Apache 2.0 came with Fedora Core release 4 (Stentz), and the great news
is that it already serves up pages on SSL! :-) But I want it
SSL-only, i.e., I want no pages available on port 80, the users should
have to go to https:// (not http://)

My first attempt was to comment out this line in httpd.conf:
Listen 80
....but then "apachectl start" would not start the server.

Is it not so easy?

And is there a way to make it so that people who go to "http://" will
get redirected to the "https://" URL? I thought of using some
JavaScript command but the problem with that approach would be that
they would have to get to the home page via port 80 to get re-directed
and it's password-protected (a la one ".htaccess" file in the root
directory because I could not find the documentation explaining how to
restrict the whole server).

On 28 Apr 2006 10:59:26 -0700,
workingstiff19@hotmail.com <workingstiff19@hotmail.com>, in
<1146247166.367143.41880@e56g2000cwe.googlegroups. com> wrote:

>+ And is there a way to make it so that people who go to "http://" will
>+ get redirected to the "https://" URL?

I think you'll get everything you want if you simply rewrite the http:
requests into https: requests:. Here's one example:

http://sinnfrei.org/content/apache/index.html
http://www.whoopis.com/howtos/apache-rewrite.html

I don't know how good their recommendations are. I've only done very
minimal amounts of rewrite rules.

I would have suggested switching your "Listen 80" to "Listen 443", but
that's not going to stop someone from entering "http:" on a client.

--
Consulting Minister for Consultants, DNRC
I can please only one person per day. Today is not your day. Tomorrow
isn't looking good, either.
I am BOFH. Resistance is futile. Your network will be assimilated.

On 28 Apr 2006 10:59:26 -0700,
workingstiff19@hotmail.com <workingstiff19@hotmail.com>, in
<1146247166.367143.41880@e56g2000cwe.googlegroups. com> wrote:

>+ And is there a way to make it so that people who go to "http://" will
>+ get redirected to the "https://" URL?

I think you'll get everything you want if you simply rewrite the http:
requests into https: requests:. Here's one example:

http://sinnfrei.org/content/apache/index.html
http://www.whoopis.com/howtos/apache-rewrite.html

I don't know how good their recommendations are. I've only done very
minimal amounts of rewrite rules.

I would have suggested switching your "Listen 80" to "Listen 443", but
that's not going to stop someone from entering "http:" on a client.

--
Consulting Minister for Consultants, DNRC
I can please only one person per day. Today is not your day. Tomorrow
isn't looking good, either.
I am BOFH. Resistance is futile. Your network will be assimilated.

On 28 Apr 2006 10:59:26 -0700,
workingstiff19@hotmail.com <workingstiff19@hotmail.com>, in
<1146247166.367143.41880@e56g2000cwe.googlegroups. com> wrote:

>+ And is there a way to make it so that people who go to "http://" will
>+ get redirected to the "https://" URL?

I think you'll get everything you want if you simply rewrite the http:
requests into https: requests:. Here's one example:

http://sinnfrei.org/content/apache/index.html
http://www.whoopis.com/howtos/apache-rewrite.html

I don't know how good their recommendations are. I've only done very
minimal amounts of rewrite rules.

I would have suggested switching your "Listen 80" to "Listen 443", but
that's not going to stop someone from entering "http:" on a client.

--
Consulting Minister for Consultants, DNRC
I can please only one person per day. Today is not your day. Tomorrow
isn't looking good, either.
I am BOFH. Resistance is futile. Your network will be assimilated.

On 28 Apr 2006 10:59:26 -0700 workingstiff19@hotmail.com wrote:

| And is there a way to make it so that people who go to "http://" will
| get redirected to the "https://" URL? I thought of using some

This can be done. How to do it depends on whether you want any attempt
to directly reach a non-root URI (deep link) to go to the same place on
the HTTPS service, or force all such attempts to the make HTTPS page.

To just redirect HTTP to HTTPS and use the same URI:

<Virtualhost www.example.com:80>
Redirect / https://www.example.com/
</Virtualhost>

To redirect all URLs to the main page only:

<Virtualhost www.example.com:80>
RedirectMatch .* https://www.example.com/index.html
</Virtualhost>

If you want to be selective about it, put in multiple directives with
most specific to be matched first.

--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------

On 28 Apr 2006 10:59:26 -0700 workingstiff19@hotmail.com wrote:

| And is there a way to make it so that people who go to "http://" will
| get redirected to the "https://" URL? I thought of using some

This can be done. How to do it depends on whether you want any attempt
to directly reach a non-root URI (deep link) to go to the same place on
the HTTPS service, or force all such attempts to the make HTTPS page.

To just redirect HTTP to HTTPS and use the same URI:

<Virtualhost www.example.com:80>
Redirect / https://www.example.com/
</Virtualhost>

To redirect all URLs to the main page only:

<Virtualhost www.example.com:80>
RedirectMatch .* https://www.example.com/index.html
</Virtualhost>

If you want to be selective about it, put in multiple directives with
most specific to be matched first.

--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------