When setting up a new virtual host (or editing an existing one, other than the default), there’s a checkbox for “Require SSL encrypted connection”:
But there’s no corresponding option for the default virtual host (the only option is “Enable FTP access”). Why is this? Seems like a curious omission.
I like the idea of defaulting to HTTPS but how to implement that?
I appended following rewrite rule to /etc/httpd/conf.d/default-virtualhost.inc
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
This way everything is redirected to HTTPS but letsencrypt is not working anymore. I am afraid there are more apps that use http like the proxy with its wpad.dat file so we would have to find a way to exclude them from the redirection.
I use DNS validation for Let’s Encrypt, so not a problem for me–but in any event, Let’s Encrypt should follow HTTP->HTTPS redirects. But the way to avoid this is like this:
RedirectMatch 301 ^(?!/.well-known/acme-challenge/).* https://$vhost\n
Yeah, I hadn’t thought through the remainder of those issues when I posted this one.
1 Like