WebFaction
Community site: login faq

I'm trying to write a set of htaccess rules that will redirect all www to non-www AND all http to https (and does it generically, so that I can use one WebFaction app for all my sites). I have seen other posts on this subject in the WebFaction documentation and forums and I have also searched elsewhere on the web.

There seems to be a consensus that something like:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/%{REQUEST_URI} [R=301,L]

should do what I want (I'm not clear on what HTTP:X-Forwarded-SSL means, but it seems to be required on WebFaction(?)).

However, when testing the four possible cases, I find that one of the redirects is incorrect as follows:

http://example.com --> https://example.com
http://www.example.com --> https://example.com
https://example.com --> https://example.com
https://www.example.com --> https://www.example.com

The last one is wrong. It should go to https://example.com as the the others do.

Anyone have a better solution?

asked 27 Jul '16, 19:26

JustAnotherW...
53211
accept rate: 25%


A simpler, more direct approach is just to redirect everything to https://example.com/ (or, alternatively, https://www.example.com/) and avoid using RewriteCond at all.

Then, the problem becomes extremely simple. Just point all three of these URLs to a redirect application:

http://example.com/       -->  redirect_app
http://www.example.com/   -->  redirect_app
https://www.example.com/  -->  redirect_app

And then point the one URL you really want to use to your application:

https://example.com/ -->  main_app

Your redirect_app would then be as simple as saying:

Options +FollowSymLinks
RewriteEngine on
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]

There's no RewriteCond here. You just redirect everything that arrives at the redirect_app to https://example.com/, which in turn serves your main_app site.

Note: One thing I should mention is that 301 Redirects (R=301) are cached in the browser. This can be frustrating when testing, because after changing some redirect rules the actual behavior you see when testing may not be the true behavior that would be seen by someone else or with a fresh browser. Therefore, it's usually best to test with 302 Redirects (R=302) until you're sure everything is correct, then switch to a 301 Redirect for improved efficiency. This could explain why you saw one of the redirects working incorrectly whereas Sean reported that the redirect rules were correct.

permanent link

answered 29 Jul '16, 02:27

ryans ♦♦
5.0k93260
accept rate: 43%

edited 29 Jul '16, 02:55

Hi Ryan. Thanks for this.

I was deleting the cache, so that wasn't the problem. The problem was user error :) I was directing the https/www case to my app and not the redirection app. Stupid oversight.

Yes, I think I'm ending up overcomplicating by trying to give the https/www case a more simplified rule-set in another redirection app. I should just let it pass through the same redirection rules as the others, as you indicate.

However, the .htaccess that you suggest above wouldn't work for me, because I'm trying to do this for several domains, and I want to avoid having a separate redirect app for each of them. So the .htaccess needs to be generic.

Putting this all together, and using your simplified notation for 3 sites, what I'd like to do is as follows:

Possible solution 1:

In website "http_sites" (http):

http://example1.com/       -->  redirect_app
http://example2.com/       -->  redirect_app
http://example3.com/       -->  redirect_app
http://www.example1.com/   -->  redirect_app
http://www.example2.com/   -->  redirect_app
http://www.example3.com/   -->  redirect_app

And then in website "https_www_sites" (https):

https://www.example1.com/  -->  redirect_app
https://www.example2.com/  -->  redirect_app
https://www.example3.com/  -->  redirect_app

And then in 3 separate websites (https):

Website "example1_ssl"
https://example1.com/  -->  example1_app

Website "example2_ssl"
https://example2.com/  -->  example2_app

Website "example3_ssl"
https://example3.com/  -->  example3_app

But:

Can I even have all the https/www cases inside a single WebFaction website—with several domains' certs linked to the same app? Would WebFaction even be able to install the certs in this case?

