Jump to content
  • 0
Sign in to follow this  
Guest Keary

HTTPS Help

Question

Guest Keary

I have been doing a lot of browsing to set my mediawiki up to use HTTPS only. I created my key, i adjusted default.conf to have a virtual host at 81 for the http portion of the site initially and it worked perfectly. I added a permanent redirect into that virtual host and then added a new virtual host at 82 which is where I want my https port to be. I edited default-ssl.conf to point to my server. I updated ports.conf for port 82. I ran a2enmod ssl, headers, default-ssl, and ssl-params and apache2ctl configtest shows syntax ok. I can access the apache default page on both http and https. Accessing http://server/mediawiki:81 forwards me to https://server/mediawiki:82mediawiki/ for some reason and says can't connect to site which is obvious. However manually entering https://server/mediawiki:82 also says can't connect to site.

default.ssl

Spoiler

<IfModule mod_ssl.c>
        <VirtualHost _default_:82>
                ServerAdmin email@email.com
                ServerName name.server.com

                DocumentRoot /var/www/html


                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                SSLEngine on

                SSLCertificateFile      /etc/ssl/crt/name.server.com.crt
                SSLCertificateKeyFile /etc/ssl/crt/name.server.com.key

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                BrowserMatch "MSIE [2-6]" \
                                nokeepalive ssl-unclean-shutdown \
                                downgrade-1.0 force-response-1.0

        </VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
 

default.conf

Spoiler

<VirtualHost *:81>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com
        ServerName server.name.com
        ServerAdmin email@email.com

        Redirect permanent / https://server.name.com:82
</VirtualHost>

<VirtualHost *:82>
        SSLEngine On
        SSLCertificateFile /etc/ssl/crt/name.server.com.crt
        SSLCertificateKeyFile /etc/ssl/crt/name.server.com.key

        ServerAdmin email@email.com
        ServerName server.name.com
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf

</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

 

Share this post


Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 0

You'll possibly need to modify some settings in LocalSettings.php as well. If you have any things in .htaccess, they may also need changes.

As a note, when doing custom ports the port goes after the server name and before the path, e.g. https://example.com:82/mediawiki

The redirect in your conf is technically unnecessary so long as you hardcode https into $wgServer in MediaWiki itself -- in that case, the wiki will take care of redirecting the user. Once you have everything working, set up HSTS (HTTP Strict-Transport-Security) so that visitors' browsers will automatically use https in the future.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.