Don't redirect errors and icons
Add redirect in global rewrite, unencrypted vhosts only have to inherit rules
# Start rewrite engine
RewriteEngine on
# Start rewrite engine
RewriteEngine on
- # Only if https is disabled
+ # Rewrite acme uri on php script
+ RewriteRule /\.well\-known/acme\-challenge/([-_a-zA-Z0-9]+) /usr/share/acme/acme-challenge.php?key=$1 [END]
- # Rewrite acme uri on php script
- RewriteRule /\.well\-known/acme\-challenge/([-_a-zA-Z0-9]+) /usr/share/acme/acme-challenge.php?key=$1 [L]
+ # Rewrite errors as final
+ RewriteRule ^/error/(HTTP_BAD_GATEWAY|HTTP_BAD_REQUEST|HTTP_FORBIDDEN|HTTP_GONE|HTTP_INTERNAL_SERVER_ERROR|HTTP_LENGTH_REQUIRED|HTTP_METHOD_NOT_ALLOWED|HTTP_NOT_FOUND|HTTP_NOT_IMPLEMENTED|HTTP_PRECONDITION_FAILED|HTTP_REQUEST_ENTITY_TOO_LARGE|HTTP_REQUEST_TIME_OUT|HTTP_REQUEST_URI_TOO_LARGE|HTTP_SERVICE_UNAVAILABLE|HTTP_UNAUTHORIZED|HTTP_UNSUPPORTED_MEDIA_TYPE|HTTP_VARIANT_ALSO_VARIES).html.var "-" [PT,END]
+
+ # Rewrite icons as final
+ RewriteRule ^/icons/(([acfp]|back|binary|binhex|blank|bomb|box1|box2|broken|burst|compressed|continued|dir|diskimg|down|dvi|forward|icon.sheet|image1|image2|image3|index|layout|left|link|movie|patch|pdf|pie0|pie1|pie2|pie3|pie4|pie5|pie6|pie7|pie8|portal|ps|quill|right|screw1|screw2|script|sound1|sound2|sphere1|sphere2|tar|tex|text|transfer|unknown|up|uuencoded|uu|world1|world2|folder(|.open|.sec)|generic(|.red|.sec)|alert.(black|red)|hand.(right|up)|ball.(gray|red)|comp.(blue|gray)|small/(back|binary|binhex|blank|broken|burst|comp1|comp2|compressed|continued|doc|folder2|folder|forward|generic2|generic3|generic|image2|image|index|key|movie|patch|ps|rainbow|sound2|sound|tar|text|transfer|unknown|uu)).(gif|png)|apache_pb(|2).(gif|png|svg)|(svg|xml|odf6o(d[bcfgimpst]|t[cfghipst])).png) "-" [PT,END]
+
+ #Redirect to https
+ RewriteCond %{HTTPS} off
+ RewriteRule (/.*) https://%{SERVER_NAME}$1 [L,R=301]