Ken's picture

Hi everyone. I running Turnkey wordpress on proxmox 6.1-3. I can access webmin, adminer as well as webshell with https://mydomain.com:port

As you know lets encrypt cant config ss; for ip address (only for domain) . Have any way to force redirect all traffic https://ip:port to https://mydomain.com:port ?

I try with htaccess but it's not working

<IfModule mod_rewrite.c>
RewriteEngine on
# Redirect all http or https www.domain.com to https domain.com
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
# Redirect all subdomain (mail.domain) to domain
RewriteCond %{HTTP_HOST} !^domain.com$ [NC]
RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]
# Redirect ip:port to domain:port
RewriteCond %{SERVER_ADDR} = 123.123.123.123 [NC]
RewriteCond %{SERVER_PORT} = 2000 [NC]
RewriteRule (.*) https://domain.com:2000 [R=301,L]
</IfModule>

Forum: 
Jeremy Davis's picture

Whilst it should certainly be possible within the htaccess file, on TurnKey, as a general rule I recommend using the relevant Apache config file. Unless you do not have access to the main Apache config (e.g. using shared hosting - the primary purpose of htaccess files AFAIK), I would argue that using the relevant main Apache conf file is always preferable. I would further argue that that is especially the case for site wide config such as you are trying to achieve. One of the reasons why I much prefer using the main Apache config files is because I find it tends to be much more intuitive and less complex. It's also nice to have all the config in one place IMO.

Persevere with htaccess file

Having said that, on face value your config looks ok, although I'm certainly no expert on Apache config (and as I noted above, by necessity, htaccess file config tends to be much more convoluted and complex). So, if you wish to proceed with an htaccess file, then there are a few things worth checking. Firstly ensure that you have the Rewrite module enabled:

a2enmod rewrite

Also double check that htaccess files are enabled in the main WordPress Apache config file (/etc/apache2/sites-available/wordpress.conf). They should be by default in the TurnKey WordPress server, but worth double checking. Look for the line "AllowOverride All" within the <Directory ...> block.

Finally, ensure that you have restarted Apache after enabling modules and/or making any Apache (or PHP) config changes. E.g.:

systemctl restart apache2

If you've done all those things and it still doesn't work (and you wish to proceed with htaccess config), please provide as much detail as possible on what Apache config changes you've made (and where). Also please detail exactly what it's doing. Please explicitly note any incorrect behaviour (e.g. not redirecting at all, redirecting to the wrong place/URL, etc), error messages you might hit within your browser or from the commandline when restarting Apache and so on.

Configure via the main WordPress Apache config file

If you'd prefer to follow my recommendation, then please edit the WordPress Apache config file /etc/apache2/sites-available/wordpress.conf. The only thing I'm not 100% clear on is how you have already configured your server to serve https on port 2000. There is a risk that some of my advice will not be completely compatible with your existing config changes. There is a possibility, that your previous config changes may also be a factor in your current redirection problems. My advice is based on a default TurnKey WordPress setup.

First up, I'd add (or move into this file, if you've configured it elsewhere) a <VirtualHost *:2000> block. To start with, it should probably just look the same as the default <VirtualHost *:443> block (but with 2000 instead of 443). You can view the original default v15.2 TurnKey WordPress apache conf file here. Then here's the redirect lines I'd add (assuming your domain is "domain.com"):

    RewriteEngine On
    RewriteCond %{HTTP_HOST} !^domain.com$
    RewriteRule ^/(.*) https://domain.com:2000/$1 [L,R=301]

Ensure that the rewrite module is enabled (re-running the command if it is already won't do any harm) and restart Apache:

a2enmod rewrite
systemctl restart apache2

Hopefully you should be all good now... :)

Ken's picture

Thanks for your suggest. I tried this but it's not working

Here is my config in wordpress.conf

ServerName localhost

<VirtualHost *:80>
    UseCanonicalName Off
    ServerAdmin  webmaster@localhost
    DocumentRoot /var/www/wordpress
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    ServerAdmin  webmaster@localhost
    DocumentRoot /var/www/wordpress
</VirtualHost>

<VirtualHost *:12320>
    RewriteEngine On
    RewriteCond %{HTTP_HOST} !^domain.com$
    RewriteRule ^/(.*) https://domain.com:12320/$1 [L,R=301]
</VirtualHost>

