Submitted by hescominsoon on Wed, 08/08/2018 - 21:47 Pro Licensee
with the availability of LE I do not see a reason to allow http traffic for accounts/domains that are started inside of virtualmin. Is there a way to have a plan built that simply does not allow http at all?
Status:
Active
Comments
Submitted by andreychek on Wed, 08/08/2018 - 22:45 Comment #1
Howdy -- hmm, I don't know of a way to disable port 80 entirely in a Server Template or Plan.
Disabling it altogether might cause some trouble, such as when trying to request Let's Encrypt certificates, which needs to be done over HTTP.
My suggestion might be to just add a mod_rewrite rule to the Apache config, allowing access to the .well-known directory over HTTP, but redirecting everything else to port 443.
That could be added to the Apache website Server Template.
I'm thinking something along the lines of this (which isn't tested, but should be close):
RewriteRule ^.well-known/ - [L,NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://${DOM}/$1 [R,L]
Now, if you really find that you don't need port 80 at all, you could always block it at the firewall level, though it sounds like you're hoping to do so on a per-domain basis.
Submitted by JamieCameron on Wed, 08/08/2018 - 23:14 Comment #2
Yeah, the best option is to setup a redirect for all paths except /.well-known to HTTPS.