1

I config ubuntu server with these command.

sudo a2enmod rewrite
sudo a2ensite 000-default.conf

I edit 000-default.conf like this.

<Directory /var/www/html>
        Options FollowSymLinks
        AllowOverride all
        Require all granted
</Directory>

sudo service apache2 restart

I use let encrypt to create ssl. If I open myweb.com then it redirect to https://myweb.com . But if I open http://myweb.com it show apache page not redirect to https://myweb.com . It look like .htaccess not run.

This is .htaccess code.

RewriteEngine On
RewriteCond %{HTTPS} off

RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

How to fix it?

user58519
  • 111
  • Please post the answer you've found as a separate answer, thus you could be able to accept it and close the question as resolved. In addition I would follow the Apache's documentation advices and would use the Redirect directive (as it is shown here) for this task. – pa4080 Feb 05 '19 at 06:53
  • Typing myweb.com and http://myweb.com in the browser is the same thing!? The browser defaults to using the http protocol when omitted. But according to the directives as posted, you should have been ultimately redirected to https://www.myweb,com/ (2nd redirect) - in both cases - not just https://myweb.com. – MrWhite Jul 03 '20 at 22:09

2 Answers2

1

I found one odd issue regarding Apache's .htaccess.

I setup an .htaccess file in the public html directory for basic authentication. I also setup the requisite apache configuration, as directed by many instructional sites, pages, etc., so I know I had the setup mostly correct.

Regardless of how I had apache configured, I would never get an authentication prompt.

Since I had the password stored in the parent directory to the public html directory, I needed to include that directory in the apache definition.

Here is the original definition:

<Directory /srv/www/mysite/public_html>
  Options Indexes FollowSymLinks MultiViews
  AllowOverride All
  Require all granted
</Directory>`

I then changed the configuration code to the following:

<Directory /srv/www/mysite>
  Options Indexes FollowSymLinks MultiViews
  AllowOverride All
  Require all granted
</Directory>`

The password file is stored in /srv/www/mysite/access/.htpasswd. Per the first configuration pattern, this directory was outside the configuration scope.

By backing up a directory (parent of public html), the "access" directory is now in scope. Now apache presents a login prompt.

AndyLovesRuby
  • 11
  • You really shouldn't have to do this - unless you had a .htaccess file above the document root that you needed to be processed as well? You certainly shouldn't set Require all granted for the parent directory - unless you intended to make this publicly accessible as well? – MrWhite Jul 03 '20 at 22:13
0

Now I found the answer.

RewriteCond %{HTTPS} off not work it have to replace with RewriteCond %{HTTPS} !on

user58519
  • 111
  • This wouldn't make any difference. The HTTPS server variable contains either the string off or on. So the regex off and !on will result in the same outcome - it's just personal preference which you choose. However, if something like this was the problem, it would have affected all requests, not just the one you mentioned. This more than likely suggests some kind of caching issue. (If you've previously experimented with 301 - permanent - redirects then these will no doubt have been cached by the browser.) – MrWhite Jul 03 '20 at 22:18