conf-available vs sites-available

[StevenOliver]

Best practices question:
Which is correct? Placing custom Apache directives in "apache2/sites-available" or, placing them in "apache2/conf-available" ??

Specifically, I have a set of custom RewriteRules that seem to work no matter where I place them.

In fact, even dIrectly editing my Apache default.conf works, too, but I heard custom stuff should always go in a separate file.

: ALL THESE WAYS SEEM TO WORK :

What is the "best practices" answer?

Thank you!!

 

Edited July 10, 2020 by StevenOliver

[requinix]

Take a look at the things in conf-available and see if your custom directives seem to fit in with what's there.

[StevenOliver]

Okay.... I'll make a guess.....

NO. Conf-available is the wrong place to put my rewriterules conf file.

The directives in that conf-available (and conf-enabled) are weird higher-level goofy looking one-liner crap files like  servername.conf  "servername localhost" and a charset file, and a security file I dare not touch.

However, the "sites-available" has files that look like they would make good friends for my custom RewriteRules.conf file. There's a default conf file, a default ssl file, and a conf file placed by Certbot in that directory.

So, my guess is it would be "best practices" to place my rewriterules.conf file into sites-available

What do you think?

Thank you.

[requinix]

And I agree that conf-available is not the right place for your RewriteRules. But you shouldn't be creating a new file in sites-available either and for basically the same reason: if you look through sites-available you'll find websites, and your RewriteRules are not websites.

But they are used for a website, so put them in your site's configuration. As in inside the VirtualHost block.
Alternatively, you could put the rules in a separate file somewhere (like within your application) and include it from inside the site configuration.

[StevenOliver]

Because I'm only hosting my own domain, I chose not to create a separate site configuration.

I looked for my <VirtualHost> files, and they are located here:
I only have 2 VirtualHost files that were automatically installed when I installed Ubuntu:
1.) inside of /sites-available/default.conf there is <VirtualHost *:80>
2.) Inside of /sites-available/default-le-ssl.conf there is a <VirtualHost *:443> (Certbot installed this conf file).

My RewriteRule directive looks like this:

<Directory /var/www/html/>
RewriteEngine on
RewriteCond blah blah blah
RewriteRule ^(.+)$ https://www.example.com/$1/ [R=301,L]
</Directory>

So I am going to take another guess:  I will place that RewriteRule block inside of the <VirtualHost *:443> created by Certbot.

What do you think?

[requinix]

What you're describing makes me nervous, but yes: you probably should put that block (which doesn't need the Directory) inside your website configuration's VirtualHost.

[StevenOliver]

I'm nervous too, we both need a drink.

So I just now RTFM, and it says that RewriteRules "...may be used in per-server context (httpd.conf)," or in a "per-virtualhost context (<VirtualHost> blocks)" amongst other things.

However, I read somewhere that to keep things tidy, one must never directly edit the default httpd.conf file.

Therefore, I think I was right to start with: create my own "my_rewrite_rules.conf" file, put it in "/conf-available" and then run the commad "a2enmod my_rewrite_rules.conf"

And Voila! All done, everybody happy.

Okay, now please tell me what's wrong about what I wrote 😀

[requinix]

Just now, StevenOliver said:

Okay, now please tell me what's wrong about what I wrote 😀

I already did. I specifically said it shouldn't go there.

[StevenOliver]

But you also said to put it in the <VirtualHost *.443> block, but that made you nervous. And, if you're nevous, then I'm nervous, we don't want that.

I'm still reading the Apache manual. I'll get this figured out.

[StevenOliver]

OMG... this is going to be a month-long project. I'm just now reading in the section "When NOT to use mod_rewrite," and it says for simple http to https redirects (and I assume also for the non-www to www redirects too), it says:

Quote

In the case of the http-to-https redirection, the use of RewriteRule would be appropriate if you don't have access to the main server configuration file, and are obliged to perform this task in a .htaccess file instead.
[from https://httpd.apache.org/docs/current/rewrite/avoid.html]

I understand the instructions to mean that if I do not have access to the "main server configuration file," then RewriteRules belong in the .htaccess file.

However, I do have access to the main server configuration file.

Now that I've been told what NOT to do, I'm back to figuring out what I should do....

"What would Requinix do... hmmmm"

 

Edited July 12, 2020 by StevenOliver

[kicken]

30 minutes ago, StevenOliver said:

Now that I've been told what NOT to do, I'm back to figuring out what I should do

It tells you exactly what to do on that page you linked.

For a simple http to https redirect, just create a http vhost with a simple Redirect statement.  For example, from my site's configuration:

<VirtualHost *:80>
        ServerName aoeex.com
        ServerAlias www.aoeex.com

        Redirect permanent / https://aoeex.com/
</VirtualHost>

 

[StevenOliver]

Kicken, hi! I wish you would have posted that an hour ago 😀
I just found it a moment ago, tried it, and that simple one-liner worked!

However.... being the OCD person I am, I made my big list of 20 "bad" urls (I want the end result to only be "https://www.example.com") and typed in "example.com, www.example.com,https://example.com, www.example.com/directory, etc., etc.) into the online bulk redirect checker, and even though they ALL redirected correctly to https://www.example.com, about a third of them had 3 redirects, about a third had 2 redirects, and a third had one redirect.

