Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


All websites when accessed via httpS redirect to SSL website- VestaCP
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

All websites when accessed via httpS redirect to SSL website- VestaCP

On one of my VestaCP Debian 7 servers, I have around 10 sites-- all NON-SSL but have one website abc.xyz using SSL and is an SSL only site.

Now all other websites when accessed through https just redirect to this same SSL site https://abc.xyz

Can you recommend if I can write some global rule in Nginx/Apache to redirect https to http for any non-ssl websites ? or will I have to do it all one by one for each of them ?

Thanks

Comments

  • You own Google :o?

  • lucastlucast Member
    edited December 2015

    This is not a default behavior.
    Well, if is possible, post your /home/'user'/conf/web/snginx.conf
    (remove ips and domains)

  • You host abc.xyz?

  • miTgiBmiTgiB Member
    edited December 2015

    mehargags said: On one of my VestaCP Debian 7 servers, I have around 10 sites-- all NON-SSL but have one website abc.xyz using SSL and is an SSL only site.

    You are using SNI and with only a single valid cert, basically the default cert since there are no others, it will always resolve to the only cert. How to get around this? Here are a few ways I can think up off the top of my head.

    1. Put the cert on a different IP and adjust the zone file accordingly
    2. Make a default landing page for others that did not try to visit the site with the valid cert and make this the default site for SNI, putting a valid cert on it of course. You could inform the visitor they requested SSL from a site without SSL enabled, or you could get really scummy and market to them
    Thanked by 1mehargags
  • So google hosted using vestacp. Hmm..

  • mehargagsmehargags Member
    edited December 2015

    @budi1413 said:
    So google hosted using vestacp. Hmm..

    If you can't really understand it was a dummy name I used in my post, better keep your nose out and let the others help.

    @miTgiB
    Thanks... I guess the easiest bet would be get a new IP for this site and put the SSL site on this IP... right ?

    I was still thinking there can be a Global config way to redirect anything https to http, unless there is a specific override mentioned in the conf. Any ideas ?

  • mikhomikho Member, Host Rep

    You could turn off the default https site.

    That way the user will not see anything unless you have created/activated ssl for that site.

    Or...... Set a "dummy" site as default https site and use .htaccess to redirect to the regular http site.

  • @mikho said:
    You could turn off the default https site.

    That way the user will not see anything unless you have created/activated ssl for that site.

    Or...... Set a "dummy" site as default https site and use .htaccess to redirect to the regular http site.

    Hi Mikho,
    can you ellaborate what you mean by "turn off Default https site" ?

    This SSL site needs to be on https -- and secure site only, I have redirected its http to https using htaccess already.

    Please explain how to deactivate "default https" for any sites other than this one ?

  • mikhomikho Member, Host Rep
    edited December 2015

    This is by memory and I'm writing on my phone in my car so don't shoot me if I'm slightly off topic.

    You can set in your config file what hostname you should be listening to, if no hostname is defined, serve pages from the default website (often the first one with an ssl cert.).

    If I get the chance later tonight I can give you some real life examples.

  • @mikho
    I shall wait for a proper pointer to what config we need... take your good time!

  • TheOnlyDKTheOnlyDK Member
    edited December 2015

    To lazy to read every above words, but how about add a default domain with ssl support, then add a .htaccess for that DEFAULT domain and it will redirect all https traffic to http? For the domains you have configured ssl, it will work the same as always. I think this is easier than adding another IP and stuff. Not sure if this is what you meant though.

    The key here is your default domain in user admin, this will be the landing page domain for all sites not configured.

  • It's always a good thing to do it one by one. There won't be any mess in this process.

  • @masterqqq said:
    You host abc.xyz?

    Tell me you never used domain.tld as a dolummy domain before, because you don't own that.

    Thanked by 1mehargags
  • mikhomikho Member, Host Rep

    @mehargags said:
    mikho
    I shall wait for a proper pointer to what config we need... take your good time!

    Took me long enough to get home, here is the late reply.
    I didn't find my notes on how I did it last time but it has to do with nginx receives your request for a https site but since your domain is not in the config the default https domain site is shown instead. This is the first SSL site you created.

    a "quick" fix is to enable ssl on all sites, generate a self-signd certificate and then use .htaccess to 301 redirect to the http version for those sites that shouldn't be accesible over https.

    I'll continue to look for my notes tomorrow (if I'm not busy working with something else)

  • @mikho said:

    What's wrong with my method? I haven't tried it myself but I'm almost sure it will work.

  • mikhomikho Member, Host Rep

    @TheOnlyDK said:
    What's wrong with my method? I haven't tried it myself but I'm almost sure it will work.

    If I remember correct there is no default site that it will return data from.
    It is either the first site with ssl enabled OR a random site with ssl enabled.

    The correct way the server should handle it is that if ssl is not enabled for a site, nothing should be returned.

  • @mikho said:

    I thought the first site that you add under user admin is the default one.. No?

  • mikhomikho Member, Host Rep

    @TheOnlyDK said:
    I thought the first site that you add under user admin is the default one.. No?

    In my single case where I tried it it was the first site added by any user that got return the most, not in every case though. Sometimes it returned the another ssl enabled site.

    Another issue I noticed was that the certificates got messed up. If you had ssl enabled on two sites, the second site always used the first sites certificate. Even if they were from different users.

    Nginx doesn't pass all information on to apache and apache is poorly configured by default and returns random data if it gets confusing.

  • @mikho said:
    Nginx doesn't pass all information on to apache and apache is poorly configured by default and returns random data if it gets confusing.

    Mhmm maybe you are right. I do remember this issue when I used vestacp a few months back, but I thought they fixed (?) it in the new version.

  • mikhomikho Member, Host Rep

    @TheOnlyDK said:
    Mhmm maybe you are right. I do remember this issue when I used vestacp a few months back, but I thought they fixed (?) it in the new version.

    I hope they did, haven't read the release notes.

  • This is because of SNI & shared IP. Either place that SSL website on a seperate IP or simply install self-signed SSL certificates on rest of websites so those will show security warning instead of redirect.

  • Wow, i saw the google owner. Can you mail me a pair of google glass for free?

  • last release of vesta is very bugged. really, a lot of annoing things with phpmyadmin / mysql connection, fpm, etc shit... really sad thing.

Sign In or Register to comment.