[UNsolved] How to redirect from https IP address to domain (apache)?

Hi,

I want to redirect from e.g. https://xxx.xxx.xx.xxx to https://nc.example.com

For the http://xxx.xxx.xx.xxx it works.
In my nc.example.com.conf it works with:

<VirtualHost *:80>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^xxx\.xxx\.xx\.xxx
RewriteRule (.*) https://nc.example.com/$1 [R=301,L]
</VirtualHost>

But how for the https IP address?
in my nc.example.com.conf-le-ssl.conf it doesn’t work.

<IfModule mod_ssl.c>
<VirtualHost *:443>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^xxx\.xxx\.xx\.xxx
RewriteRule (.*) https://nc.example.com/$1 [R=301,L]
</VirtualHost>
</IfModule>

Thank you.

Try this:

<IfModule mod_ssl.c>
  <VirtualHost *:443>
    ServerName nc.example.com

    # .. / the rest of your virtual host config / .. 

  </VirtualHost>
  # ../ here the ssl tweeks like SSLStapling that must be defined outside of <VirtualHost> context /..

  <VirtualHost *:443>
   ServerName null
   ServerAlias *
   Redirect 302 / https://nc.example.com/
  </VirtualHost>
</IfModule>

Much luck,
ernolf

1 Like

Thanks for illustrative explanation/example! :+1:

EDIT, but it was too early for solution!
I forgot that the cause of the problem is a Nextcloud mail link.
By copy&pasting the ip-address links into the browser it works:
http://xxx.xxx.xx.xxx
https://xxx.xxx.xx.xxx
Both redirecting to https://nc.example.com/ :+1:

But when the link in the old notification mails, which points to http://xxx.xxx.xx.xxx get clicked:

  1. Thunderbird tells it looks dangerous and scam…
  2. if you click anyway, Firefox opens the webpage with redirecting only from http://xxx.xxx.xx.xxx in the mail, to https://xxx.xxx.xx.xxx in the browser. And Firefox is warning because no https
    :grimacing:
    So, its total mess.

My hope is very low to fix this.
Any other hints?
Thank you.

1 Like

That is normal. Because the certificate is not for the ip address but for the domain name.

You should have to live with that an eventually send new notfication mails with the domain name instead of IP-Address.
Normaly you should not even accept ip adresses to call your website. If you try to connect to my server by ip adress, you get redirected to nirvana, no script kidie with a portscanner should get my domainname as bonus.

But I simply explained how to do a redirection but i would not use it. Using the IP address to connect to your cloud is in stark contrast to the principles of https with a certificate that refers to the domain name.

Much luck,
ernolf

1 Like