You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by David BERCOT <de...@bercot.org> on 2008/12/23 16:12:18 UTC

[users@httpd] Two _default_, one for port 80 and another for port 443

Hi,

Is it possible to have two _defaut_ sections in apache2.conf, one for
http and another for https ?
I've tried something like this :

ServerAdmin moi@mondomaine.org
ServerName www.mondomaine.org
<Directory />
	Options FollowSymLinks
	AllowOverride AuthConfig
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
alert, emerg. LogLevel warn
CustomLog /var/log/apache2/access.log combined
<VirtualHost _default_:80>
	ServerName www.mondomaine.org
	DocumentRoot /www/www.mondomaine.org
</VirtualHost>
<VirtualHost *:80>
	ServerName site1.mondomaine.org
	DocumentRoot /www/site1.mondomaine.org
</VirtualHost>
<VirtualHost *:80>
	ServerName site2.mondomaine.org
	DocumentRoot /www/site2.mondomaine.org
</VirtualHost>
<VirtualHost *:80>
	ServerName sitehttps.mondomaine.org
	RewriteEngine On
	RewriteCond %{SERVER_PORT} 80
	RewriteRule ^/(.*)$ https://%{SERVER_NAME}%{REQUEST_URI}
[R=301,L]
</VirtualHost>
<VirtualHost *:443>
	ServerName sitehttps.mondomaine.org
	DocumentRoot /www/sitehttps.mondomaine.org
	[...]
</VirtualHost>

Everything is ok !!!
But, if I add :
<VirtualHost _default_:443>
	DocumentRoot /www/site2https.mondomaine.org
	[...]
</VirtualHost>

I have this error :
Restarting web server: apache2[Tue Dec 23 15:59:49 2008] [warn]
_default_ VirtualHost overlap on port 443, the first has precedence ...
waiting [Tue Dec 23 15:59:50 2008] [warn] _default_ VirtualHost overlap
on port 443, the first has precedence

Do you have any idea ?

Thanks.

David.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Two _default_, one for port 80 and another for port 443

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

> David BERCOT wrote:
> > Is it possible to have two _defaut_ sections in apache2.conf, one for
> > http and another for https ?

On 23.12.08 16:16, Davide Bianchi wrote:
> Well, by definition, the first 'vhost' for port 80 is the default for
> port 80 (http) and the first one for port 443 is the default for https.

the _default_ and the default virtualhost are in my understanding two
different things...

> > <VirtualHost _default_:80>
> > 	ServerName www.mondomaine.org
> > 	DocumentRoot /www/www.mondomaine.org
> > </VirtualHost>

this, the _default_ is the virtual host that applies on any IP thas has no
vrtual hosts defined.

> > <VirtualHost *:443>
> > 	ServerName sitehttps.mondomaine.org
> > 	DocumentRoot /www/sitehttps.mondomaine.org
> > 	[...]
> > </VirtualHost>

The default virtual host is the first name-based virtual host on defined IP.
This virtual host applies on ANY virtual IP.

> > Everything is ok !!!
> > But, if I add :
> > <VirtualHost _default_:443>
> > 	DocumentRoot /www/site2https.mondomaine.org
> > 	[...]
> > </VirtualHost>

> > I have this error :
> > Restarting web server: apache2[Tue Dec 23 15:59:49 2008] [warn]
> > _default_ VirtualHost overlap on port 443, the first has precedence ...

Ies, the _default_ will not match, because differetn virtual host was
defined on all other IP's.

> The problem with HTTPS is that the server won't be able to know which
> one is the one requested before decoding the request, for which he needs
> a certificate, so he ALWAY picks the first vhost for 443. That means
> that your 'default' https vhost HAVE TO BE the first one.

This has nothing to do with certificates, This is just
-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm. 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Two _default_, one for port 80 and another for port 443

Posted by Davide Bianchi <da...@onlyforfun.net>.

David BERCOT wrote:
> 
> So, if I well understand (I'm not sure ;-))), there can be only one
> https vhost, no ?

You can have as many as you want, *BUT* all of them will use the
certificate of the first one. Read the documentation of Apache.

Davide

-- 
Military intelligence is a contradiction in terms.
-- Julius Henry "Groucho" Marx (http://en.wikiquote.org/wiki/Groucho_Marx)

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Two _default_, one for port 80 and another for port 443

Posted by David BERCOT <de...@bercot.org>.

Le Tue, 23 Dec 2008 16:16:51 +0100,
Davide Bianchi <da...@onlyforfun.net> a écrit :
> David BERCOT wrote:
> > I have this error :
> > Restarting web server: apache2[Tue Dec 23 15:59:49 2008] [warn]
> > _default_ VirtualHost overlap on port 443, the first has
> > precedence ...
> 
> The problem with HTTPS is that the server won't be able to know which
> one is the one requested before decoding the request, for which he
> needs a certificate, so he ALWAY picks the first vhost for 443. That
> means that your 'default' https vhost HAVE TO BE the first one.

So, if I well understand (I'm not sure ;-))), there can be only one
https vhost, no ?

Thanks.

David.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Two _default_, one for port 80 and another for port 443

Posted by Davide Bianchi <da...@onlyforfun.net>.

David BERCOT wrote:
> Hi,
> 
> Is it possible to have two _defaut_ sections in apache2.conf, one for
> http and another for https ?

Well, by definition, the first 'vhost' for port 80 is the default for
port 80 (http) and the first one for port 443 is the default for https.
So, yes.

> <VirtualHost _default_:80>
> 	ServerName www.mondomaine.org
> 	DocumentRoot /www/www.mondomaine.org
> </VirtualHost>
> <VirtualHost *:443>
> 	ServerName sitehttps.mondomaine.org
> 	DocumentRoot /www/sitehttps.mondomaine.org
> 	[...]
> </VirtualHost>
> 
> Everything is ok !!!
> But, if I add :
> <VirtualHost _default_:443>
> 	DocumentRoot /www/site2https.mondomaine.org
> 	[...]
> </VirtualHost>
> 
> I have this error :
> Restarting web server: apache2[Tue Dec 23 15:59:49 2008] [warn]
> _default_ VirtualHost overlap on port 443, the first has precedence ...

The problem with HTTPS is that the server won't be able to know which
one is the one requested before decoding the request, for which he needs
a certificate, so he ALWAY picks the first vhost for 443. That means
that your 'default' https vhost HAVE TO BE the first one.

Davide

-- 
I don't care to belong to a club that accepts people like me as members.
-- Julius Henry "Groucho" Marx (http://en.wikiquote.org/wiki/Groucho_Marx)

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org