Allow HTTP -> HTTPS redirect for default virtual host

When setting up a new virtual host (or editing an existing one, other than the default), there’s a checkbox for “Require SSL encrypted connection”:
But there’s no corresponding option for the default virtual host (the only option is “Enable FTP access”). Why is this? Seems like a curious omission.

I like the idea of defaulting to HTTPS but how to implement that?

I appended following rewrite rule to /etc/httpd/conf.d/

RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]

This way everything is redirected to HTTPS but letsencrypt is not working anymore. I am afraid there are more apps that use http like the proxy with its wpad.dat file so we would have to find a way to exclude them from the redirection.

I use DNS validation for Let’s Encrypt, so not a problem for me–but in any event, Let’s Encrypt should follow HTTP->HTTPS redirects. But the way to avoid this is like this:

RedirectMatch 301 ^(?!/.well-known/acme-challenge/).* https://$vhost\n

It could be added to your excellent thread: Improve Virtual Hosts configuration in sever manager

Yeah, I hadn’t thought through the remainder of those issues when I posted this one.

1 Like