SOLVED Can't seem to get a http to https redirect

[mathuaerknedam]

I specifically need an http to https redirect that works in curl, so I've been testing with "curl -IL http://support.example.com". HSTS is already enabled, so normal web browsers redirect without a 301/302 in place.

I have other redirects working in .htaccess, so I know the file is live. Same with /usr/local/apache/conf/includes/pre_virtualhost_global.conf - most things I do there work fine, it's only this redirect that's eluding me. This leads me to believe that I'm misunderstanding something, but I can't fire out what.

This works in pre_virtualhost_global.conf, but it's just to demonstrate that I can get a single redirect in that file to give me the curl output I'm looking for.

 Redirect 302 /foo https://support.example.com

With that, I get the following output from curl:

T[mneedham@jelly:~/] curl -IL http://support.example.com/foo
HTTP/1.1 302 Found
Date: Wed, 13 Dec 2017 21:58:47 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Location: https://support.example.com
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 200 OK
Date: Wed, 13 Dec 2017 21:58:48 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
X-Powered-By: PHP/5.5.30
Vary: User-Agent
Content-Type: text/html

This is what I need - a 302 with a location header, followed by a 200.

For the real redirect, I have:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} off
#    RewriteCond %{HTTPS} !=on
#    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302]
#    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [L,R=302]
    RewriteRule (.*) https://support.example.com%{REQUEST_URI} [R=302,L]
</IfModule>

The comments show some of the alternative syntax I've tried.

But no dice:

T[mneedham@jelly:~/] curl -IL http://support.example.com/
HTTP/1.1 200 OK
Date: Wed, 13 Dec 2017 22:01:48 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sat, 14 Nov 2015 04:20:43 GMT
ETag: "1c121-6f-524787fd69cc0"
Accept-Ranges:  none
Content-Length: 111
Content-Type: text/html

I have this working on another server (one without CPanel):

T[mneedham@jelly:~/] curl -IL http://gamma.example.com/
HTTP/1.1 302 Found
Cache-Control: no-cache
Content-length: 0
Location: https://gamma.example.com/
Connection: close

HTTP/1.1 200 OK
Date: Wed, 13 Dec 2017 22:02:33 GMT
Server: Apache/2.2.3 (CentOS)
Strict-Transport-Security: max-age=0; includeSubdomains; preload
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Last-Modified: Mon, 13 Jun 2016 16:16:30 GMT
ETag: "3648051-247-36095380"
Accept-Ranges: bytes
Content-Length: 583
Content-Type: text/html; charset=UTF-8
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Option: SAMEORIGIN

Any ideas?

 

[cPanelMichael]

Hello,

Here are a few StackOverflow threads you may find helpful:

Is there a way to follow redirects with command line cURL
How can I find where I will be redirected using cURL?
cURL refuses to display 302 redirect URL

Thank you.

 

[mathuaerknedam]

Those posts seem to all be about how to tweak curl to get it to follow redirects. I have no controls over curl (in fact, I explicitly can't ask my users to change any of their existing scripts), so I'm trying to get this working with my cPanel server like it works on my other server.

For example, on my cPanel server, this will save 404.html, but with the file name that's being requested, because the redirect isn't being followed.

curl -L -O http://support.example.com/ftp/HDF/releases/HDF4.2.10/src/hdf-4.2.10.tar.gz

On my server without cPanel, curl follows the redirect and the correct file is downloaded.

 curl -L -O http://gamma.example.com/ftp/pub/outgoing/szip-MacOSX/SZIP-U.tar.gz

So I need to know how to get my cPanel server to behave this way, without any changes to how curl is run on the client side.

 

[mathuaerknedam]

I've confirmed that the redirect in .htaccess work, but they appear to only be working for example.com, and not for subdomains.

If htaccess doens't contain a specific http-https redirect, the later redirect from example.com to www.example.com works in two steps.

T[mneedham@jelly:~/] curl -IL http://example.com/
HTTP/1.1 302 Found
Date: Thu, 14 Dec 2017 20:11:42 GMT
Server: Apache
Location: https://www.example.com/
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 200 OK
Date: Thu, 14 Dec 2017 20:11:43 GMT
Connection: keep-alive
Cache-Control: public, max-age=600
Content-Type: text/html; charset=UTF-8
Link: ; rel=shortlink
Server: nginx
Set-Cookie: SESSd032b234df65d8974df0a9209036ab3e=ce1a18ef38461b932d77702ef5666752; expires=Thu, 14-Dec-2017 20:11:42 GMT; Max-Age=0
Set-Cookie: SSESSd032b234df65d8974df0a9209036ab3e=6aed4ca399317157ec84299b4f70d73f; path=/; domain=.example.com; secure; HttpOnly
Surrogate-Key-Raw: front post-3457 post-user-3 single
X-Pantheon-Styx-Hostname: styx-fe1-a-2529815732-m966b
X-Styx-Req-Id: styx-4ce7861ff9790e49a0ae2be8633dc655
X-Tec-Api-Origin: https://www.example.com
X-Tec-Api-Root: https://www.example.com/wp-json/tribe/events/v1/
X-Tec-Api-Version: v1
Via: 1.1 varnish
Fastly-Debug-Digest: d2eba00737b281447999a6e11aa618822662cd5965810cd10e8966ec5136e560
Accept-Ranges: bytes
Via: 1.1 varnish
Age: 0
X-Served-By: cache-mdw17327-MDW, cache-ord1733-ORD
X-Cache: MISS, MISS
X-Cache-Hits: 0, 0
X-Timer: S1513282302.297314,VS0,VE750
Vary: Accept-Encoding, Cookie, Cookie

