Apache HTTPS Redirect

I have appended :

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]

to my site .conf file to try and direct all traffic from http to https however its not working and when you enter domain.com you get the apache is working site, but when you enter https://domain.com you get my seafile server GUI.

What is the best practice to accomplish this?

Here is my whole .conf

<VirtualHost *:443>
ServerName https://domain.com
DocumentRoot /var/www
Alias /media  /home/useer/Haiwen/seafile-server-latest/seahub/media

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/domain_com.crt
SSLCertificateKeyFile /etc/apache2/ssl/domain_com.key
SSLCACertificateFile /etc/apache2/ssl/domain_com.cer


SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-    SHA256:ECDHE-RSA-AES256-SHA384

#HSTS "Header Strict Transport Security" -> Enabling Breaks Webmin
#Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"  

<Location /media>
 ProxyPass !
Require all granted
</Location>

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]

#
# seafile fileserver
#
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]
#
# seahub
#
SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPass / fcgi://127.0.0.1:8000/
</VirtualHost

Added the following to my .conf file and everything works now.

<VirtualHost *:80>
   ServerName domain.com
   ServerAlias domain.com
   Redirect permanent / https://domain.com
</VirtualHost>

Removed:

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]

Here is my final .conf file, that redirects all http traffic to https, and also yields a A+ rating with SSL labs. Input on SSL ciphers from @germeier

<VirtualHost *:80>
ServerName domain.com
ServerAlias domain.com
Redirect permanent / https://domain.com
</VirtualHost>

<VirtualHost *:443>
 ServerName https://domain.com
 DocumentRoot /var/www
 Alias /media  /home/user/haiwen/seafile-server-latest/seahub/media

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/domain_com.crt
SSLCertificateKeyFile /etc/apache2/ssl/domain_com.key
SSLCACertificateFile /etc/apache2/ssl/domain_com.cer


SSLProtocol TLSv1.2
SSLHonorCipherOrder On
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384

# HSTS "Header Strict Transport Security" -> Make sure mod_headers are enable to use this. 
Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; preload"

<Location /media>
ProxyPass !
Require all granted
</Location>

 RewriteEngine On

#
# seafile fileserver
#
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]

#
# seahub
#
SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPass / fcgi://127.0.0.1:8000/
</VirtualHost>

@germeier can you elaborate on if this will force seafile to use ssl for all traffic?

As far as I understand apache: yes. The “Redirect permanent / https://domain.com” should do the job.

My approach is to only serve Let’s Encrypt challenge responses unencrypted via port 80.

<VirtualHost *:80>
ServerName domain.com
DocumentRoot "/var/www/cert"
<Location "/.well-known/acme-challenge/">
    Header set Content-Type "application/jose+json"
</Location>
</VirtualHost>

# ls -al /var/www/cert/
total 0
drwxr-xr-x 1 root root  42 Okt 27  2015 .
drwxr-xr-x 1 root root 272 Okt 27  2015 ..
-rw-r--r-- 1 root root   0 Okt 27  2015 index.html
drwxr-xr-x 1 root root  28 Okt 27  2015 .well-known

Just make sure that all seafile configuration is within a “<VirtualHost *:443>” block.

Hey guys.

I hav a Problem using

#
# seahub
#
SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPass / fcgi://127.0.0.1:8000/

instead of

# seahub
#
RewriteRule ^/(media.*)$ /$1 [QSA,L,PT]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /seahub.fcgi$1 [QSA,L,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Thumbing and displaying jpg in webfrontend doesnt work. ERR: not found

2016-08-18 07:09:14,088 [WARNING] django.request:170 get_response Not Found: /repo/d42bccca...../DSC_0538.JPG
2016-08-18 07:09:14,092 [WARNING] django.request:170 get_response Not Found: /repo/d42bccca...../DSC_0539.JPG

I found no other errors.

moving back to original config (like in manuel suggested) everything works fine.

any ideas?

thx. f

Where did you get that? The manual says to use :

#
# seahub
#
SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPass / fcgi://127.0.0.1:8000/

Which both of the .conf files above show what the manual has…
http://manual.seafile.com/deploy/https_with_apache.html

Oh…
In an older Version of the Manual…

So the older version works for you but not the new version…??

Hi,

Did you make sure the line
FastCGIExternalServer /var/www/seahub.fcgi -host 127.0.0.1:8000
has been removed from the apache2.conf when using the new configuration?

Yes…its a Bit wired

Also yes. I tried both.
Everything works fine.
Only the preview / thumbing Not.