You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Theodotos Andreou <th...@ubuntucy.org> on 2014/09/06 00:06:35 UTC
[users@httpd] Multiple SSL vhosts problem
Hi guys. I am trying to setup two SSL vhosts on apache but getting
redirected to the first one.
I read this guide:
https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
Apparently that guide about SNI is old since the NameServer directive
seems to be deprecated on mine:
AH00548: NameVirtualHost has no effect and will be removed in the next
release /etc/apache2/conf-enabled/namevirtualhost.conf:1
And this FAQ:
https://httpd.apache.org/docs/current/ssl/ssl_faq.html#vhosts2
I am using a wildcard cert for both vhosts
# apache2 -version
Server version: Apache/2.4.7 (Ubuntu)
Server built: Jul 22 2014 14:36:38
This is the stock apache from Ubuntu 14.04.01
SSLStrictSNIVHostCheck has not been enabled:
# Whether to forbid non-SNI clients to access name based
virtual hosts.
# Default: Off
#SSLStrictSNIVHostCheck On
Any hints to the right direction? How can I troubleshoot this issue further?
Re: [users@httpd] Multiple SSL vhosts problem
Posted by Theodotos Andreou <th...@ubuntucy.org>.
I found the error:
<VirtualHost *:80>
ServerName logs.markouassociates.com
ServerName logs
The last line should be ServerAlias instead of ServerName.
Apparently working at night is not my best :)
Thanks for the support guys!
On 06/09/2014 07:12 πμ, Theodotos Andreou wrote:
> After some sleep I figured out that the problem was the incorrect
> redirection.
>
> So if I call https directly it works. For example
> https://sub2.myexample.com will get me to the right location.
>
> If I visit http://sub2.myexample.com it redirects to
> https://sub1.myexample.com
>
> This is the first configuration I tried:
> <VirtualHost *:80>
> ServerName logs.markouassociates.com
> ServerName logs
>
> RewriteCond %{HTTPS} !=on
>
> RewriteRule ^/?(.*)https://%{SERVER_NAME}/$1 [R,L]
> </VirtualHost>
>
> and this is the second:
> <VirtualHost *:80>
> ServerName logs.markouassociates.com
> ServerName logs
>
> Redirect permanent /https://sub2.example.com/
> </VirtualHost>
>
> but none of them worked.
>
> I do not use any https redirection on sub1.example.com. https is
> enforced by the application rather than apache config.
>
> On 06/09/2014 01:28 πμ, Yehuda Katz wrote:
>>
>> You don't need NameVirtualHost, but you do need ServerName and/or
>> ServerAlias directives to tell apache which ghost serves which site.
>>
>> - Y
>>
>> Sent from a gizmo with a very small keyboard and hyperactive
>> autocorrect.
>>
>> On Sep 5, 2014 6:07 PM, "Theodotos Andreou" <theo@ubuntucy.org
>> <ma...@ubuntucy.org>> wrote:
>>
>> Hi guys. I am trying to setup two SSL vhosts on apache but
>> getting redirected to the first one.
>>
>> I read this guide:
>> https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
>> Apparently that guide about SNI is old since the NameServer
>> directive seems to be deprecated on mine:
>> AH00548: NameVirtualHost has no effect and will be removed in the
>> next release /etc/apache2/conf-enabled/namevirtualhost.conf:1
>>
>> And this FAQ:
>> https://httpd.apache.org/docs/current/ssl/ssl_faq.html#vhosts2
>> I am using a wildcard cert for both vhosts
>>
>> # apache2 -version
>> Server version: Apache/2.4.7 (Ubuntu)
>> Server built: Jul 22 2014 14:36:38
>> This is the stock apache from Ubuntu 14.04.01
>>
>> SSLStrictSNIVHostCheck has not been enabled:
>>
>> # Whether to forbid non-SNI clients to access name based
>> virtual hosts.