There is an awesome page here that shows the code where no matter what, there is ONLY ONE redirect! Not 2 redirects, not 3 redirects, but just ONE redirect! (Very thrilling!).

Unfortunately, that page used the RewriteCond/RewriteRule format.

Now I have to figure out how to make the simple one-liner "redirect" format mentioned in the Apache Manual correspond with the RewriteCond/RewriteRule format...

I'll probably have to learn some code.

Do you think that will be easy?

Edited July 12, 2020 by StevenOliver

[gizmola]

The placement and organization of apache configuration files has no standard.  Application packagers have added organization and conventions over the years.  The sites-available directory is a debian thing (afaik) and went along with another directory, where the idea was that you would put a configuration file for each vhost/site you were hosting.  There was also another directory (sites-enabled) where you would make a symlink to any sites-enabled conf files you wanted to actually be live, and then restart apache.  

Again this is the convention of that particular package maintainer, and different distros (Centos/Redhat) for example don't use it.  At the end of the day, it doesn't matter where you put things, so long as you understand what directories are looked at for configuration.  You could use one giant httpd.conf file if you want.  The important thing is to look for those include statements, grok the various directories that are included, and any files that might be in those directories, and in general just be sure you understand where they are loaded.  If you have rewrite rules that you want to include for a vhost, there is nothing wrong in sticking the in the default vhost files, if those are all you are using, but keep in mind that those files were placed there with the intention that they would be examples you would use as templates for the actual vhost files people typically have, and which are named for the domains they are meant to serve up. 

This is also why the sites-enabled scheme was beneficial, because it doesn't matter with that scheme if you have other unused files in sites-available.

[kicken]

I wouldn't be overly worried about multiple redirects, but there shouldn't be any regardless if you do things correctly.

The example I showed above covers the HTTP version of URLs entirely, www or no www.  Either version it will redirect to the correct HTTPS version of the url (no www in my case).

So that leaves only the www vs no www scenario on HTTPS to worry about and that you'd use mod_rewrite for.  In my case, that's

#Force no-www
RewriteCond %{HTTP_HOST} ^www.aoeex.com(:\d+)?$
RewriteRule ^/?(.*) http://aoeex.com%1/$1 [QSA,R=301,L]

So in every scenario there would only be one redirect.

http://www. -> vhost Redirect sends you to the right URL.

http:// -> vhost Redirect sends you to the right URL

https://www. -> mod_rewrite sends you to the right URL

https:// -> no redirect necessary.

 

If you're getting more than one redirect you're probably configuring something wrong.  At worst you might get two if DirectorySlash is on (is by default) and you request a directory without the trailing slash.

edit:  There are non-mod_rewrite ways to handle the www/no-www scenario too.

 

Edited July 12, 2020 by kicken

[StevenOliver]

For my desired  https://www.example.com result, this seems to work perfectly:

I located my VirtualHost 80 and 443 files and added these lines:

<VirtualHost *:80>
RedirectMatch 301 /?$ https://www.example.com/

<VirtualHost *:443>
<If "req('Host') != 'www.example.com'">
RedirectMatch 301 /?$ https://www.example.com/

The result? Maximum of only ONE redirect!

( I checked all these permutations on the online bulk redirect checker )

http://example.com
http://example.com/file.php
http://example.com/directory
http://www.example.com
http://www.example.com/file.php
http://www.example.com/directory
https://example.com
https://example.com/file.php
https://example.com/directory
https://www.example.com
https://www.example.com/file.php
https://www.example.com/directory
example.com
example.com/file.php
example.com/directory
www.example.com
www.example.com/file.php
www.example.com/directory

Thank you 😀

Edited July 12, 2020 by StevenOliver

[StevenOliver]

Edit:  previous post missing closing "</if>"

Should say:
<VirtualHost *:443>
<If "req('Host') != 'www.example.com">
RedirectMatch 301 /?$ https://www.example.com/
</If>

... my best post, and I screwed it up 😱

[StevenOliver]

Eh... forget it. Back to the drawing board. More than one redirect!

Although using redirect inside of virtualhost files is what the rulebook says, the rulebook ALSO says

"If, for whatever reason, you still want to use mod_rewrite..."

Well, yes, my "whatever reason" is I only want ONE redirect no matter what the visitor types in.

So I'm going to use mod_rewrite. And I'll still be following the rules! 😀

[kicken]

Maybe you should show what kind of redirect chain you're getting, then you can figure out where your configuration is wrong, or at least why there are multiple. 

Like I said above, there shouldn't be more than one, maybe two in the case of a directory.

 

[StevenOliver]

Just found out to qualify for HSTS ("preload eligibility"), you are not allowed to have only one redirect from http://example.com to https://www.example.com.

For this, you are required to have 2 redirects:
1.) From http://example.com ---> https://example.com
and then
2.) from https://example.com ---> https://www.example.com

If I read correctly, something about www.example.com and example.com are actually different sites, and that leaving the "www" off helps keep their preload list smaller for browsers.

Whatever.

Three days work down the tube.

Edited July 13, 2020 by StevenOliver