You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by John McIntyre <jo...@gmail.com> on 2013/10/01 17:25:05 UTC
[users@httpd] Virtual Hosts Possible for SSL ?
Hi,
I have an apache 2.2.15 instance running on a CentOS 6.4 server.
This server is (or will be, if I ever get it working...) two domains. One
of them has an SSL certificate, and one doesn't. I've been struggling with
this for two days solid, and if my research is correct, then the SSL
handshake takes place before the browser sends the server name, and so what
I'm trying to do isn't possible. Is this true?
The appropriate sections from my httpd.conf are as follows:
NameVirtualHost *:80
<VirtualHost domain1.com:80>
ServerAdmin root@domain1.com
DocumentRoot /var/www/html
ServerName domain1.com
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access.log combined
Redirect permanent / https://domain1.com/
</VirtualHost>
<VirtualHost domain1.com:443>
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/httpd.pem
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
ServerAdmin root@domain1.com
ServerName domain1.com
DocumentRoot /var/www/html
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName domain2.com
ServerAlias domain2.com *.domain2.com
DocumentRoot /var/www/html/domain2
</VirtualHost>
Here is what I *want* to happen.
i) User types http://domain1.com into his browser. The server
automatically redirects this to the secure connection, namely http*s*://
domain1.com. This content is in /var/www/html
So far, this works perfectly.
ii) User types http://domain2.com into his browser. The server sends back
what is in /var/www/html/domain2
This doesn't work. In fact, what happens is that whenever someone asks for
domain2, he gets domain1.
Am I doomed to failiure, or is what I'm trying to do, actually possible?
Thanks.
Re: [users@httpd] Virtual Hosts Possible for SSL ?
Posted by Eric Covener <co...@gmail.com>.
On Wed, Oct 2, 2013 at 1:35 AM, John McIntyre <jo...@gmail.com> wrote:
> Le 1 octobre 2013 à 22:25, Eric Covener a écrit :
>
> Don't use domains or IP addresses inside <virtualhost> or
> NameVirtualHost. It's causing two sets of name-based vhosts. Use
> *:80.
>
>
> Hi,
> When I did that, and restarted the server and then went to my URL, I got a
> warning about the certificate not being approved or whatever (the same one I
> used to get when I was testing the domain with a self-signed certificate).
> And domain2.com still didn't work.
>
Sounds like you changed multiple port 443 virtual host to test
domain2.com:80, not necessary. apachectl -S might be helpful to
debug.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Virtual Hosts Possible for SSL ?
Posted by John McIntyre <jo...@gmail.com>.
Le 1 octobre 2013 à 22:25, Eric Covener a écrit :
> Don't use domains or IP addresses inside <virtualhost> or
> NameVirtualHost. It's causing two sets of name-based vhosts. Use
> *:80.
Hi,
When I did that, and restarted the server and then went to my URL, I got a warning about the certificate not being approved or whatever (the same one I used to get when I was testing the domain with a self-signed certificate). And domain2.com still didn't work.
J.
Re: [users@httpd] Virtual Hosts Possible for SSL ?
Posted by Eric Covener <co...@gmail.com>.
Don't use domains or IP addresses inside <virtualhost> or
NameVirtualHost. It's causing two sets of name-based vhosts. Use
*:80.
On Tue, Oct 1, 2013 at 4:06 PM, John McIntyre <jo...@gmail.com> wrote:
> So I'm still unable to serve that domain2.com :(
>
>
>
>
> Le 1 octobre 2013 à 18:04, Nick Tkach a écrit :
>
> Okay, if you're not doing ssl on domain2 then, no, that's not related. I
> thought maybe from the post title that you were asking about virtual hosts
> for ssl and that gets complicated depending on exactly what you're trying to
> do.
>
>
> On Tue, Oct 1, 2013 at 11:57 AM, John McIntyre <jo...@gmail.com> wrote:
>>
>> Hi,
>> Thanks for that. Unfortunately, even after the changes, entering
>> domain2.com on a browser still goes directly to domain1.com.
>>
>> No, I don't have any intention to do SSL on domain2.com. Is this causing
>> a problem?
>>
>> D.
>>
>>
>> Le 1 octobre 2013 à 17:29, Nick Tkach a écrit :
>>
>> Well, question is, are you trying to have domain2.com *also* do that same
>> http->https ( http://domain2.com to https://domain2.com )? If so, do you
>> have separate certificates for each (domain1 and domain2)?
>>
>>
>> On Tue, Oct 1, 2013 at 10:36 AM, Pete Houston <ph...@openstrike.co.uk>
>> wrote:
>>>
>>> On Tue, Oct 01, 2013 at 04:25:05PM +0100, John McIntyre wrote:
>>> > Am I doomed to failiure, or is what I'm trying to do, actually
>>> > possible?