>> # Default: Off
>> #SSLStrictSNIVHostCheck On
>>
>>
>> Any hints to the right direction? How can I troubleshoot this
>> issue further?
>>
>
Re: [users@httpd] Multiple SSL vhosts problem
Posted by Theodotos Andreou <th...@ubuntucy.org>.
After some sleep I figured out that the problem was the incorrect
redirection.
So if I call https directly it works. For example
https://sub2.myexample.com will get me to the right location.
If I visit http://sub2.myexample.com it redirects to
https://sub1.myexample.com
This is the first configuration I tried:
<VirtualHost *:80>
ServerName logs.markouassociates.com
ServerName logs
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
and this is the second:
<VirtualHost *:80>
ServerName logs.markouassociates.com
ServerName logs
Redirect permanent / https://sub2.example.com/
</VirtualHost>
but none of them worked.
I do not use any https redirection on sub1.example.com. https is
enforced by the application rather than apache config.
On 06/09/2014 01:28 πμ, Yehuda Katz wrote:
>
> You don't need NameVirtualHost, but you do need ServerName and/or
> ServerAlias directives to tell apache which ghost serves which site.
>
> - Y
>
> Sent from a gizmo with a very small keyboard and hyperactive autocorrect.
>
> On Sep 5, 2014 6:07 PM, "Theodotos Andreou" <theo@ubuntucy.org
> <ma...@ubuntucy.org>> wrote:
>
> Hi guys. I am trying to setup two SSL vhosts on apache but getting
> redirected to the first one.
>
> I read this guide:
> https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
> Apparently that guide about SNI is old since the NameServer
> directive seems to be deprecated on mine:
> AH00548: NameVirtualHost has no effect and will be removed in the
> next release /etc/apache2/conf-enabled/namevirtualhost.conf:1
>
> And this FAQ:
> https://httpd.apache.org/docs/current/ssl/ssl_faq.html#vhosts2
> I am using a wildcard cert for both vhosts
>
> # apache2 -version
> Server version: Apache/2.4.7 (Ubuntu)
> Server built: Jul 22 2014 14:36:38
> This is the stock apache from Ubuntu 14.04.01
>
> SSLStrictSNIVHostCheck has not been enabled:
>
> # Whether to forbid non-SNI clients to access name based virtual
> hosts.
> # Default: Off
> #SSLStrictSNIVHostCheck On
>
>
> Any hints to the right direction? How can I troubleshoot this
> issue further?
>
Re: [users@httpd] Multiple SSL vhosts problem
Posted by Yehuda Katz <ye...@ymkatz.net>.
You don't need NameVirtualHost, but you do need ServerName and/or
ServerAlias directives to tell apache which ghost serves which site.
- Y
Sent from a gizmo with a very small keyboard and hyperactive autocorrect.
On Sep 5, 2014 6:07 PM, "Theodotos Andreou" <th...@ubuntucy.org> wrote:
> Hi guys. I am trying to setup two SSL vhosts on apache but getting
> redirected to the first one.
>
> I read this guide:
>
> https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
> Apparently that guide about SNI is old since the NameServer directive
> seems to be deprecated on mine:
> AH00548: NameVirtualHost has no effect and will be removed in the next
> release /etc/apache2/conf-enabled/namevirtualhost.conf:1
>
> And this FAQ:
> https://httpd.apache.org/docs/current/ssl/ssl_faq.html#vhosts2
> I am using a wildcard cert for both vhosts
>
> # apache2 -version
> Server version: Apache/2.4.7 (Ubuntu)
> Server built: Jul 22 2014 14:36:38
> This is the stock apache from Ubuntu 14.04.01
>
> SSLStrictSNIVHostCheck has not been enabled:
>
> # Whether to forbid non-SNI clients to access name based
> virtual hosts.
> # Default: Off
> #SSLStrictSNIVHostCheck On
>
>
> Any hints to the right direction? How can I troubleshoot this issue
> further?
>