Well, just getting into Virtualmin and realized that I did not set 'Redirect HTTP to HTTPS by default?' to 'Yes' so now I have a virtual server that allows for both HTTP and HTTPS connections. I setup Let's Encrypt and have valid SSL certs but would like to have all traffic for the existing virtual server go to HTTPS. Do I have to just create a bunch of redirects or am I missing a setting?
Also, now that I modified 'Redirect HTTP to HTTPS by default?' to 'Yes', is it safe to assume that any new virtual servers will be configured to only accept traffic from HTTPS?
Redirect HTTP to HTTPS by default? ---> was found under 'System Settings' --> 'Virtualmin Configuration' --> 'SSL Settings'
Thanks for any help.
hi, you can try to load that domain where you forced ssl via http://domain.com to see if it will load as https automatically. Personally I use htaccess for that for each site/domain or folder where it needs to be forced.
Configuring/troubleshooting Debian servers is always great fun
Hello samrich,
It seems to be secure to enable 'System Settings' --> 'Virtualmin Configuration' --> 'SSL Settings' ---> Redirect HTTP to HTTPS by default?
This option will force all traffic of this website to go with HTTPS once you enable this option in VirtualHost. The website will show insecure until you install your SSL Certificate or load Let's Encrypt VirtualMin auto install option.
samrich - Were you concerned about 301 redirects vs. the server automatically pointing everything through https vs. http from an SEO standpoint or just not having to go back and tweak virtualmin after the install?
It should not affect redirects from http to https if done with 301 or 302 redirects. You can read more from John Mueller blog on G+: https://plus.google.com/+JohnMueller/posts/PY1xCWbeDVC.
For what i know if you have really big site the drop could happen but its limited to maybe 5-10%. Not perfect but you must somehow force people who visit over http to switch to https.
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.
how to change http://secondsfix.com to https://secondsfix.com
this same https://www.itstimeexout.com/
Y
If you're on nginx just add following code to virtual host file,
server {server_name domain.com www.domain.com;
listen ipaddress:80;
rewrite ^/(.*) https://domain.com/$1 permanent;
}
Change the domain and ip address ofc
Source: Virtualmin 301 Redirects from http to https
I provide FREE Server Management Services in exchange of money
Don't put this above your server block! You will lose features as virtualmin will not be able to parse the Default HTML directory (you won't have your root in the first block --nginx will work it out, but not all of wbm/vm will). You need something like
server {server_name VIRTUALSERVER_DOM www.VIRTUALSERVER_DOM;
listen VIRTUALSERVER_IP:80; # <--remove this line from default server block
root VIRTUALSERVER_HOME; # etc
#vm code
...
...
location block {
# fcgi socket
}
ssl path
ssl key
}server {
if ($host = VIRTUALSERVER_DOM) {
return 301 https://$host$request_uri;
}
listen VIRTUALSERVER_IP:80;
server_name VIRTUALSERVER_DOM www.VIRTUALSERVER_DOM;
return 404;
}
I'm working on a post-modification script i.e.
if [ "$VIRTUALSERVER_ACTION" = "CREATE_DOMAIN" ]; then# rewrite VIRTUALSERVER_DOM.conf
fi
I'll post it soon.
if anyone use apache here you can do .htaccess with following rules
Configuring/troubleshooting Debian servers is always great fun
The setting "Redirect HTTP to HTTPS by default?" adds a redirection directive in the apache configuration of the virtual server :80 when it is created. If you created the virtual server before you select the option, you can add this line manually in the apache configuration
In "Webmin -> Servers -> Apache Webserver" select the virtual server "example.com" with port 80. Go to "Edit Directives" and add at the end the following line:
just thought i would add an update to this...just wondering, does the following also work?
virtualmin>system settings>virtualmin configuration>SSL settings>redirect HTTP to HTTPS by default = "yes"https://ajecreative.com.au
What's the difference between those two lines in essence? Which one should we use?
Please refer to update in the next comment
Here is an automation solution for nginx that works with my configuration. This solution assumes you are using CentOs/Rhel 7, have root access, and have already gone into
Virtualmin>>System Settings>>Features and Plugins>>Nginx website>>configure (in the "actions" column)and set the
File or directory for new virtual hosts
to
/etc/nginx/conf.d/Logged in as
rootNavigate to Webmin. Go to
Others>>File Manager>>/root/then click
File>>Create new directoryCreate two. One called
scriptsone called
sites-deletedThis can also be done in the shell with
mkdir /root/scripts && mkdir /root/sites-deletedI also have one called
sites-createdCreate a file in
scriptsCall it whatever
myscrypt.shor you can
nano /root/scripts/myscript.shEither way, paste the following code:
Please see update belowWhat this does:
sed -i -e 's/^/#/' /etc/nginx/conf.d/$VIRTUALSERVER_DOM.conf;comments out the entire file, thus preserving the original
this
systemctl restart php-fpm php54-php-fpm nginx;restarts nginx and php b/c our script is going to run after the post-create restart and our changes won't be realized otherwise pending a restart.
