Why does my apache2 setup always result in 301 Moved Permanently

Question

I recently set up an apache2 (2.4) server on a VPS, trying to get it to run a rails app with Phusion Passenger. It's nearly a fresh install of Ubuntu 14.04 and apache2. I'm trying to get a VirtualHost entry configured via sites-enabled. As soon as I ran a2ensites, any access to the http://my.site would be automatically be redirected to https://my.site. I don't have any .htaccess file anywhere. The following illustrates what I am having trouble with.

Here's /etc/apache2/ and there's no virtual host site enabled as of now

[appuser@prod apache2]$  ls -l
total 84
-rw-r--r-- 1 root root  7115 Jan  7 08:23 apache2.conf
drwxr-xr-x 2 root root  4096 May  8 21:46 conf-available
drwxr-xr-x 2 root root  4096 May  8 21:46 conf-enabled
-rw-r--r-- 1 root root  1782 Jan  3 09:48 envvars
-rw-r--r-- 1 root root 31063 Jan  3 09:48 magic
drwxr-xr-x 2 root root 12288 May  8 22:11 mods-available
drwxr-xr-x 2 root root  4096 May 13 00:28 mods-enabled
-rw-r--r-- 1 root root   320 Jan  7 08:23 ports.conf
drwxr-xr-x 2 root root  4096 May 12 23:37 sites-available
drwxr-xr-x 2 root root  4096 May 13 00:40 sites-enabled
drwxr-xr-x 2 root root  4096 May  8 22:24 ssl
[appuser@prod apache2]$  ls -l sites-enabled/
total 0

Here's /etc/sites-available/bulletin.vhost.conf:

[appuser@prod apache2]$  cat sites-available/bulletin.vhost.conf
#NameVirtualHost *:80
#ServerName bulletin.xorg

<VirtualHost *:80>
  ServerName bulletin.xorg:80
  DocumentRoot /home/appuser/www/bulletin/public
  <Directory /home/appuser/www/bulletin/public>
    AllowOverride all
    Options -MultiViews
    Require all granted
    PassengerRuby /home/appuser/.rvm/gems/ruby-1.9.3-p545/wrappers/ruby
  </Directory>

</VirtualHost>

Without enabling this site (bulletin.xorg), I can do wget http: //xorg without an issue:

[appuser@prod apache2]$  wget http://xorg
--2014-05-13 00:53:46--  http://xorg/
Resolving xorg (xorg)... 127.0.0.1
Connecting to xorg (xorg)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 739 [text/html]

Now I'm enabling this virtual host:

[appuser@prod apache2]$  sudo a2ensite bulletin.vhost
[sudo] password for appuser: 
Enabling site bulletin.vhost.
To activate the new configuration, you need to run:
  service apache2 reload
[appuser@prod apache2]$ )`reload': sudo service apache2 reload
 * Reloading web server apache2
[appuser@prod apache2]$  sudo service apache2 restart
 * Restarting web server apache2
AH00558: apache2: Could not reliably determine the server's fully 
  qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to
  suppress this message

Now I'm having trouble getting to either http: //xorg or http://bulletin.xorg. I'm always getting "301 Moved Permanently" status.

[appuser@prod apache2]$  wget http://xorg
--2014-05-13 00:58:45--  http://xorg/
Resolving xorg (xorg)... 127.0.0.1
Connecting to xorg (xorg)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://xorg/ [following]
--2014-05-13 00:58:45--  https://xorg/
Connecting to xorg (xorg)|127.0.0.1|:443... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.

[appuser@prod apache2]$  wget http://bulletin.xorg
--2014-05-13 01:01:18--  http://bulletin.xorg/
Resolving bulletin.xorg (bulletin.xorg)... 127.0.0.1
Connecting to bulletin.xorg (bulletin.xorg)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://bulletin.xorg/ [following]
--2014-05-13 01:01:19--  https://bulletin.xorg/
Connecting to bulletin.xorg (bulletin.xorg)|127.0.0.1|:443... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.

If it's of any interest, I have the following mods enabled and created a self-signed ssl certificate earlier (I don't see how it can be relevant though):

[appuser@prod apache2]$  ls -l ssl/
total 8
-rw-r--r-- 1 root root 1350 May  8 22:24 redmine.crt
-rw-r--r-- 1 root root 1704 May  8 22:24 redmine.key

[appuser@prod apache2]$  ls -l mods-enabled/
.
.
lrwxrwxrwx 1 root root 30 May 13 00:28 rewrite.load -> ../mods-available/rewrite.load
.
.
lrwxrwxrwx 1 root root 26 May  8 21:47 ssl.conf -> ../mods-available/ssl.conf
lrwxrwxrwx 1 root root 26 May  8 21:47 ssl.load -> ../mods-available/ssl.load
.
.

I'm really confused here. Thanks in advance.

Answer 1

I figured it out finally. In summary, the application server (Phusion Passenger) picked up my application's production setting of requiring ssl.

This is a Rails 3.2 app and it has the following entry

config/environments/production.rb:  
                # Force all access to the app over SSL, use 
                # Strict-Transport-Security, and use secure cookies.
config/environments/production.rb:  
                config.force_ssl = true

So it was not the apache2 rewrite mod that forced the 301 Moved Permanent status, but my application server did that instead. Also, because I only had one VirtualHost in apache2 and I disabled the default site (configured per the 000-default.conf that came with the apache2.4 installation). Any access to *.xorg falls through and gets served by the first (and only) VirtualHost, which is the bulletin.xorg. Then because of the bulletin.xorg app's force_ssl setting in Rails, http -> https://anything.xorg always took place.