.conf or .htaccess file (mod_rewrite not required):

vi httpd.conf

Append following line : Redirect permanent / https://mail.chida.in/ Any request made to http://mail.chida.in will goto https://mail.chida.in/

Save and close the file. Restart the Apache:

/etc/init.d/httpd restart

This is easiest way to ensure that your normal user never use plain text HTTP protocol to send data. Now this makes it much harder to sniff sensitive data. Force webmail login over SSL https session

So if you want force users to access their webmail through https, add following configuration to .htaccess file:

RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Make sure you have something as follows in httpd.conf (mod_rewrite support): LoadModule rewrite_module modules/mod_rewrite.so

Blockquote

Rajat
  • 3,329
  • 21
  • 29