This technical how-to document will teach you how to implement a basic redirect from a non-secure connection to a secure one.
The following example is rather basic and does have some limitations (tailored to our specific situation), so I'll try to include some more information on how to adapt it to your situation, but I won't have tested it.
On your server (I'm assuming its an Apache Linux/Unix server) you will need the mod_rewrite module enabled.
Below are the steps (that worked for me) to do this.
Fresh Apache compile:
If this is a fresh install, then run the following commands (my installation)..
Untar the Apache2 file:
$ tar -zxvf httpd-2.0.54.tar.gz
Create a file called install.sh with the following lines in it:
./configure --prefix=/usr/local/apache2 \
--mandir=/usr/local/man \
--enable-so \
--enable-ssl=shared \
--enable-rewrite
Change the permissions on the file:
$ chmod 755 install.sh
Now configure apache with the following succession of commands:
$ ./install.sh
$ make && make install
Now edit /etc/rc.conf and add the following lines:
apache_enable="YES"
Start the server by typing in the following command:
$ /usr/local/apache2/bin/apachectl startssl
(this won't work until you have completed the following Create SSL Certificates section)
Create SSL certificates
Create the SSL certificate key in your /root directory:
$ cd ~
$ openssl genrsa -des3 -out server.key 1024
Enter in a pass phrase and make sure you remember it!
Now we need to make a Certificate Signing Request, you will be prompted for information regarding the new certificate:
$ openssl req -new -key server.key -out server.csr
Make sure you enter your FQDN for the "Common Name" portion.
Now sign the newly created certificate (following all on one line):
$ openssl x509 -req -days 365 -in /root/server.csr -signkey
/root/server.key -out /root/server.crt
Ok, your certificate is signed and valid for 365 days, we now need to copy the files to the appropriate directory for Apache to use them:
$ mkdir /usr/local/apache2/ssl.key
$ mkdir /usr/local/apache2/ssl.crt
$ chmod 0700 /usr/local/apache2/ssl.key /usr/local/apache2/ssl.crt
$ cp server.key /usr/local/apache2/ssl.key/
$ cp server.crt /usr/local/apache2/ssl.crt/
$ chmod 0400 /usr/local/apache2/ssl.key/server.key
$ chmod 0400 /usr/local/apache2/ssl.crt/server.crt
Edit the ssl.conf file in /usr/local/apache2/conf and add the following lines:
Listen 0.0.0.0:443
In the
VirtualHost _default_:443 section change the following line:
ServerName 192.168.1.253:443
In the
Directory "/usr/local/apache2/htdocs" section add the following line:
SSLOptions +OptRenegotiate
Now add the following lines to the end of
/usr/local/apache2/htdocs/httpd.conf:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://%{HTTP_HOST}%3
Manual Installation
If this is an already ssl enabled and customised apache installation then you will need to complete the following steps:
Inside the httpd.conf file uncomment the line LoadModule rewrite_module modules/mod_rewrite.so (remove the pound '#' sign from in front of the line)
Also find the line ClearModuleList is uncommented then find and make sure that the line AddModule mod_rewrite.c is not commented out.
Now that you have mod_rewrite enabled, you need to add the following lines to your
httpd.conf file:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://%{HTTP_HOST}%3
There are some limitations to this method though. This will statically redirect the client browser (i.e. always redirected to the root of htdocs) not dynamically (i.e. redirected to requested URL). I did it this way because everyone that visits our webpage HAS to read our company policy before they access our site.
The following three lines theoretically should fix this problem:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://%{HTTP_HOST}/%1
The following links should help you gain a basic understanding of using mod_rewrite. Once you get used to it, it can be incredibly powerful.
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html
http://www.cs.utk.edu/~sammons/docs/redirect.php#redirect
http://www.akadia.com/services/apache_redirect.html
This document (original
here) was created using OpenOffice 2.0 RC1 (very good)
- S.