Possible solution 2:

If the answer to those questions is "no", then I guess another solution would be:

In website "http_sites" (http):

http://example1.com/       -->  redirect_app
http://example2.com/       -->  redirect_app
http://example3.com/       -->  redirect_app
http://www.example1.com/   -->  redirect_app
http://www.example2.com/   -->  redirect_app
http://www.example3.com/   -->  redirect_app

And then in 3 separate websites (https):

Website "example1_ssl"
https://example1.com/ and 
https://www.example1.com/  -->  example1_app

Website "example2_ssl"
https://example2.com/ and
https://www.example2.com/  -->  example2_app

Website "example3_ssl"
https://example3.com/ and
https://www.example3.com/  -->  example3_app

Then inside the individual apps, edit the .htaccess to include the redirection to the non-www address, with:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

That would also leave my installed certificates intact, because they are currently associated with the HTTPS website record names: "example1_ssl", "example2_ssl", and "example3_ssl".

Questions:

  1. Could you (or anyone else) advise on which is best? Solution 1 or 2?
  2. Do I need the Options +FollowSymLinks line in either solution?
(29 Jul '16, 17:12) JustAnotherW...

Could you (or anyone else) advise on which is best? Solution 1 or 2?

Solution 1 won't work, since you can associate only one certificate with a single website. Solution 2 should work.

Do I need the Options +FollowSymLinks line in either solution?

Not really, unless you're using symlink apps, or have symlinks within your apps.

(29 Jul '16, 21:48) seanf

Thanks Sean. Solution 2 it is. Thanks for all your help (and patience!).

(30 Jul '16, 15:39) JustAnotherW...

I don't see any problems with your rewrites. They work as intended for me, and https://www.domain.com redirects to https://domain.com as expected:

[testwebNNNN@webNNNN htdocs]$ cat .htaccess
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteRule ^(.*)$ https://%{HTTP_HOST}/%{REQUEST_URI} [R=301,L]

[testwebNNNN@webNNNN htdocs]$ curl -L -k -vvv https://www.testwebNNNN.webfactional.com/
* About to connect() to www.testwebNNNN.webfactional.com port 443 (#0)
*   Trying 2a03:8180:1401:af:5::3...
* Connected to www.testwebNNNN.webfactional.com (2a03:8180:1401:af:5::3) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*   subject: CN=*.webfaction.com,OU=Domain Control Validated - RapidSSL(R),OU=See www.rapidssl.com/resources/cps (c)15,OU=GT32045455
*   start date: Oct 12 18:24:13 2015 GMT
*   expire date: Dec 13 08:08:41 2017 GMT
*   common name: *.webfaction.com
*   issuer: CN=RapidSSL SHA256 CA - G3,O=GeoTrust Inc.,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.testwebNNNN.webfactional.com
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Server: nginx
< Date: Wed, 27 Jul 2016 23:37:04 GMT
< Content-Type: text/html; charset=iso-8859-1
< Content-Length: 244
< Connection: keep-alive
< Location: https://testwebNNNN.webfactional.com/
< 
* Ignoring the response-body
* Connection #0 to host www.testwebNNNN.webfactional.com left intact
* Issue another request to this URL: 'https://testwebNNNN.webfactional.com/'
* About to connect() to testwebNNNN.webfactional.com port 443 (#1)
*   Trying 2a03:8180:1401:af:5::3...
* Connected to testwebNNNN.webfactional.com (2a03:8180:1401:af:5::3) port 443 (#1)
* skipping SSL peer certificate verification
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*   subject: CN=*.webfaction.com,OU=Domain Control Validated - RapidSSL(R),OU=See www.rapidssl.com/resources/cps (c)15,OU=GT32045455
*   start date: Oct 12 18:24:13 2015 GMT
*   expire date: Dec 13 08:08:41 2017 GMT
*   common name: *.webfaction.com
*   issuer: CN=RapidSSL SHA256 CA - G3,O=GeoTrust Inc.,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: testwebNNNN.webfactional.com
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx
< Date: Wed, 27 Jul 2016 23:37:04 GMT
< Content-Type: text/html
< Content-Length: 12
< Connection: keep-alive
< Last-Modified: Mon, 21 Dec 2015 17:30:05 GMT
< ETag: "c-5276bd70274ec"
< Accept-Ranges: bytes
< 
* Connection #1 to host testwebNNNN.webfactional.com left intact
Hello, world
permanent link

answered 27 Jul '16, 23:39

seanf
12.2k41836
accept rate: 37%

edited 27 Jul '16, 23:40

Thanks Sean. That clarification helps a lot, because I realised that the next possible culprit was my WebFaction setup. Currently, my idea was to:

