Alle HTTP- und HTTPS-Anfragen an eine einzige HTTPS-URL umleiten

Question

Ich möchte alle HTTP- und HTTPS-Anfragen an eine einzelne HTTPS-URL umleiten, sodass die Benutzer nur über diese URL auf die Anwendung zugreifen. Umleitung von HTTP-Anfragen zu HTTPS funktioniert, aber ich kämpfe mit dem zweiten Teil.

Bisher schauen meine Virtual wie folgt aus:

<VirtualHost 10.201.100.81:80> 
    ServerName sdvlirp 
    ServerAlias sdvlirp.si.intra.net irp-dev 
    <IfModule rewrite_module> 
     RewriteEngine On 
     RewriteRule ^(.*)$ https://irp-dev.intra.net%{REQUEST_URI} [R=301] 
    </IfModule> 
</VirtualHost> 

<VirtualHost 10.201.100.81:443> 
    ServerName irp-dev.intra.net 
    ErrorLog "logs/https_irp-dev.intra.net-error_log" 
    CustomLog "logs/https_irp-dev.intra.net-access_log" common 

    SSLEngine On 
    SSLProtocol -ALL +TLSv1.1 +TLSv1.2 
    SSLHonorCipherOrder On 
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK 
    SSLSessionCacheTimeout 300 
    SSLCompression Off 
    SSLCertificateFile "/applis/irpdev/certs/irp-dev.intra.net.pem" 
    SSLCertificateKeyFile "/applis/irpdev/certs/irp-dev.intra.net.key" 
    SSLCACertificateFile "/applis/irpdev/certs/cacerts.pem" 
    Header Set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;" 

    <Files ~ "\.(cgi|shtml|phtml|php3?)$"> 
     SSLOptions +StdEnvVars 
    </Files> 

    # SSL Protocol Adjustments: 
    # The safe and default but still SSL/TLS standard compliant shutdown 
    # approach is that mod_ssl sends the close notify alert but doesn't wait for 
    # the close notify alert from client. When you need a different shutdown 
    # approach you can use one of the following variables: 
    # o ssl-unclean-shutdown: 
    # This forces an unclean shutdown when the connection is closed, i.e. no 
    # SSL close notify alert is send or allowed to received. This violates 
    # the SSL/TLS standard but is needed for some brain-dead browsers. Use 
    # this when you receive I/O errors because of the standard approach where 
    # mod_ssl sends the close notify alert. 
    # o ssl-accurate-shutdown: 
    # This forces an accurate shutdown when the connection is closed, i.e. a 
    # SSL close notify alert is send and mod_ssl waits for the close notify 
    # alert of the client. This is 100% SSL/TLS standard compliant, but in 
    # practice often causes hanging connections with brain-dead browsers. Use 
    # this only for browsers where you know that their SSL implementation 
    # works correctly. 
    # Notice: Most problems of broken clients are also related to the HTTP 
    # keep-alive facility, so you usually additionally want to disable 
    # keep-alive for those clients, too. Use variable "nokeepalive" for this. 
    # Similarly, one has to force some clients to use HTTP/1.0 to workaround 
    # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and 
    # "force-response-1.0" for this. 
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 

    # Per-Server Logging: 
    # The home of a custom SSL log file. Use this when you want a 
    # compact non-error SSL logfile on a virtual host basis. 
    CustomLog "logs/ssl_request_log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" 
</VirtualHost> 

Wie würden Sie es tun?

Vielen Dank im Voraus für Ihre Hilfe.

Answer 1

Ihr Bedarf ist unklar, denn wenn Sie den gesamten Datenverkehr auf eine einzelne URL umleiten, bedeutet dies, dass Sie die Website nicht durchsuchen können, sondern nur diese URL.

Ihr VirtualHost auf Port 80 ist in Ordnung, aber die RewriteRule leitet nicht zu einer einzigen URL um, sondern leitet jeweils eine http-URL zu ihrer https-Entsprechung um. Der VirtualHost an Port 443 hat keinen Rewrite-Block. Das müssen Sie hinzufügen, wenn Sie auch https zu https-Weiterleitungen machen möchten.