DevHeads.net

if statement and ssl directives (apache 2.4)

Hi,

I'm trying to achieve a simplier vhost configuration using if statements
but httpd refuses to start when I put SSL related directive inside the
if block:

<VirtualHost *:80 *:443>
  ServerName <a href="http://www.comptoir-hardware.com" title="www.comptoir-hardware.com">www.comptoir-hardware.com</a>
  ServerAlias <a href="http://www.comptoir-hardware.com" title="www.comptoir-hardware.com">www.comptoir-hardware.com</a>
  ServerAlias new.comptoir-hardware.com
  ServerAlias comptoir.co
  ServerAlias <a href="http://www.comptoir.co" title="www.comptoir.co">www.comptoir.co</a>

  <If "req('Port') == '443'">
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/comptoir-hardware.com.crt
    SSLCertificateKeyFile /etc/ssl/private/comptoir-hardware.com.key
    SSLCACertificateFile  /etc/ssl/certs/comptoir-hardware.com.ca
  </If>

  <If "req('Host') != 'www.comptoir-harware.com'">
    RedirectMatch (.*) http://www.comptoir-hardware.com$1
  </If>

</VirtualHost>

Can you confirm there's a way to do what I want ? Can you see what's wrong ?

Thanks in advance,

Adam.

Comments

Re: if statement and ssl directives (apache 2.4)

By Eric Covener at 12/06/2017 - 07:24

On Wed, Dec 6, 2017 at 4:10 AM, Adam Cecile <acecile@le-vert.net> wrote:
<if> is evaluated per-request. You can't influence the handshake there.

Re: if statement and ssl directives (apache 2.4)

By Gillis J. de Nijs at 12/06/2017 - 05:56

Hi Adam,

Simplest, in my opnion, is simplest to read and parse for a human.

What's wrong with:

## One VirtualHost that does everything
<VirtualHost *:443>
ServerName <a href="http://www.comptoir-hardware.com" title="www.comptoir-hardware.com">www.comptoir-hardware.com</a>

SSLEngine on
SSLCertificateFile /etc/ssl/certs/comptoir-hardware.com.crt
SSLCertificateKeyFile /etc/ssl/private/comptoir-hardware.com.key
SSLCACertificateFile /etc/ssl/certs/comptoir-hardware.com.ca

DocumentRoot ...
</VirtualHost>

## Redirect to main VirtualHost
<VirtualHost *:443>
ServerName new.comptoir-hardware.com
ServerAlias comptoir-hardware.com
ServerAlias comptoir.co
ServerAlias <a href="http://www.comptoir.co" title="www.comptoir.co">www.comptoir.co</a>

SSLEngine on
SSLCertificateFile /etc/ssl/certs/comptoir-hardware.com.crt
SSLCertificateKeyFile /etc/ssl/private/comptoir-hardware.com.key
SSLCACertificateFile /etc/ssl/certs/comptoir-hardware.com.ca

Redirect / <a href="https://www.comptoir-hardware.com/" title="https://www.comptoir-hardware.com/">https://www.comptoir-hardware.com/</a>
</VirtualHost>

## Redirect http to https main VirtualHost
<VirtualHost *:80>
ServerName <a href="http://www.comptoir-hardware.com" title="www.comptoir-hardware.com">www.comptoir-hardware.com</a>
ServerAlias new.comptoir-hardware.com
ServerAlias comptoir-hardware.com
ServerAlias comptoir.co
ServerAlias <a href="http://www.comptoir.co" title="www.comptoir.co">www.comptoir.co</a>

Redirect / <a href="https://www.comptoir-hardware.com/" title="https://www.comptoir-hardware.com/">https://www.comptoir-hardware.com/</a>
</VirtualHost>

Cheers,
Gillis

Re: if statement and ssl directives (apache 2.4)

By Adam Cecile at 12/06/2017 - 06:21

Hi,

Well it depends who's editing the file. Some people are used to modify
just the first block and ignore the following. You know what I mean ;-)
This is the reason why I'm trying to turn these Apache configuration
"nginx way". Less blocks, less lines, less mistakes made.

Adam.

On 12/06/2017 10:56 AM, Gillis J. de Nijs wrote: