How to make a transparent redirect?

M

mirsum2020-06-09 18:03:39

Apache HTTP Server

mirsum, 2020-06-09 18:03:39

What is the best way to make sure that there is one site on 10 domains, with domains preserved:
domen.ru/katalog
vtoroy.ru/katalog
tretiy.ru/katalog

other domain.
So I want to then redirect all requests to the site while maintaining performance and displaying the site without changing the domain.
or a dynamic transparent domain change without https while preserving the original.
Example:
https://domen.ru/katalog and https://vtoroy.ru/katalog
are the same content, only visually the addresses are different

now there is such a plug, with the creation of a separate directory and site:
.htaccess
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} domen.ru$
RewriteRule ^(.*)$ https://vtoroy.ru/$1 [NC,R=301,L]

here the site address changes, but it is necessary that the domain does not change but remains, or worked correctly https but free. probably probably on dns there is a decision.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Andrey Barbolin, 2020-06-09
@dronmaxman

It's not a bug - it's a feature. If it would be possible (slip any domain under any certificate), then what's the point in https.
You need a certificate for each site (for example letsEncrypt).

M

mirsum, 2020-06-09
@mirsum

There is only one site (this is important). There are multiple certificates (this is a complication),
there is a solution with a redirect from https to http There was such an
address https://domen.ru/katalog
and it was transferred to such an address http://domen.ru/katalog

V

Viktor Taran, 2020-06-10
@shambler81

1. CNAME - redirect
2. Aliases and anyway you will have to issue letsEncrypt to these domains.
because when working through https, everything does not work as always
. Apache has a crutch, in fact there are a million of them, but that's not the point.
When at one time the question arose of finding 2 or more sites on the same port and one IP, then of course no one began to change RFC TCP\IP, because it was too late.
A crutch was invented, the essence of it is this
when accessing Apache, it parses http rerfery looks at the host name in the header and substitutes the config of the host you need, as a result you can keep more than 2 sites per 1 IP
Now the question
is what content you will receive via a secure protocol BEFORE confirming the keys ?
That's right, no, and therefore redirects do not shine for you, you will have to make certificates for these domains so that they give at least a byte.
But that's not all,
it's not port 80, but port 443, as a result, if this port is open on your server, that is, any of the sites has at least 1 certificate, then all other sites and domains automatically try to surrender from them. and NO, it's not enough just to remove port 443 from the config of these sites, since Apache is already listening to it.
And here comes another crutch.
If you have issued a certificate to one of the domains and the rest do not have it, and even if they do not even have port 443 in the configs, then Apache knows about their existence and will try to do the most obvious thing in the world.
Namely, he will select (the nearest config with a certificate) the closest in alphabetical order!
That is, it will substitute someone else's config and someone else's certificate (but the domain will remain), and someone else's site will open on this domain!
in your case, this can also be used and it will even solve the problem, but this solution is fundamentally wrong. For example, on my servers, to block this behavior, I have to specifically issue a default certificate to sites without https, and already in the nginc + apache configs, specify in servers and host that this site needs to be blocked and given a 40X code