This
if [ "$VIRTUALSERVER_ACTION" = "DELETE_DOMAIN" ]; thenCONF_FILE_EXISTS="/etc/nginx/conf.d/${VIRTUALSERVER_DOM}.conf";
if [ -f "$CONF_FILE_EXISTS" ]; then
mv /etc/nginx/conf.d/${VIRTUALSERVER_DOM}.conf /root/deleted_domains/${VIRTUALSERVER_DOM}.conf.deleted;
fi
fi
Checks if this is a delete operation and if it is moves the .conf file to our "sites-deleted" directory (Because VM will only delete the one server block, and ignores the code blocks containing our rewrite rules, thus we are left with half a file -- the original commented out code will still be in there as well, which is why I'm preserving it as a record of the state of the config at the time of deletion. It could potentially be used to rebuild the virtual host later).
Finally, navigate to
Virtualmin>>System Settings>>Actions upon server and user creationFind the line
Command to run after making changes to a serverAnd input your path
/root/scripts/myscript.shAnd your done. After you've done some testing and made the necessary edits for your configuration. i.e. if you are running a Debian based system the paths and a few other things will be a little different, but nothing you won't be able to work out on our own. Apologies for any readability issues. First time with the editor. Leave this field blank
Oh, and don't forget to make the file executable
chmod +x /root/scripts/myscript.shor in File Manager right click
myscript.sh>>properties>Change permissionsCheck the Execute box under Owner and Group.
Update. A more elegant solution for /root/scripts/myscript.sh.
#!/bin/bash
if [ "$VIRTUALSERVER_ACTION" = "CREATE_DOMAIN" ]; then
#back up original file
cp -p /etc/nginx/conf.d/${VIRTUALSERVER_DOM}.conf /root/sites-created/${VIRTUALSERVER_DOM}.conf.original;
#just comment out listen ip lines (And only the ones not containing "ssl")
#http://sed.sourceforge.net/sed1line.txt
sed -i '/ssl/!s/listen/#listen/g' /etc/nginx/conf.d/${VIRTUALSERVER_DOM}.conf;
#On Debian or similiar configuration replace /etc/nginx ...$VIRTUALSERVER_DOM.conf with path to
#sites-available/$VIRTUALSERVER_DOM.conf
cat >> /etc/nginx/conf.d/$VIRTUALSERVER_DOM.conf <<EOF
server {
if (\$host = ${VIRTUALSERVER_DOM}) {
return 301 https://\$host\$request_uri;
}
if (\$host = www.${VIRTUALSERVER_DOM}) {
return 301 https://\$host\$request_uri;
}
listen ${VIRTUALSERVER_IP}:80;
server_name ${VIRTUALSERVER_DOM} www.${VIRTUALSERVER_DOM};
return 404;
}
EOF
#ln -ns /path/to/sites-available/$VIRTUALSERVER_DOM.conf /etc/nginx/sites-enabled/$VIRTUALSERVER_DOM.conf
systemctl restart php-fpm php54-php-fpm nginx;
fi
if [ "$VIRTUALSERVER_ACTION" = "DELETE_DOMAIN" ]; then
CONF_FILE_EXISTS="/etc/nginx/conf.d/${VIRTUALSERVER_DOM}.conf";
if [ -f "$CONF_FILE_EXISTS" ]; then
mv /etc/nginx/conf.d/${VIRTUALSERVER_DOM}.conf /root/sites-deleted/${VIRTUALSERVER_DOM}.conf.deleted;
fi
fi
Other options (Ubuntu et. al.) Command to run after making changes to a server:
cat /path/to/sudoer's/passwd/file |sudo -S /home/sudo-user/scripts/myscript.shBeginner options:
Use ApacheReference: Pre-Post Domain modification: https://www.virtualmin.com/documentation/developer/prepost Template variables: https://www.virtualmin.com/documentation/system/template_variables Sed Oneliners: http://sed.sourceforge.net/sed1line.txt
Known Issues Some CDN's may cause a "Too many redirects" error if you are using them for a proxy and your VPS stack also includes a firewall or router (And you are using NAT). The only solution is to disable the proxy mode with your CDN provider (unless you can enable a transport level--Layer 4--TCP proxy) or not force 301's, and allow plain HTTP traffic. But the problem only typically occurs when you already have a large number of plain HTTP requests in your CDN cache.
@inman.turbo
If you have users that use LetsEncrypt, I'd suggest adding an additional line regarding the .well-known directory to your server stanza. That will prevent the redirect for that one directory and help prevent request failures. Here are a couple of lines I use (I don't use the if statements you have).
location /.well-known/acme-challenge/ {# put your configuration here, if needed
}
location / {
return 301 https://$server_name$request_uri;
}
The script above is tested and working as-is with LetsEncrypt (In fact borrows heavily on the typical certbot managed conf). The well-know acme line won't hurt though Acme scripts understand this config and typically place it there temporarily on their own.
@noisemarine It's best to have your [custom] redirect rules outside of the server stanza managed by vm. That way it they won't touched. And other things could start breaking once you start doing things like adding redirects or proxies or website options from within the ui.
Instead of worrying about putting another server block on top, you could easily solve it by putting this piece in the existing server block:
if ($scheme = http) {return 301 https://$host$request_uri;
}
.
I had no problems with LetsEncrypt until now, so I cannot comment on the discussion by @inman.turbo and @noisemarine.