>>>
>>> No, you are almost there. The problem is that for some reason you have
>>> an asterisk in your VirtualHost declaration for domain2. Change that the
>>> the actual IP address (or hostname since you're using that for the
>>> others) and you should be fine.
>>>
>>> I'd also swap out the asterisk the NameVirtualHost directive too.
>>>
>>> HTH,
>>>
>>> Pete
>>> --
>>> Openstrike - improving business through open source
>>> http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107
>>
>>
>>
>
>
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: Virtual Hosts Possible for SSL ?
Posted by Mark Eggers <md...@gmail.com>.
Top-posting, as it seems to be the trend.
This is a portion of how our environment is set up. We have multiple
virtual hosts, and two with SSL. We run configurations like this on CentOS
6.4 server with the latest updates.
We use a SAN cert to manage multiple domain names.
Please note that these are snippets. Place the information in the
appropriate places on your server. Change the information to something
reasonable.
# httpd.conf
Listen 80
NameVirtualHost external.ip.address.interface:80
NameVirtualHost internal.ip.address.interface:80
<VirtualHost external.ip.address.interface:80>
ServerName some.server.name
ServerAdmin someperson@some.server.name
DocumentRoot /var/www/some
#
# Other Directives
#
</VirtualHost>
<VirtualHost external.ip.address.interface:80>
ServerName another.server.name
ServerAdmin anotherperson@another.server.name
DocumentRoot /var/www/another
#
# Other Directives
#
</VirtualHost>
<VirtualHost external.ip.address.interface:80>
ServerName three.server.name
ServerAdmin wee@three.server.name
DocumentRoot /var/www/wee
#
# Other Directives
#
</VirtualHost>
<VirtualHost internal.ip.address.interface:80>
ServerName private.server.name
ServerAdmin personal@some.server.name
DocumentRoot /var/www/private
#
# Other Directives
#
</VirtualHost>
# ssl.conf
Listen 443
NameVirtualHost external.ip.address.interface:443
# Certs
SSLCertificateFile "san-cert.crt"
SSLCertificateKeyFile "san-cert.key"
SSLCertificateChainFIle "some-middle-man.crt"
# Lots more stuff
<VirtualHost _default:443>
# logging defaults
# SSL protocol defaults
# broken IE defaults
</VirtualHost>
<VirtualHost external.ip.address.interface:443>
ServerName some.server.name
ServerAdmin someperson@some.server.name
DocumentRoot /var/www/some
#
# Other Directives
#
</VirtualHost>
<VirtualHost external.ip.address.interface:443>
ServerName another.server.name
ServerAdmin anotherperson@another.server.name
DocumentRoot /var/www/another
#
# Other Directives
#
</VirtualHost>
This is all happily working (and fronting multiple Tomcat servers). Hope
this helps . . .
. . . . just my two cents
/mde/
On Tue, 01 Oct 2013 21:06:22 +0100, John McIntyre wrote:
> So I'm still unable to serve that domain2.com :(
>
>
>
>
> Le 1 octobre 2013 à 18:04, Nick Tkach a écrit :
>
>> Okay, if you're not doing ssl on domain2 then, no, that's not related.
>> I thought maybe from the post title that you were asking about virtual
>> hosts for ssl and that gets complicated depending on exactly what
>> you're trying to do.
>>
>>
>> On Tue, Oct 1, 2013 at 11:57 AM, John McIntyre <jo...@gmail.com>
>> wrote:
>> Hi,
>> Thanks for that. Unfortunately, even after the changes, entering
>> domain2.com on a browser still goes directly to domain1.com.
>>
>> No, I don't have any intention to do SSL on domain2.com. Is this
>> causing a problem?
>>
>> D.
>>
>>
>> Le 1 octobre 2013 à 17:29, Nick Tkach a écrit :
>>
>>> Well, question is, are you trying to have domain2.com *also* do that
>>> same http->https ( http://domain2.com to https://domain2.com )? If
>>> so, do you have separate certificates for each (domain1 and domain2)?
>>>
>>>
>>> On Tue, Oct 1, 2013 at 10:36 AM, Pete Houston <ph...@openstrike.co.uk>
>>> wrote:
>>> On Tue, Oct 01, 2013 at 04:25:05PM +0100, John McIntyre wrote:
>>> > Am I doomed to failiure, or is what I'm trying to do, actually
>>> > possible?
>>>
>>> No, you are almost there. The problem is that for some reason you have
>>> an asterisk in your VirtualHost declaration for domain2. Change that
>>> the the actual IP address (or hostname since you're using that for the
>>> others) and you should be fine.
>>>
>>> I'd also swap out the asterisk the NameVirtualHost directive too.
>>>
>>> HTH,
>>>
>>> Pete --
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Virtual Hosts Possible for SSL ?
