You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Theodotos Andreou <th...@ubuntucy.org> on 2014/09/06 00:06:35 UTC

[users@httpd] Multiple SSL vhosts problem

Hi guys. I am trying to setup two SSL vhosts on apache but getting 
redirected to the first one.

I read this guide:
https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
Apparently that guide about SNI is old since the NameServer directive 
seems to be deprecated on mine:
AH00548: NameVirtualHost has no effect and will be removed in the next 
release /etc/apache2/conf-enabled/namevirtualhost.conf:1

And this FAQ:
https://httpd.apache.org/docs/current/ssl/ssl_faq.html#vhosts2
I am using a wildcard cert for both vhosts

# apache2 -version
Server version: Apache/2.4.7 (Ubuntu)
Server built: Jul 22 2014 14:36:38
This is the stock apache from Ubuntu 14.04.01

SSLStrictSNIVHostCheck has not been enabled:

         #   Whether to forbid non-SNI clients to access name based 
virtual hosts.
         #   Default: Off
         #SSLStrictSNIVHostCheck On


Any hints to the right direction? How can I troubleshoot this issue further?

Re: [users@httpd] Multiple SSL vhosts problem

Posted by Theodotos Andreou <th...@ubuntucy.org>.

I found the error:

<VirtualHost *:80>
    ServerName logs.markouassociates.com
    ServerName logs

The last line should be ServerAlias instead of ServerName.

Apparently working at night is not my best :)

Thanks for the support guys!

On 06/09/2014 07:12 πμ, Theodotos Andreou wrote:
> After some sleep I figured out that the problem was the incorrect 
> redirection.
>
> So if I call https directly it works. For example 
> https://sub2.myexample.com will get me to the right location.
>
> If I visit http://sub2.myexample.com it redirects to 
> https://sub1.myexample.com
>
> This is the first configuration I tried:
> <VirtualHost *:80>
>     ServerName logs.markouassociates.com
>     ServerName logs
>
>     RewriteCond %{HTTPS} !=on
>
>     RewriteRule ^/?(.*)https://%{SERVER_NAME}/$1 [R,L]
> </VirtualHost>
>
> and this is the second:
> <VirtualHost *:80>
>     ServerName logs.markouassociates.com
>     ServerName logs
>
>     Redirect permanent /https://sub2.example.com/
> </VirtualHost>
>
> but none of them worked.
>
> I do not use any https redirection on sub1.example.com. https is 
> enforced by the application rather than apache config.
>
> On 06/09/2014 01:28 πμ, Yehuda Katz wrote:
>>
>> You don't need NameVirtualHost, but you do need ServerName and/or 
>> ServerAlias directives to tell apache which ghost serves which site.
>>
>> - Y
>>
>> Sent from a gizmo with a very small keyboard and hyperactive 
>> autocorrect.
>>
>> On Sep 5, 2014 6:07 PM, "Theodotos Andreou" <theo@ubuntucy.org 
>> <ma...@ubuntucy.org>> wrote:
>>
>>     Hi guys. I am trying to setup two SSL vhosts on apache but
>>     getting redirected to the first one.
>>
>>     I read this guide:
>>     https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
>>     Apparently that guide about SNI is old since the NameServer
>>     directive seems to be deprecated on mine:
>>     AH00548: NameVirtualHost has no effect and will be removed in the
>>     next release /etc/apache2/conf-enabled/namevirtualhost.conf:1
>>
>>     And this FAQ:
>>     https://httpd.apache.org/docs/current/ssl/ssl_faq.html#vhosts2
>>     I am using a wildcard cert for both vhosts
>>
>>     # apache2 -version
>>     Server version: Apache/2.4.7 (Ubuntu)
>>     Server built: Jul 22 2014 14:36:38
>>     This is the stock apache from Ubuntu 14.04.01
>>
>>     SSLStrictSNIVHostCheck has not been enabled:
>>
>>     #   Whether to forbid non-SNI clients to access name based
>>     virtual hosts.
>>             #   Default: Off
>>             #SSLStrictSNIVHostCheck On
>>
>>
>>     Any hints to the right direction? How can I troubleshoot this
>>     issue further?
>>
>

Re: [users@httpd] Multiple SSL vhosts problem

Posted by Theodotos Andreou <th...@ubuntucy.org>.