If I add the http-https redirect at the top, I see the https redirect, followed by the www.example.com redirect. This at least tells me that the redirect syntax is correct and *IS* working (inconsistently).

T[mneedham@jelly:~/] curl -IL http://example.com/
HTTP/1.1 302 Found
Date: Thu, 14 Dec 2017 20:11:52 GMT
Server: Apache
Location: https://example.com/
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Thu, 14 Dec 2017 20:11:52 GMT
Server: Apache
Location: https://www.example.com/
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 200 OK
Date: Thu, 14 Dec 2017 20:11:53 GMT
Connection: keep-alive
Cache-Control: public, max-age=600
Content-Type: text/html; charset=UTF-8
Link: ; rel=shortlink
Server: nginx
Set-Cookie: SESSd032b234df65d8974df0a9209036ab3e=c2ad7658d08f2322661b17f0852b7849; expires=Thu, 14-Dec-2017 20:11:52 GMT; Max-Age=0
Set-Cookie: SSESSd032b234df65d8974df0a9209036ab3e=35a0ec0edf39b9f856cada1a46dad8a1; path=/; domain=.example.com; secure; HttpOnly
Surrogate-Key-Raw: front post-3457 post-user-3 single
X-Pantheon-Styx-Hostname: styx-fe1-b-907954384-fphbx
X-Styx-Req-Id: styx-f81f66c0ca0cca5c06f88e4f79bffb71
X-Tec-Api-Origin: https://www.example.com
X-Tec-Api-Root: https://www.example.com/wp-json/tribe/events/v1/
X-Tec-Api-Version: v1
Via: 1.1 varnish
Fastly-Debug-Digest: d2eba00737b281447999a6e11aa618822662cd5965810cd10e8966ec5136e560
Accept-Ranges: bytes
Via: 1.1 varnish
Age: 0
X-Served-By: cache-mdw17343-MDW, cache-ord1730-ORD
X-Cache: MISS, MISS
X-Cache-Hits: 0, 0
X-Timer: S1513282313.530212,VS0,VE780
Vary: Accept-Encoding, Cookie, Cookie

But if I try this with support.example.com, or any other subdomain, there's no redirect!?

There may be an additional, or deeper problem. It's not just the http to https redirect that isn't working properly. Even without the http-https redirect in place, http://bigtime.example.com returns 200, while https://bigtime.example.com correctly returns 302 followed by 200.

T[mneedham@jelly:~/] curl -IL http://bigtime.example.com/
HTTP/1.1 200 OK
Date: Thu, 14 Dec 2017 20:25:59 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sat, 14 Nov 2015 04:20:43 GMT
ETag: "1c121-6f-524787fd69cc0"
Accept-Ranges: none
Content-Length: 111
Content-Type: text/html

T[mneedham@jelly:~/] curl -IL https://bigtime.example.com/
HTTP/1.1 302 Found
Date: Thu, 14 Dec 2017 20:26:14 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Location: https://w19.bthost.com/hdf/
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 3879
Content-Type: text/html
Expires: Thu, 14 Dec 2017 20:26:31 GMT
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDSSGQDCBR=JPMDMOGBINDFKGHMLEHBMBLI; secure; path=/
X-Powered-By: ASP.NET
X-Robots-Tag: noindex, nofollow
Date: Thu, 14 Dec 2017 20:26:30 GMT

Here are the relevant redirects.

RewriteCond %{HTTP_HOST} ^bigtime\.example\.com$
RewriteRule ^(.*)$ "https\:\/\/w19\.domain\.com\/hdf\/$1" [R=302,L]

RewriteCond %{HTTP_HOST} ^example\.com
RewriteRule ^(.*)$ "https\:\/\/www\.example\.com\/$1" [R=302,L]

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]

 

[cPanelMichael]

Hello,

Could you open a support ticket using the link in my signature so we can take a closer look?

Thank you.

 

[mathuaerknedam]

Thanks, I've created support request 9113359.

 

[mathuaerknedam]

This has been resolved by cPanel support.

For anyone else who reads this, the problem was that I had DNS directing subdomains to the server, but hadn't added the subdomains within cPanel. So I removed my subdomains' DNS records, added the subdomain to cPanel (with a doc root of public_html/), and everything started working.