Posted by John McIntyre <jo...@gmail.com>.
So I'm still unable to serve that domain2.com :(
Le 1 octobre 2013 à 18:04, Nick Tkach a écrit :
> Okay, if you're not doing ssl on domain2 then, no, that's not related. I thought maybe from the post title that you were asking about virtual hosts for ssl and that gets complicated depending on exactly what you're trying to do.
>
>
> On Tue, Oct 1, 2013 at 11:57 AM, John McIntyre <jo...@gmail.com> wrote:
> Hi,
> Thanks for that. Unfortunately, even after the changes, entering domain2.com on a browser still goes directly to domain1.com.
>
> No, I don't have any intention to do SSL on domain2.com. Is this causing a problem?
>
> D.
>
>
> Le 1 octobre 2013 à 17:29, Nick Tkach a écrit :
>
>> Well, question is, are you trying to have domain2.com *also* do that same http->https ( http://domain2.com to https://domain2.com )? If so, do you have separate certificates for each (domain1 and domain2)?
>>
>>
>> On Tue, Oct 1, 2013 at 10:36 AM, Pete Houston <ph...@openstrike.co.uk> wrote:
>> On Tue, Oct 01, 2013 at 04:25:05PM +0100, John McIntyre wrote:
>> > Am I doomed to failiure, or is what I'm trying to do, actually possible?
>>
>> No, you are almost there. The problem is that for some reason you have
>> an asterisk in your VirtualHost declaration for domain2. Change that the
>> the actual IP address (or hostname since you're using that for the
>> others) and you should be fine.
>>
>> I'd also swap out the asterisk the NameVirtualHost directive too.
>>
>> HTH,
>>
>> Pete
>> --
>> Openstrike - improving business through open source
>> http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107
>>
>
>
Re: [users@httpd] Virtual Hosts Possible for SSL ?
Posted by John McIntyre <jo...@gmail.com>.
> NameVirtualHost *:80 ##$ fine
>
> <VirtualHost domain1.com:80> ##$ <<---- you need *:80 here !
All right! It seems to be working, and I am confused, since I could have sworn that that was my configuration.
Anyway, many thanks!
J.
Re: [users@httpd] Virtual Hosts Possible for SSL ?
Posted by Stefan Pielmeier <st...@symlinux.com>.
Ok, I had similar problems. When seeing your original config, it triggers following comments (after ##$) from me:
NameVirtualHost *:80 ##$ fine
<VirtualHost domain1.com:80> ##$ <<---- you need *:80 here !
ServerAdmin root@domain1.com
DocumentRoot /var/www/html
ServerName domain1.com
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access.log combined
Redirect permanent / https://domain1.com/
</VirtualHost>
<VirtualHost domain1.com:443> ##$ fine
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/httpd.pem
SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
ServerAdmin root@domain1.com
ServerName domain1.com
DocumentRoot /var/www/html
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access.log combined
</VirtualHost>
<VirtualHost *:80> ##$ that is fine
ServerName domain2.com
ServerAlias domain2.com *.domain2.com
DocumentRoot /var/www/html/domain2
</VirtualHost>
Stefan Pielmeier
email:stefan@symlinux.com
On 5 Oct 2013, at 21:28, Eric Covener <co...@gmail.com> wrote:
> On Sat, Oct 5, 2013 at 3:22 PM, John McIntyre <jo...@gmail.com> wrote:
>>
>> Okay, if you're not doing ssl on domain2 then, no, that's not related. I
>> thought maybe from the post title that you were asking about virtual hosts
>> for ssl and that gets complicated depending on exactly what you're trying to
>> do.
>>
>>
>> Guys, coming back at you with this, as I still can't get it to work. Does
>> anyone have any ideas?
>
> It would help if you included your configuration, apachectl -S output,
> and the test request/expectations/results each time something changes.
>
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
Re: [users@httpd] Virtual Hosts Possible for SSL ?
Posted by Eric Covener <co...@gmail.com>.
On Sat, Oct 5, 2013 at 3:22 PM, John McIntyre <jo...@gmail.com> wrote:
>
> Okay, if you're not doing ssl on domain2 then, no, that's not related. I
> thought maybe from the post title that you were asking about virtual hosts
> for ssl and that gets complicated depending on exactly what you're trying to
> do.
>
>
> Guys, coming back at you with this, as I still can't get it to work. Does
> anyone have any ideas?
It would help if you included your configuration, apachectl -S output,
and the test request/expectations/results each time something changes.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Virtual Hosts Possible for SSL ?
Posted by John McIntyre <jo...@gmail.com>.
> Okay, if you're not doing ssl on domain2 then, no, that's not related. I thought maybe from the post title that you were asking about virtual hosts for ssl and that gets complicated depending on exactly what you're trying to do.
