I updated my problems and all files. Maybe someone can help. Status quo:
My goal
Everything results in https://mydomain.tld (non-www and with TLS) and HSTS works correct. I am using the certificates from LE (Let’s Encrypt) and so I used their wizard to make my website HTTPS everywhere. But it doesn’t seem to work correct.
My current problems
- Visiting
http://mydomain.tld(non-www, non-tls). The result is
the Apache-status-page, but I already have a website running with
content. Reloading the page results inhttps://mydomain.tldwith
website-content. But it should do that from the first vist on and
not only after reloading the page. - Visiting
http://www.mydomain.tldresults in
https://www.mydomain.tldwhich is okay from TLS-view, but it
doesn’t redirect to non-www, which is my goal. - Visiting
https://www.mydomain.tldresuslts in
https://www.mydomain.tld. No redirection to non-www. -
No problem: Visiting
https://mydomain.tldresults in the same URL, which is what I want.
DNS-settings:
A-RECORDS
.mydomain.tld -> 111.222.333.444
*.mydomain.tld -> 111.222.333.444
www.mydomain.tld -> 111.222.333.444
mydomain.tld.conf
<VirtualHost *:80>
ServerName mydomain.tld
ServerAlias www.mydomain.tld
ServerAdmin contact@mydomain.tld
DocumentRoot /var/www/mydomain.tld/public_html
Redirect permanent / https://mydomain.tld/
<Directory /var/www/mydomain.tld/public_html>
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]
</VirtualHost>
mydomain.tld-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.mydomain.tld
ServerAlias mydomain.tld
ServerAdmin contact@mydomain.tld
DocumentRoot /var/www/mydomain.tld/public_html
<Directory /var/www/mydomain.tld/public_html>
Options FollowSymLinks
AllowOverride all
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
RewriteEngine on
SSLCertificateFile /etc/letsencrypt/live/mydomain.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.tld/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
As you can see above in the mydomain.tld-le-ssl.conf another file is included, which might doesn’t make problems, but just for the records:
options-ssl-apache.conf
# Baseline setting to Include for SSL sites
SSLEngine on
# Intermediate configuration, tweak to your needs
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA$
SSLHonorCipherOrder on
SSLCompression off
SSLOptions +StrictRequire
# Add vhost name to log entries:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
#CustomLog /var/log/apache2/access.log vhost_combined
#LogLevel warn
#ErrorLog /var/log/apache2/error.log
# Always ensure Cookies have "Secure" set (JAH 2012/1)
#Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"
Bonus-problem
I have a .htaccess-file in my domain-root which makes the links look better:
- without:
https://mydomain.tld/index.php?page=news - with:
https://mydomain.tld/news
.htaccess
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^\w+$ index.php?page=$0 [L]
RewriteCond %{THE_REQUEST} index\.php
RewriteCond %{QUERY_STRING} ^page=(\w+)$
RewriteRule ^index\.php$ /%1? [R=301,L]
I would like to live without the .htaccess-file and add the stuff to the .conf-file(s) if possible, but everything I did, didn’t work yet.