Using VHosts to Ensure the FQDN is used
...
(for SSO)
For HTTPS and for SSO to work right, all access needs to use the FQDN of the server. So we get Apache to handle that.
Each Server has a vhosts.conf added with the below code. The first VirtualHost is the default and catches any access to the server using any URL and redirects it to the second VirtualHost which is for the FQDN host. Note the line "RewriteRule" which is the one redirecting.
...
Code Block | ||||
---|---|---|---|---|
| ||||
# # Use name-based virtual hosting. # NameVirtualHost *:80 # # NOTE: NameVirtualHost cannot be used without a port specifier # (e.g. :80) if mod_ssl is being used, due to the nature of the # SSL protocol. # <VirtualHost *:80> ServerAdmin opmantek@example.com DocumentRoot "/var/www/html" ServerName servername002 ServerAlias servername002.example.org RewriteEngine on RewriteCond %{HTTP_HOST} !=localhost RewriteCond %{HTTP_HOST} !=127.0.0.1 RewriteCond %{REMOTE_ADDR} !=127.0.0.1 RewriteCond %{REMOTE_ADDR} !=::1 RewriteRule (.*) httphttps://servername002.example.org$1 </VirtualHost> <VirtualHost *:80> ServerAdmin opmantek@example.com DocumentRoot "/var/www/html" ServerName servername002.example.org </VirtualHost> |
Using VHosts to Ensure redirection from HTTP to HTTPS and the correct FQDN - (HTTPS plus SSO)
To ensure ALL users are forced to use HTTPS one redirects the connections from HTTP to HTTPS. For HTTPS or more specifically the SSL certificate to work correctly you also need guarantee users are accessing via the FQDN which matches the DN string (server name) in the SSL certificate.
...
toc