Tag Archives: https

Apache setting and reading Environmental Variables

A common .htaccess issue: you need one for production and another for development.

Here’s a simple trick to set and read apache env vars.

1
2
3
4
5
6
7
8
9
10
11
12
13
<IfModule mod_rewrite.c>
  RewriteEngine On

  # do not force https on local environment
  RewriteCond %{SERVER_NAME} local.yoursite.net
  RewriteRule .? - [E=siteenv:local]

  RewriteCond %{HTTP:X-Forwarded-Proto} !https # not on https
  RewriteCond %{ENV:siteenv} !local # not on local environment
  RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

  ...
</IfModule>

On this example we do not force HTTP when accessing via “local.yoursite.net” (a development environment)

Apache SSL Configuration for HTTPS and HTTP

HTTP

1
2
3
4
5
6
7
8
9
10
11
12
<VirtualHost *:80>
        ServerName yourdomain.com
        ServerAlias www.yourdomain.com
        DocumentRoot /var/www/yourdomain.com/httpdocs/web

        ErrorLog /var/www/yourdomain.com/logs/error_log
        CustomLog  /var/www/yourdomain.com/logs/access_log common

        <Directory /var/www/yourdomain.com/httpdocs/web>
                AllowOverride All
        </Directory>
</VirtualHost>

HTTPS (with certificate key chain)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
<VirtualHost *:443>
        # http://support.godaddy.com/help/article/5349/installing-ssl-certificate-apache-2x
        SSLEngine on
        SSLCertificateFile /etc/httpd/conf/ssl.crt/yourdomain.com.crt
        SSLCertificateKeyFile /etc/httpd/conf/ssl.key/yourdomain.com.key
        SSLCertificateChainFile /etc/httpd/conf/ssh.chain/sf_bundle.crt
        # http://www.networking4all.com/en/support/tools/site+check/cipher+suite/
        SSLProtocol -ALL +SSLv3 +TLSv1
        SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP

        ServerName yourdomain.com
        ServerAlias www.yourdomain.com
        DocumentRoot /var/www/yourdomain.com/httpdocs/web

        ErrorLog /var/www/yourdomain.com/logs/error_log
        CustomLog  /var/www/yourdomain.com/logs/access_log common

        <Directory /var/www/yourdomain.com/httpdocs/web>
                AllowOverride All
        </Directory>
</VirtualHost>