Disable SSL for Single Directory on Apache Virtual Host (SOLVED)


#1

Hello! I would like help disabling SSL on a single directory (and its subdirectories) of a virtual host in Apache 2.4.18 on Ubuntu Server 16.04. I used /usr/bin/letsencrypt, which was installed from the Ubuntu repository. The URL in question is https://adventuresoftron.com/aa/resource/

Here is my configuration:

<VirtualHost *:80>
    ServerName adventuresoftron.com
    ServerAlias www.adventuresoftron.com
    Redirect / https://adventuresoftron.com
    RewriteEngine on
    RewriteCond %{SERVER_NAME} =adventuresoftron.com [OR]
    RewriteCond %{SERVER_NAME} =www.adventuresoftron.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName adventuresoftron.com
    ServerAlias www.adventuresoftron.com
    DocumentRoot /var/www/html/aot
    SSLCertificateFile /etc/letsencrypt/live/adventuresoftron.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/adventuresoftron.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Any suggestions? I have always found configuring Apache very confusing!

EDIT: SOLVED. Configure *:80 using mod_redirect only as seen in post 22 below.


#2

You could add the line

RewriteRule ^(aa/resource)($|/) - [L]

so that it becomes

    RewriteEngine on
    RewriteRule ^(aa/resource)($|/) - [L]
    RewriteCond %{SERVER_NAME} =adventuresoftron.com [OR]
    RewriteCond %{SERVER_NAME} =www.adventuresoftron.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

which will ignore the rewrite to https for anything starting with aa/resource

It depends if you want to also rewrite any connection though https to use http.


#3

Thanks, but it did not work. I’ve tried several variations of RewriteRule and RewriteCond, all of them still redirect to HTTPS or timed out. None of the apache logs seem to be of any help either. I’m really baffled by this.


#4

Worded like it is, you cannot do that. TLS happens before any HTTP paths are even visible.

Do you want a redirect from HTTPS to HTTP? Do you just want no redirect from HTTP to HTTPS? And finally: Why?


#5

I should have explained my intention (I thought this was a fairly common task). I have a game server that needs to access resources on the secure server, but the game server cannot handle encrypted connections. Ideally I would like HTTP for one directory and subdirectories and HTTPS for the rest.


#6

The game client probably doesn’t use TLS at all, so not redirecting HTTP to HTTPS should suffice.


#7

Yes, all you can do is run HTTP and HTTPS simultaneously and redirect (or don’t) a request from one to the other.

The TLS in HTTPS happens before the server sees any URL path, so it can’t make decisions based on it before the connection is fully established.

In your case the right thing to do is to exclude a certain path from being redirected from HTTP to HTTPS (which is a different thing than forcing a HTTPS client back to HTTP). That’s why the exact use case is important information.


#8

I see… Do you know of a helpful tutorial on how to configure such a thing? I don’t know where to begin.


#9

What was the issue with the suggestion provided earlier ? in what way did it not work ?


#10

After typing in exactly what you posted, the URL was still directed to HTTPS.


#11

Did you reload apache after editing it ? and do you have any other redirects anywhere (.htaccess ) ?


#12

Yes, I did restart Apache and no, there are no .htaccess files or other redirects that I am aware of. I checked the Apache user list for a thread, but there are so many topics I can’t quite capture the right specificity of search terms. Anyone know of a good site for Apache support? I can here because I’m using Let’s Encrypt, but I think this is more of an Apache configuration issue, am I right? Thanks for the help so far.


#13

You are right this is more of an apache issue, yes.

I’m a little surprised that didn’t work. I’d also suggest just commenting out that section to test that is the only code causing a redirect. Also be careful how you test - if you are testing in a browser, it will remember the previous instruction for a “permanent” redirect - and redirect anyway (even without the code, since it has cached the information).


#14

I’m a little surprised there isn’t more support on the Internet regarding this topic, but thanks for help anyway. This thread looks like a dead end. :confused:


#15

It might work if you remove this line.


#16

It work for me:

<VirtualHost *:80>
    ServerAdmin postmaster@example.com
    DocumentRoot /home/example.com/htdocs/www
    ServerName example.com 
    RedirectMatch 301 ^/((?!.well-known\/acme-challenge).*)$ https://example.com/$1
</VirtualHost>

Using mod_alias


#17

Using what you typed there, how would my configuration look? I’m sorry, I find Apache very hard to understand even after reading the docs multiple times.


#18

So the basic problem with your existing configuration is that you’re actually doing the redirect twice: first with mod_alias (Redirect) and then again with mod_rewrite (RewriteRule). You should pick one to fix, and remove the other.

If you choose mod_alias, use @Shnoulle’s suggestion, which in your case would look like this:

<VirtualHost *:80>
  ServerName adventuresoftron.com
  ServerAlias www.adventuresoftron.com
  RedirectMatch 301 ^/((?!aa/resource).*)$ https://adventuresoftron.com/$1
</VirtualHost>

If you prefer to use mod_rewrite, use @serverco’s suggestion:

<VirtualHost *:80>
  ServerName adventuresoftron.com
  ServerAlias www.adventuresoftron.com
  RewriteEngine on
  RewriteRule ^(aa/resource)($|/) - [L]
  RewriteCond %{SERVER_NAME} =adventuresoftron.com [OR]
  RewriteCond %{SERVER_NAME} =www.adventuresoftron.com
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

In either case, the configurations above should replace your existing <VirtualHost *:80> section, while the <VirtualHost *:443> section should remain unchanged.


#19

@jmorahan, that helps me understand Apache much better, thank you. Unfortunately it does not solve the problem. At this point I wish I had not used the Let’s Encrypt binary and installed certificates manually because I have no idea what the program did to make this so difficult.

It seems to me that having some non-SSL resources on a server should be a much more common considering we are still transitioning to the encrypted web and there are a lot of old services out there. Now it looks like I must go backwards to HTTP only. This is a real disappointment. I wish there was an expert who could help me.


#20

There are plenty of experts here, and I’m sure they would be happy to help if you fully describe the problem you’re still having :slight_smile: eg maybe if you post the exact config you tried, someone might spot the problem. You did reload apache and clear your browser cache again, right?