Change SSL error redirect URL

20 posts / 0 new
Last post
#1 Tue, 07/14/2009 - 15:47
jahlewis

Change SSL error redirect URL

What is the best way to have the error message when a user goes to a non https webpage that requires SSL to point to the right address?

[14/Jul/2009:14:19:39 -0400] [71.48.130.183] Bad Request : This web server is running in SSL mode. Try the URL https://kermit:20000/ instead.

What I'd like to point to is https://avenue.org:20000/

What do I need to change to make this work? Thanks.

Wed, 07/15/2009 - 15:00
andreychek

Well, I don't know that you can change the error message.

You can, however, have it redirect to the correct address, if you like.

To do that, go into Webmin -> Webmin -> Webmin Configuration -> SSL Encryption, and set "Redirect non-SSL requests to SSL mode" to "Yes".

-Eric

Sun, 09/12/2010 - 17:45
Krienas

Sorry for bumping up old post, but it is close to my question. I have host behind router. IP address used to access it from internet (lets say it is 180.180.180.180) is different from one set on interface (10.10.10.10). Everything works perfectly if correctly requested (correct request https://180.180.180.180:10000, or https://<domain.name>:10000).

But if visitor forgets "s" and requests http://180.180.180.180:10000, he will get this error message: "Bad Request : This web server is running in SSL mode. Try the URL https://10.10.10.10:10000/ instead.". For external visitor suggested address will not work, as it is internal IP address. The same if visitor requested through domain.

Question is simple how to fix it? In the best case suggested address could point to the same address which was specified in browser by visitor, just with "https://" in the beginning.

Thanks

Mon, 09/13/2010 - 03:04
Krienas

By the way, I know that it is possible to override IP used in message with "musthost" configuration variable, but in multidomain environment it isn't good enough as hostname used is the same for all domains.

Mon, 09/13/2010 - 09:27
Krienas

if it is not possible to make what I ask, maybe somebody can say were (in what variable) query string is stored in miniserv, so basically I could tweak that message.

Mon, 09/13/2010 - 09:37
andreychek

Hmm... you may be able to correct that by going into System Settings -> Virtualmin Configuration -> Network Settings, and tweaking some of the options there.

You'll want to make sure that "Network interface for virtual addresses" is set to the interface that you use to access your server on. The "Default Virtual Server IP address" is probably good at the default, "From network interface".

Then, I'd make sure "Default IP address for DNS records" is set to the external IP address used to access your server.

Let us know if setting those does the trick for you!

-Eric

Mon, 09/13/2010 - 11:24
Krienas

According to current configuration:

Virtualmin -> System Settings -> Virtualmin Configuration -> Network Settings:

  • Network interface for virtual addresses: eth0 (it is the only interface in this machine)
  • Default virtual server IP address: 180.180.180.180
  • Default IP address for DNS records: Same as virtual server IP

Do not know what could help you. For example in:

  • Virtualmin -> Addresses and Networking -> Dynamic IP Update (Dynamic update is disabled) Primary interface IP address and Externally visible IP address are the same and points to 180.180.180.180.
  • Virtualmin -> Edit Virtual Server -> IP address and interfaces:
    • IP address: 180.180.180.180 (Shared by all servers)
    • Virtual interface: None
    • External IP address: 180.180.180.180
  • Virtualmin -> Server Configuration -> Change IP Address -> Current IP address: 180.180.180.180
  • Virtualmin -> Server Configuration -> Edit Proxy Website -> Proxying enabled?: No (Was trying to use it without noticeable effects)
  • Virtualmin -> Services -> Configure Website -> Networking and Addresses:
    • Lookup hostnames: Default
    • Do RFC1413 user lookups: Default
    • Server hostname: specified exact (correct) domain name of virtual host
    • Use hostname supplied by browser: Default
  • Webmin -> Webmin -> Webmin Configuration -> Ports and Addresses:
    • Web server hostname: Work out from browser
    • Reverse-resolve connected IP address?: No
  • Webmin -> Webmin -> Usermin Configuration -> Ports and Addresses -> Web server hostname: Work out from browser.

As it is absolutely possible that I had missed something, ask what information I could provide.

Thank you.

Fri, 12/31/2010 - 07:48
aplima

Hi, I was searching the forum and bumped into this question. My problem is similar. Installed a Webmin server in a client, and when I access from outside, if I forget to put https instead of http, it recomends to access using https://internallanip:10000

Can't find a way to solve this... And, don't know if it is related to this, when the client types: http://webmail.domain.tld it does not redirect to https://domain.tld:20000 as it should...

I don't think it is a problem in router forwarding rules, because if I type the url mannually it opens fine...

Thanks...

