Force Apache2 to redirect from HTTP to HTTPS

Want to redirect requests for http://www.yoursite.com to https://www.yoursite.com?

Simply change to your httpd.conf file (or if you are running Ubuntu or another distro that splits the httpd.conf file into multiple files, in your /etc/apache2/sites-available/{yoursite} configuration file. (If you are running a pretty Ubuntu install, the file is /etc/apache2/sites-available/default)

This technique still uses the rewrite engine (so you’ll need mod_rewrite module) but it places the configuration in the httpd.conf file (or its equivalent) and out of the .htaccess file.  There are many reasons you might want to do this, such as prevent it from being changed (many site configurations allow users to edit all .htaccess files but prevent them from editing the httpd.conf file) or to prevent it from being overwritten by certain web application packages (many application packages including WordPress and MediaWiki employ custom .htaccess files to provide more friendly URLs).

The change is simple, in your httpd.conf file, change the following part of your virtual host section:

root@itdoc /etc/apache2# ls
apache2.conf  conf.d  envvars  magic  mods-available  mods-enabled  ports.conf  sites-available  sites-enabled
root@itdoc /etc/apache2# cd sites-enabled/
root@itdoc apache2/sites-enabled# ls
phpmyadmin  wordpress
root@itdoc apache2/sites-enabled# ls -lt
total 0
lrwxrwxrwx 1 root root 29 Oct 16  2013 phpmyadmin -> ../sites-available/phpmyadmin
lrwxrwxrwx 1 root root 28 Oct 16  2013 wordpress -> ../sites-available/wordpress
root@itdoc apache2/sites-enabled# cat wordpress
NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
UseCanonicalName Off
ServerAdmin  webmaster@localhost
DocumentRoot /var/www/wordpress
</VirtualHost>

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/cert.pem
ServerAdmin  webmaster@localhost
DocumentRoot /var/www/wordpress
</VirtualHost>

<Directory /var/www/wordpress>
Options +FollowSymLinks
AllowOverride All
order allow,deny
allow from all
</Directory>
root@itdoc apache2/sites-enabled# nano wordpress
root@itdoc apache2/sites-enabled# /etc/init.d/apache2 restart
[….] Restarting web server: apache2apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1 for ServerName
… waiting apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1 for ServerName
. ok
root@itdoc apache2/sites-enabled# cat wordpress
NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
#    UseCanonicalName Off
#    ServerAdmin  webmaster@localhost
#    DocumentRoot /var/www/wordpress
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/cert.pem
ServerAdmin  webmaster@localhost
DocumentRoot /var/www/wordpress
</VirtualHost>

<Directory /var/www/wordpress>
Options +FollowSymLinks
AllowOverride All
order allow,deny
allow from all
</Directory>

Advertisements

graylog2 server not listening on ports 514 and 12201

I have managed to get the graylog2 server  v1.2.2 running with their virtual appliance.

Everything seems to work just fine, except that the graylog server instance
was not listening on the ports defined in graylog2.conf.

In netstat I see the graylog java process associated to the ports 12201 and
514, yet they are not in state LISTEN, and any log messages i send to my
machine on 12201 as gelf via udp are not picked up.

I read the getting started documentation for the setup from bottom up again but could not find anything.

Message inputs are the Graylog parts responsible for accepting log messages. They are launched from the web interface (or the REST API) in the System -> Inputs section and are launched and configured without the need to restart any part of the system.

I added those from the System>Input screen – boom – it started listening.

Oh well.

Looking for a good tutorial to setup graylog? have a look there.

CentOS 7, X11 and black squares (Font) issue

I was installing a fresh install of centos 7 and somehow decided to test X11. So I installed gedit – just because I though it would be a good x-app test – and it would not display properly on my x-server replacing all character with an empty square █

I solved the issue by installing the DejaVu fonts on my box.

yum install dejavu-lgc-sans-fonts

add a permanent rule on firewalld

Just started with using centos 7 and they adopted the fedora firewall instead of iptables.

Get the default zone, this is usually “public”:

firewall-cmd --get-active-zones

List services on that zone:

firewall-cmd --zone=public --list-all

Add required TCP ports (let’s do port 80):

firewall-cmd --permanent --zone=public --add-port=80/tcp

You could restart the firewall for them to take affect, or set the rules again without the –permanent option to add them dynamically.

Restart firewall:

systemctl restart firewalld.service

You can also specify services, rather than ports if you like.

sudo firewall-cmd --permanent --zone=public --add-service=http

You’re done!

Changing Timezone on Debian

Just because I am not used to work on this distro. Here is how to change the time zone settings after installation. It is not tzconfig anymore it is dpkg-reconfigure tzdata.

root ~# date
Mon Jul 21 20:08:55 UTC 2014
root ~# cat /etc/timezone
Etc/UTC
root ~# tzconfig
WARNING: the tzconfig command is deprecated, please use:
dpkg-reconfigure tzdata
root ~# dpkg-reconfigure tzdata

Current default time zone: ‘America/Toronto’
Local time is now:      Mon Jul 21 16:10:11 EDT 2014.
Universal Time is now:  Mon Jul 21 20:10:11 UTC 2014.

root ~# date
Mon Jul 21 16:10:18 EDT 2014