- OS: Ubuntu Linux 24.04.4
- Virtualmin: 8.1.0 GPL
- Webmin: 2.630
- Usermin: 2.530
- Theme: Authentic Theme 26.30
- Webserver: Apache (2.4.x)
Summary:
Enabling “Redirect all requests to SSL” in Virtualmin UI does not result in any functional HTTP → HTTPS redirect. The setting appears to save but does not modify the Apache configuration or enforce redirects at runtime.
Steps to Reproduce:
- Navigate to:
Virtualmin → Web Configuration → Website Options - Set:
3.Redirect all requests to SSL site → Yes* - Click Save
- Test:
curl -I http://domain.com
or access via browser
Expected Behavior:
- HTTP requests should return:
HTTP/1.1 301 Moved Permanently
Location: https://domain.com/...
- Apache vhost (
*:80) should include redirect logic (RewriteRule or Redirect directive)
Actual Behavior:
- No redirect occurs; HTTP requests are served normally
- Apache configuration is unchanged (no redirect rule added)
- UI setting does not produce any effect
Additional Observations:
- Manual Apache configuration with:
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
works correctly
- Virtualmin does not inject equivalent rules
- Issue persists after:
- Apache reload/restart
- Full server reboot
- Multiple conflicting or malformed RewriteRules may exist in vhost, but Virtualmin does not override or correct them when enabling this option
Suggested Fix:
- Ensure enabling SSL redirect:
- Injects redirect rule into
*:80VirtualHost - Places rule at top (before other RewriteRules)
- Validate existing rules and avoid silent failure
- Provide UI feedback if redirect cannot be applied due to conflicts
— Workaround:
Manually add to *:80 VirtualHost:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