Aplima

Fri, 12/31/2010 - 08:01 (Reply to #8)
Krienas

Sadly I didn't find a solution which doesn't involve modifying code. In my opinion it is simply the use-case which is not implemented. At least it looked like this at time I was searching how to solve it. Possibly something is changed now.

Krienas

Fri, 12/31/2010 - 09:29
andreychek

If you haven't already, try going into System Settings -> Virtualmin Configuration, and on the first screen there, set "Virtualmin URL for use in email messages" to the correct URL you'd use to access Virtualmin on your server... something like:

https://your_domain.tld

After saving that, does the URL it provides for the redirect look correct now?

-Eric

Sun, 01/02/2011 - 18:07
aplima

Eric,

Yes I did try that and it does not work. My theory is that when webmin is installed, it looks up server ip and defines it as 192.168.1.250... When I access it using internet ip (or url) and I forget to use https, it recomends to redirect to https://192.168.1.250...

I think, but I can be wrong, this is the origin of all the problems...

Aplima

Sun, 01/02/2011 - 19:25
andreychek

Okay, after speaking with Jamie about this -- Webmin determines what URL to use for the redirect by performing a reverse DNS lookup of the primary IP on the server.

There wouldn't be a reverse address for your local IP... so you can override that setting by editing /etc/webmin/miniserv.conf, and setting the "host=" line. You could set it to something like:

host=external.hostname.com

After you add that setting, you'd need to restart Webmin with:

/etc/init.d/webmin restart

Sun, 01/02/2011 - 20:43
aplima

Ok, one problem is solved...

Thank you so much...

But sadly this was a minor problem, because the admin page is for me to access and nobody else. I still have the problem of the webmail and admin page.

when I type: http://webmail.domain.tld it shoud redirect to https://domain.tld:20000 like http://admin.domain.tld should redirect to https://domain.tld:10000

All it does is to open an 80 port page with:

Index of / [ICO] Name Last modified Size Description Apache/2.2.3 (CentOS) Server at admin.domain.tld Port 80

Thanks for all your patience

Aplima

Sun, 01/02/2011 - 22:30
andreychek

Hmm, that sounds like the redirects may not be setup in Apache.

If you look in System Settings -> Server Templates -> Default -> Apache Website, are "URL for webmail redirect" and "URL for admin redirect" set?

-Eric

Mon, 01/03/2011 - 04:26
Locutus

Concerning hostname:

I found that the "usual way" my Ubuntu does this is by adding an appropriate line to /etc/hosts (and subsequently I always add it manually if it is/gets missing). Example from my mail Virtualmin server:

188.40.20.92 orion.tianet.de orion

So even if the external nameserver does not resolve the name, or if there is no external nameserver available, the local IP of the machine is always resolvable, and this hostname is what Vmin uses in its "please use https instead" message.

Concerning URL forward:

In addition to what Eric suggested: You can check if Virtualmin correctly set up that forwarding by looking at the Apache config of the domain in question, under Services -> Configure Website -> Edit directives. There should be a block like this in the config:

RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.domain.tld
RewriteRule ^(.*) -https-://domain.tld:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.domain.tld
RewriteRule ^(.*) -https-://domain.tld:10000/ [R]

(Replace "-https-" with "https" if using this block. Need to write it this way cause the forum software here otherwise still tries to construct a broken A HREF link from it.)

Vmin uses Apache mod_rewrite to perform this forwarding, since the other (easier) methods only apply to URL paths, not to changing the hostname.

Mon, 01/03/2011 - 05:00
aplima

Yes Eric, everything is selected as you inquired... That's why I don't understand why it does not redirect...

I'll try adding mannually the entries on hosts file like Locutus sugested. Thought I'm using CentOS 5.5 and the Apache conf file looks ok.

Thanks,

Aplima

Mon, 01/03/2011 - 05:29
aplima

Problem persists...

Mon, 01/03/2011 - 06:37
aplima

Well, I'm embarrassed... I had to Stop... And think a lot more... And read a lot more on the logs. It was a problem of defining correctly the ip for the virtual server.

I have to thank you all, especially you Eric. You gave me the solution to this problem long ago on this forum. I wasn't looking to the right place.

I recomend everyone to look with good eyes to this post:

https://www.virtualmin.com/node/16637#comment-73789

Thank you so much, and keep up the great work.

Aplima

Sun, 06/14/2015 - 21:15
iainrosen

If You Haven't Already Discovered:

Webmin >> Webmin Configuration >> IP addresses and Ports >> Webserver Hostname

-Iain

Sat, 09/28/2019 - 04:01
AndrejSlo

Just for info: Text that your server is running in ssl mode can be removed. What i did is search for the text "This web server is running in SSL mode" inside the file: /usr/share/webmin/miniserv.pl and changed it for example to : &http_error(200, "Document follows", "This web server is running in SSL mode."); or &http_error(200, "Document follows", "");

Topic locked