Even though I've used Apache for years, I'm new to https and SSL with Apache. For testing, I have executed some openssl commands as found on the Internet to generate a self-signed cert for use with Apache. When I hit an https://mydomain URL for the first time, I got the browser warning about the cert, which was expected. After accepting the cert in my browser(s), it seems that all https URLs are redirecting to the http equivalents with a 301.
I can't determine why. Any clues? I have one .htaccess file in the root of the public dir, but I don't think it is the cause (there is no mention of https).
This is Gentoo Linux, Apache 2.2.11.
Here is a portion of my Apache config. Most of it is just what came with Gentoo's Apache installation by default.
<IfDefine SSL>
<IfDefine SSL_DEFAULT_VHOST>
<IfModule ssl_module>
Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
ServerName mydomain.com
Include /etc/apache2/vhosts.d/default_vhost.include
ErrorLog /var/log/apache2/mydomain.com.ssl.errors
CustomLog /var/log/apache2/mydomain.com.ssl.log combined
<IfModule log_config_module>
TransferLog /var/log/apache2/ssl_access_log
</IfModule>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl/mydomain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/mydomain.com.key
SSLOptions StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/www/localhost/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SSLProtocol all -SSLv2
<IfModule setenvif_module>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfModule>
<IfModule log_config_module>
CustomLog /var/log/apache2/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</IfModule>
RewriteEngine On
DocumentRoot "/var/www/mydomain.com/public"
<Directory "/var/www/mydomain.com/public">
SSLRequireSSL
Options Indexes FollowSymLinks ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
</IfModule>
</IfDefine>
</IfDefine>
Do you have a CMS or blog software such as WordPress installed on this site? Many such systems use 301 redirects to direct you to the preferred hostname (with www) or rewrite URLs for SEO / permalink purposes.
If you are running a CMS, disable permalinks / SEO optimization and if you're still having problems, update your question with the contents of the .htaccess and let us know what is running on the site (or if it's plain HTML, etc.)
Edit: Now that you've determined that the redirects are only happening within the PHP site and not any generic PHP or HTML files you can search the PHP code for where it's doing this. Search for "
header(" and you'll probably find it.I found a relevant portion of the code, and made some adjustments. My problem is now solved; it was not a server configuration issue at all, just some awry PHP code. @Dave Forgac: Thanks for taking the time to respond. Your suggestions got my mind thinking in the right directions about the right things, and troubleshooting went smoothly after that.