HTTPS

WordPress: Redirect HTTP to HTTPS in Apache

To redirect all of your HTTP traffic to HTTPS on WordPress installations using an Apache web server, add the following code to your .htaccess file. This is the recommended method for redirecting WordPress running on Apache.

/path/to/your/wordpress/installation/.htaccess

RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.url.com/$1 [R=301,L]

This should begin to work immediately.

Apache-Tomcat VHost redirection

OK this isn’t rocket science however I thought it worth documenting since I will probably forget in 6 months to a year when asked to do this again.

The Situation: Tomcat running with an Apache front-end using AJP to pass all traffic through to Tomcat after authenticating against CAS.

The Problem: The tomcat application did not exist in the root context so traffic needed to be forwarded to DOMAIN/sub-dir using HTTPS to insure data is secure.  We were simply forwarding all HTTP traffic to HTTPS and forwarding any URL with DOMAIN/sub-dir in the path.  That meant anyone going to DOMAIN/ was not being redirected to the application.

Where we were:

#/etc/httpd/conf/httpd.conf

<VirtualHost *:80>
                Redirect / https://DOMAIN/SUB-DIR
#/etc/httpd/conf.d/ssl/conf

<Location /SUB-DIR>
       ProxyPass ajp://localhost:8009/SUB-DIR
       ProxyPassReverse  ajp://localhost:8009/SUB-DIR
</Location>

For a reason I don’t have the details for (a change on the tomcat application side) this stopped working.  Following CAS authentication the user was being returned to HTTPS://DOMAIN/SUB-DIRSUB-DIR which of course didn’t work.  Since the application was now configured as desired I needed to fix the rewrite/redirection issue.

Before I get to the solution.  For all previous cases we had a consulting firm working with us, they would simply put a redirection statement in tomcat root context. Not really a great idea but hey I don’t get paid the big bucks as a consultant so what do I know!

The Solution:

First to handle all HTTP traffic:

#/etc/httpd/conf/httpd.conf
<VirtualHost *:80>
                Redirect / https://jenkins.uits.uconn.edu/
</VirtualHost>

Now to handle the secure HTTPD traffic.  My first attempt (without thinking) was to do this:

#/etc/httpd/conf.d/ssl.conf

<Location />
       ProxyPass ajp://localhost:8009/SUB-DIR
       ProxyPassReverse  ajp://localhost:8009/SUB-DIR
</Location>

<Location /SUB-DIR>
       ProxyPass ajp://localhost:8009/SUB-DIR
       ProxyPassReverse  ajp://localhost:8009/SUB-DIR
</Location>

This of course did not work because Apache was never reaching the /SUB-DIR test!  So a quick cut and paste and I had this:

#/etc/httpd/conf.d/ssl.conf

<Location /SUB-DIR>
       ProxyPass ajp://localhost:8009/SUB-DIR
       ProxyPassReverse  ajp://localhost:8009/SUB-DIR
</Location>

<Location />
       ProxyPass ajp://localhost:8009/SUB-DIR
       ProxyPassReverse  ajp://localhost:8009/SUB-DIR
</Location>

This works.  It is clean and quick the way it is supposed to be.  To recap

HTTP to HTTPS

If you want to force all of your site traffic to use HTTPS or a specific part of your website, here is how to do it:

Whole SIte :

RewriteEngine On
# This will enable the Rewrite capabilities

RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e.  http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context

Specific Directory

RewriteEngine On
# This will enable the Rewrite capabilities

RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS

RewriteRule ^/?secure/(.*) https://%{SERVER_NAME}/secure/$1 [R,L]
# This rule will redirect all users who are using any part of /secure/ to the same location but using HTTPS.
# i.e.  http://www.example.com/secure/ to https://www.example.com/secure/
# This means if you dont want to force HTTPS for all directories you can force it for a specific sub-section of the site.