No redirect to site alias if SSL required [#2567173]

I'm using the option for redirecting all domain aliases to one of the aliases. However, when using the "SSL required" option, the redirect is ignored and if you go to the HTTP address, you will be redirected to the original domain name (x.y.z).

The problem seems to be the HTTPS rewrite rule:

<IfModule mod_rewrite.c>
  RewriteEngine on
  RewriteRule ^/*(.*)$ https://x.y.z/$1 [NE,L,R=301]
  RewriteRule ^/files/(.*)$ /sites/x.y.z/files/$1 [L]
  RewriteCond /www/aegir/hostmaster-7.x-3.1/sites/x.y.z/files/robots.txt -f
  RewriteRule ^/robots.txt /sites/x.y.z/files/robots.txt [L]
</IfModule>

A fix seems to be to adjust it as follows:

 RewriteRule ^/*(.*)$ https://%{HTTP_HOST}/$1 [NE,L,R=301]

Comment	File	Size	Author
#3	provision-redirect_domain_and_ssl_required_fix-3.patch	682 bytes	captainack

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

11 September 2015 at 19:44

meanderix created an issue. See original summary.

Comment #2

captainack CreditAttribution: captainack commented 5 December 2015 at 11:36

I just noticed this on 3.2 too.

Comment #3

captainack CreditAttribution: captainack commented 5 December 2015 at 12:54

Status:

Active

» Needs review

File	Size
provision-redirect_domain_and_ssl_required_fix-3.patch	682 bytes

Looks like there was a typo in the vhost template

Comment #4

ergonlogic

he/him

English

Montréal, Québec 🇨🇦

CreditAttribution: ergonlogic at Ergon Logic Enterprises for Aegir Cooperative commented 28 May 2016 at 17:51

Version:	7.x-3.1	» 7.x-3.x-dev
Status:	Needs review	» Needs work

The documentation for that clause clearly states: "redirect all aliases + main uri to the main https uri." So, at very least the docs would have to be fixed there.

But really, I think we need to re-work the muddled logic in that template. Ignoring the actual implementations, the logic currently looks something like:

if ($this->redirection || $ssl_redirection) {
  if ($ssl_redirection && !$this->redirection) {  }
  elseif ($ssl_redirection && $this->redirection) {  }
  elseif (!$ssl_redirection && $this->redirection) {  }
}

I don't think the outside if-then does anything worthwhile, while the inner ones, by combining criteria, make this much harder to parse than it ought to be. I believe the following would be functionally equivalent, but much clearer:

if ($ssl_redirection) {
  if ($this->redirection) {  }
  else {  }
else {
  if ($this->redirection) {  }
}

Alternatively, this might be clearer:

if ($this->redirection) {
  if ($ssl_redirection) {  }
  else {  }
else {
  if ($ssl_redirection) {  }
}

Comment #5

colan

he/him

English

Toronto 🇨🇦

CreditAttribution: colan at Colan Schwartz Consulting commented 19 December 2016 at 21:46

I can't reproduce this on Nginx with Aegir HTTPS. But maybe it's still a problem for Apache?

Comment #6

Jon Pugh

he/him

English

Newburgh, NY

CreditAttribution: Jon Pugh at ThinkDrop commented 11 June 2018 at 15:57

Status:

Needs work

» Active

This still needs to be fixed.

I get double redirects when using required HTTPS and domain aliases (which is always now).

The port 80 apache config redirects to the "main" URL, but it should redirect straight to the redirect destination:

See " # Redirect all aliases + main uri to the main https uri."

Existing:

<VirtualHost *:80>


  DocumentRoot /var/aegir/projects/support/live/web
  ServerName live.devshop.support
  SetEnv db_type  mysql
  SetEnv db_name  livedevshopsuppo
  SetEnv db_user  livedevshopsuppo
  SetEnv db_passwd  V9viP4ob6L
  SetEnv db_host  localhost
  SetEnv db_port  3306

  ServerAlias devshop.cloud
  ServerAlias devshop.support
  ServerAlias www.devshop.cloud
  ServerAlias www.devshop.support

<IfModule mod_rewrite.c>
  RewriteEngine on
 # Redirect all aliases + main uri to the main https uri.
 RewriteRule ^/*(.*)$ https://live.devshop.support/$1 [NE,L,R=301]
  RewriteRule ^/files/(.*)$ /sites/live.devshop.support/files/$1 [L]
  RewriteCond /var/aegir/projects/support/live/web/sites/live.devshop.support/files/robots.txt -f
  RewriteRule ^/robots.txt /sites/live.devshop.support/files/robots.txt [L]
</IfModule>

Comment #7

14 June 2018 at 18:46

helmo committed 477add1 on 7.x-3.x authored by captainack

Issue #2567173 by captainack: No redirect to site alias if SSL required

Comment #8

14 June 2018 at 18:58

helmo committed 923e3ed on 7.x-3.x

Issue #2567173 by helmo: docs, change to the selected alias ... to match...

Comment #9

helmo CreditAttribution: helmo as a volunteer and at Initfour websolutions for Aegir Cooperative commented 14 June 2018 at 19:00

Status:

Active

» Fixed

@Jon Pugh The patch from #3 seems to fix this. I've now committed it. And I've changed 'main uri' to 'the selected alias' ... matching with what we have in hosting_https.