Guys, coming back at you with this, as I still can't get it to work. Does anyone have any ideas?
Much appreciated.
Re: [users@httpd] Virtual Hosts Possible for SSL ?
Posted by Nick Tkach <nt...@gmail.com>.
Okay, if you're not doing ssl on domain2 then, no, that's not related. I
thought maybe from the post title that you were asking about virtual hosts
for ssl and that gets complicated depending on exactly what you're trying
to do.
On Tue, Oct 1, 2013 at 11:57 AM, John McIntyre <jo...@gmail.com> wrote:
> Hi,
> Thanks for that. Unfortunately, even after the changes, entering
> domain2.com on a browser still goes directly to domain1.com.
>
> No, I don't have any intention to do SSL on domain2.com. Is this causing
> a problem?
>
> D.
>
>
> Le 1 octobre 2013 à 17:29, Nick Tkach a écrit :
>
> Well, question is, are you trying to have domain2.com *also* do that same
> http->https ( http://domain2.com to https://domain2.com )? If so, do you
> have separate certificates for each (domain1 and domain2)?
>
>
> On Tue, Oct 1, 2013 at 10:36 AM, Pete Houston <ph...@openstrike.co.uk>wrote:
>
>> On Tue, Oct 01, 2013 at 04:25:05PM +0100, John McIntyre wrote:
>> > Am I doomed to failiure, or is what I'm trying to do, actually possible?
>>
>> No, you are almost there. The problem is that for some reason you have
>> an asterisk in your VirtualHost declaration for domain2. Change that the
>> the actual IP address (or hostname since you're using that for the
>> others) and you should be fine.
>>
>> I'd also swap out the asterisk the NameVirtualHost directive too.
>>
>> HTH,
>>
>> Pete
>> --
>> Openstrike - improving business through open source
>> http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107
>>
>
>
>
Re: [users@httpd] Virtual Hosts Possible for SSL ?
Posted by John McIntyre <jo...@gmail.com>.
Hi,
Thanks for that. Unfortunately, even after the changes, entering domain2.com on a browser still goes directly to domain1.com.
No, I don't have any intention to do SSL on domain2.com. Is this causing a problem?
D.
Le 1 octobre 2013 à 17:29, Nick Tkach a écrit :
> Well, question is, are you trying to have domain2.com *also* do that same http->https ( http://domain2.com to https://domain2.com )? If so, do you have separate certificates for each (domain1 and domain2)?
>
>
> On Tue, Oct 1, 2013 at 10:36 AM, Pete Houston <ph...@openstrike.co.uk> wrote:
> On Tue, Oct 01, 2013 at 04:25:05PM +0100, John McIntyre wrote:
> > Am I doomed to failiure, or is what I'm trying to do, actually possible?
>
> No, you are almost there. The problem is that for some reason you have
> an asterisk in your VirtualHost declaration for domain2. Change that the
> the actual IP address (or hostname since you're using that for the
> others) and you should be fine.
>
> I'd also swap out the asterisk the NameVirtualHost directive too.
>
> HTH,
>
> Pete
> --
> Openstrike - improving business through open source
> http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107
>
Re: [users@httpd] Virtual Hosts Possible for SSL ?
Posted by Nick Tkach <nt...@gmail.com>.
Well, question is, are you trying to have domain2.com *also* do that same
http->https ( http://domain2.com to https://domain2.com )? If so, do you
have separate certificates for each (domain1 and domain2)?
On Tue, Oct 1, 2013 at 10:36 AM, Pete Houston <ph...@openstrike.co.uk> wrote:
> On Tue, Oct 01, 2013 at 04:25:05PM +0100, John McIntyre wrote:
> > Am I doomed to failiure, or is what I'm trying to do, actually possible?
>
> No, you are almost there. The problem is that for some reason you have
> an asterisk in your VirtualHost declaration for domain2. Change that the
> the actual IP address (or hostname since you're using that for the
> others) and you should be fine.
>
> I'd also swap out the asterisk the NameVirtualHost directive too.
>
> HTH,
>
> Pete
> --
> Openstrike - improving business through open source
> http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107
>
Re: [users@httpd] Virtual Hosts Possible for SSL ?
Posted by Pete Houston <ph...@openstrike.co.uk>.
On Tue, Oct 01, 2013 at 04:25:05PM +0100, John McIntyre wrote:
> Am I doomed to failiure, or is what I'm trying to do, actually possible?
No, you are almost there. The problem is that for some reason you have
an asterisk in your VirtualHost declaration for domain2. Change that the
the actual IP address (or hostname since you're using that for the
others) and you should be fine.
I'd also swap out the asterisk the NameVirtualHost directive too.
HTH,
Pete
--
Openstrike - improving business through open source
http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107