  1. For the http URIs:, configure a WebFaction website http_sites (http) for all domains connected via http — http://mydomain1.com, http://www.mydomain1.com [+ http://mydomain2.com, http://www.mydomain2.com, etc.] — and connect them to a (static) redirect_to_https app with this .htaccess:

    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
    RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
    RewriteCond %{HTTP:X-Forwarded-SSL} !on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    
  2. For the https URIs:, for each domain, configure a WebFaction website mywebsite1_ssl (https) for domains https://mydomain1.com and https://www.mydomain1.com to connect to myapp1 for the site. (And so on, for mydomain2.com, mydomain3.com etc.) This app needs no changes to the .htaccess.

I realise that of course, with this setup, https://www.mydomain1.com is not passing through the .htaccess of redirect_to_https at all, because it's going straight to myapp1.

I should have worked that out myself — thanks for the gentle nudge :)))

To deal with the https://www. ... case, one solution would be:

  1. (As above) For the http URIs:, configure a WebFaction website http_sites (http) for all domains connected via http — http://mydomain1.com, http://www.mydomain1.com [+ http://mydomain2.com, http://www.mydomain2.com, etc.] — and connect them to a (static) redirect_to_https app with this .htaccess:

    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
    RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
    RewriteCond %{HTTP:X-Forwarded-SSL} !on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    
  2. For the https/www URIs:, configure a WebFaction website https_www_sites (https) for all domains connected via https with www. in the address — https://www.mydomain1.com [+ https://www.mydomain2.com, etc.] — and connect them to a (static) redirect_to_non_www app with something like this in the .htaccess:

    RewriteEngine On
    RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
    RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
    
  3. For the https/non-www URIs (the preferred URI):, for each domain, configure a WebFaction website mywebsite1_ssl for the domain https://mydomain1.com to connect to myapp1 for the site. (And so on, for mydomain2.com, mydomain3.com etc.) This app needs no changes to the .htaccess.

This is a bit more convoluted, but I feel that it should work.

Questions:

  1. Is this the way to go, or am I missing something fundamental?
  2. Could the .htaccess rules be simplified further / written differently in the https/www case?

Thanks for your help!

(28 Jul '16, 15:39) JustAnotherW...

Oh, and I should also ask if there are any implications for my SSL certs at any point if I change the websites or apps from their current ones.

Does the WebFaction certificate installation link in any way to the apps or websites, or is the installation entirely independent of the apps/websites?

(28 Jul '16, 15:45) JustAnotherW...

I've added a new Answer to address your complexity question. I think there's a simpler approach.

As for your SSL certificate question, yes -- SSL certificates are linked to the HTTPS website record name. If you rename the website record (at https://my.webfaction.com/websites) then that will break the certificate association and require re-installation. As long as the website record name is maintained, you can make any other changes and the certificate will still be applied.

(29 Jul '16, 02:20) ryans ♦♦

Thanks for the post, As this help me to redirect my site http://www.pnrs.in/ to www for non www. Thanks

permanent link

answered 24 Nov '16, 12:30

AayushiSharma
212
accept rate: 0%

I have added SSL to my website https://www.pnrstatusbuzz.in/ and redirect http non-www to https www with htaccess but sometime https shows in my domain name and sometimes not on browsers. I just want to know whether it's htaccess redirection code issue or SSL installation issue or anything else. If you ask i can show you my htaccess codes. I have tried all the possible way but none worked. Please guide me what to do and how to solve this issue.

permanent link

answered 20 Oct '16, 19:47

ryanrajpoot
112
accept rate: 0%

Please open a support ticket via https://my.webfaction.com/open-support-ticket for assistance - thanks!

(20 Oct '16, 20:25) seanf

Thank you seanf, i will do so as you said...

(20 Oct '16, 22:31) ryanrajpoot
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×76
×75
×74
×33
×4

question asked: 27 Jul '16, 19:26

question was seen: 5,038 times

last updated: 24 Nov '16, 12:30

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM