On Wed, Feb 8, 2017 at 8:30 AM David Gerard <[email protected]> wrote:
> We have an external IP, which accepts SSL on 443 and http:// on 80, > and passes both through to the back-end server as plaintext on port > 80. So both https://example.wiki and http://example.wiki work, because > we have legacy http:// URLs in documentation *everywhere* that need to > keep working. > > This seems a little complicated. Why can't you have them both on the same public Apache and define multiple Vhosts instead of passing through like a proxy? > Trouble is: how do I get it, when it gets an http:// URL, to > auto-redirect to https:// ? If you weren't doing the passthru stuff, I'd suggest something like this in your VirtualHost config for the :80: RewriteEngine on RewriteRule ^/(.*)$ https://foo.wiki/$1 [L,R=301,NE] > Remember that the server sees *only* http:// connections, it isn't > doing SSL at all - SSL is terminated at the external IP. > (Can Apache even see if the incoming request was originally https:// ?) > > Since you're using two layers of Apache and basically proxying, no, the second Apache can't know. What you *could* do is set a header at the termination Apache though that passes the data through. Something with SetEnv or SetEnvIf (name it something like X_WAS_HTTPS) and then check for that at your second layer. -Chad _______________________________________________ MediaWiki-l mailing list To unsubscribe, go to: https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