After some sleep I figured out that the problem was the incorrect 
redirection.

So if I call https directly it works. For example 
https://sub2.myexample.com will get me to the right location.

If I visit http://sub2.myexample.com it redirects to 
https://sub1.myexample.com

This is the first configuration I tried:

<VirtualHost *:80>
    ServerName logs.markouassociates.com
    ServerName logs

    RewriteCond %{HTTPS} !=on

    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>

and this is the second:

<VirtualHost *:80>
    ServerName logs.markouassociates.com
    ServerName logs

    Redirect permanent / https://sub2.example.com/
</VirtualHost>

but none of them worked.

I do not use any https redirection on sub1.example.com. https is 
enforced by the application rather than apache config.

On 06/09/2014 01:28 πμ, Yehuda Katz wrote:
>
> You don't need NameVirtualHost, but you do need ServerName and/or 
> ServerAlias directives to tell apache which ghost serves which site.
>
> - Y
>
> Sent from a gizmo with a very small keyboard and hyperactive autocorrect.
>
> On Sep 5, 2014 6:07 PM, "Theodotos Andreou" <theo@ubuntucy.org 
> <ma...@ubuntucy.org>> wrote:
>
>     Hi guys. I am trying to setup two SSL vhosts on apache but getting
>     redirected to the first one.
>
>     I read this guide:
>     https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
>     Apparently that guide about SNI is old since the NameServer
>     directive seems to be deprecated on mine:
>     AH00548: NameVirtualHost has no effect and will be removed in the
>     next release /etc/apache2/conf-enabled/namevirtualhost.conf:1
>
>     And this FAQ:
>     https://httpd.apache.org/docs/current/ssl/ssl_faq.html#vhosts2
>     I am using a wildcard cert for both vhosts
>
>     # apache2 -version
>     Server version: Apache/2.4.7 (Ubuntu)
>     Server built: Jul 22 2014 14:36:38
>     This is the stock apache from Ubuntu 14.04.01
>
>     SSLStrictSNIVHostCheck has not been enabled:
>
>     #   Whether to forbid non-SNI clients to access name based virtual
>     hosts.
>             #   Default: Off
>             #SSLStrictSNIVHostCheck On
>
>
>     Any hints to the right direction? How can I troubleshoot this
>     issue further?
>

Re: [users@httpd] Multiple SSL vhosts problem

Posted by Yehuda Katz <ye...@ymkatz.net>.

You don't need NameVirtualHost, but you do need ServerName and/or
ServerAlias directives to tell apache which ghost serves which site.

- Y

Sent from a gizmo with a very small keyboard and hyperactive autocorrect.
On Sep 5, 2014 6:07 PM, "Theodotos Andreou" <th...@ubuntucy.org> wrote:

>  Hi guys. I am trying to setup two SSL vhosts on apache but getting
> redirected to the first one.
>
> I read this guide:
>
> https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
> Apparently that guide about SNI is old since the NameServer directive
> seems to be deprecated on mine:
> AH00548: NameVirtualHost has no effect and will be removed in the next
> release /etc/apache2/conf-enabled/namevirtualhost.conf:1
>
> And this FAQ:
> https://httpd.apache.org/docs/current/ssl/ssl_faq.html#vhosts2
>   I am using a wildcard cert for both vhosts
>
>  # apache2 -version
> Server version: Apache/2.4.7 (Ubuntu)
> Server built: Jul 22 2014 14:36:38
> This is the stock apache from Ubuntu 14.04.01
>
> SSLStrictSNIVHostCheck has not been enabled:
>
>          #   Whether to forbid non-SNI clients to access name based
> virtual hosts.
>         #   Default: Off
>         #SSLStrictSNIVHostCheck On
>
>
>  Any hints to the right direction? How can I troubleshoot this issue
> further?
>