<VirtualHost *:12321>
   .......
</VirtualHost>

<VirtualHost *:12322>
......
</VirtualHost>

<Directory /var/www/wordpress>
    Options +FollowSymLinks
    Options -Indexes
    AllowOverride All
    order allow,deny
    allow from all
</Directory>

But when i access 

https://123.123.123.123:12320/  it won't be redirect to https://domain.com:12320

I have the same problem with https://ip:12321 and https://ip:12322

Jeremy Davis's picture

Ports 12320 and 12321 are not managed by Apache, so what you are trying to do is going to require a whole lot extra config... So one thing at a time... Is your domain redirect on port 2000 working?

If you want to redirect IP to domain for Webshell and Webmin (ports 12320 & 12321), then you'll need to disable stunnel first (by default on TurnKey stunnel provides the SSL/TLS termination for them). Then you'll need to configure Apache to listen on those ports and act as a reverse proxy for them (Webshell listens on localhost port 12319 & Webmin on localhost port 10000). Then you can configure a redirect from IP address to domain and it should "just work".

Port 12322 should be Adminer and that is hosted by Apache by default (see the adminer.conf Apache config file). So that should be easy enough to get working as per my previous post.

Ken's picture

port 2000 is only port i assumed. The ports that i config for redirect are actually 12320-12322(Web shell, Webmin and Adminer) . Thanks for your info

Jeremy Davis's picture

Like I say Adminer should be easy. Just adjust the Adminer Apache conf file (/etc/apache2/sites-available/adminer.conf) as per my previous post.

If you want to also redirect Webshell and Webmin from IP to domain name, then you can do that too. I've detailed the steps that should be required below. Please note that I haven't tested this and it's off the top of my head. So I might have made a mistake somewhere. I'll note how to double check your Apache config further down...

First step is to stop & disable stunnel, so it's no longer listening on ports 12320 & 12321. In v14.x & v15.x you can do that like this:

systemctl stop stunnel4
systemctl disable stunnel4

Then make Apache listen on those ports:

echo "12320" >> /etc/apache2/ports.conf
echo "12321" >> /etc/apache2/ports.conf

Then I'd recommend configuring a separate site file for Webmin & Webshell, let's call it webtools. (Because I've written this as a heredoc, you should be able to copy/paste this whole next code block into your terminal and it should create the file with the contents).

cat > /etc/apache2/sites-available/webtools.conf <<EOF
# Webshell reverse proxy and redirect
<VirtualHost *:12320>
    SSLEngine On

    RewriteEngine On
    RewriteCond %{HTTP_HOST} !^domain.com$
    RewriteRule ^/(.*) https://domain.com:12320/$1 [L,R=301]

    ProxyRequests Off
    ProxyPreserveHost On

    ProxyPass / http://127.0.0.1:12319/
    ProxyPassReverse / http://127.0.0.1:12319/
</VirtualHost>

# Webmin reverse proxy and redirect
<VirtualHost *:12321>
    SSLEngine On

    RewriteEngine On
    RewriteCond %{HTTP_HOST} !^domain.com$
    RewriteRule ^/(.*) https://domain.com:12321/$1 [L,R=301]

    ProxyRequests Off
    ProxyPreserveHost On

    ProxyPass / http://127.0.0.1:10000/
    ProxyPassReverse / http://127.0.0.1:10000/
</VirtualHost>
EOF

Then enable your new webtools config, the proxy_http module and restart Apache (to apply the changes, including listening on the new ports):

a2ensite webtools
a2enmod proxy_http
systemctl restart apache2

If Apache fails to start, please share any errors logged. FWIW to double check your config, you can run this:

apachectl configtest

That should output a clear error message on what has gone wrong.

Important note, this will only redirect HTTPS connections via the IP address to HTTPS connections via the domain. If you try to access the IP (or domain) via vanilla HTTP, then you will still get an error in your browser. Apache is not able to listen with both HTTP & HTTPS on a single port. If you want to do that, then you'll need some sort of multiplexer reverse proxy in front of Apache.

That is outside the scope of what I can help you with here. Although if you give it a go please feel free to let us know how you go. If you're successful then others would likely find it handy. If you get stuck, please feel free to ask. I'm no expert with that, but perhaps I might be able to help with some details?

Add new comment