Thursday, February 3, 2011

Apache Virtual Host by name

Is it possible to replace "*" with a domain name or subdomain?

<VirtualHost *:443>

update

The problem is that I get this error on booting up apache:

[Mon Aug 16 13:42:48 2010] [warn] _default_ VirtualHost overlap on port 443, the first has precedence

I have a virtualHost on :443 for a subdomain and one for a primary domain. When I remove the subdomain I no longer get that error.

as a side note, if this configuration can be more efficient, please let me know how

domain.com config

<VirtualHost *:80>
 ServerAdmin webmaster@domain.com
 ServerName  www.domain.com
 ServerAlias domain.com
 ServerAlias xx.xxx.xxx.xx

 # Directory Root.
 DocumentRoot /sites/domain.com/www/

 # Logfiles
 ErrorLog  /sites/domain.com/logs/error.log
 CustomLog /sites/domain.com/logs/access.log combined
</VirtualHost>

<VirtualHost *:443>
 ServerName  www.domain.com

 # Directory Root.
 DocumentRoot /sites/domain.com/www/

 # Enable SSL
 SSLEngine On
 SSLCertificateFile  /sites/domain.com/ssl/star_domain_com.crt
 SSLCertificateKeyFile /sites/domain.com/ssl/ikeyless.key
 SSLCertificateChainFile /sites/domain.com/ssl/DigiCertCA.crt
 SetEnvIf User-Agent ..*MSIE.*. nokeepalive ssl-unclean-shutdown
</VirtualHost>

support.domain.com config

<VirtualHost *:80>
 ServerName support.domain.com

 # Directory Root.
 DocumentRoot /sites/support.domain.com/www/

 # Logfiles
 ErrorLog  /sites/support.domain.com/logs/error.log
 CustomLog /sites/support.domain.com/logs/access.log combined
</VirtualHost>

<VirtualHost *:443>
 ServerName support.domain.com

 # Directory Root.
 DocumentRoot /sites/support.domain.com/www/

 # Logfiles
 ErrorLog  /sites/support.domain.com/logs/error.log
 CustomLog /sites/support.domain.com/logs/access.log combined

 # Enable SSL
 SSLEngine On
 SSLCertificateFile  /sites/domain.com/ssl/star_domain_com.crt
 SSLCertificateKeyFile /sites/domain.com/ssl/domain.key
 SSLCertificateChainFile /sites/domain.com/ssl/DigiCertCA.crt
 SetEnvIf User-Agent ..*MSIE.*. nokeepalive ssl-unclean-shutdown
</VirtualHost>

When I try to access support.domain.com it points to domain.com and won't load our support site when in https, it works fine in http.

From serverfault Webnet

  • Yes, this is a very powerful part of apache's configuration.

    For example, suppose that you are serving the domain www.domain.tld and you wish to add the virtual host www.otherdomain.tld, which points at the same IP address. Then you simply add the following to httpd.conf:

    NameVirtualHost *:80

<VirtualHost *:80>
    ServerName www.domain.tld
    ServerAlias domain.tld *.domain.tld
    DocumentRoot /www/domain
</VirtualHost>

<VirtualHost *:80>
    ServerName www.otherdomain.tld
    DocumentRoot /www/otherdomain
</VirtualHost>

    See full documentation here: http://httpd.apache.org/docs/2.2/vhosts/

    The final answer: Add the NameVirtualHost *:443 directive to your default config.

    Webnet : The problem I'm having is that I'm defining a subdomain and primary domain to *:443 but the subdomain continues to forward to the primary domain on that port.
    Mike : Can you post a copy of your conf file to the case? Replace any sensitive information, and explain the desired behavior.
    Mike : It looks like you're missing the overall "NameVirtualHost" directive as well. See here: http://httpd.apache.org/docs/2.2/mod/core.html#namevirtualhost
    Webnet : I'm trying to find it, there's about 20 config files here for various domains and subdomains..... https works on our primary domain though, so wouldn't that mean that it's defined somewhere?
    Mike : That is works is the _default_ kicking in, and it's not defined. Run a grep on all files for it, and if it's not there, simply add it to the default config.
    From Mike

  • You can specify a specific IP in place with the asterisk, as long as the IP is specified with NameVirtualHost. The name is specified in ServerName and ServerAlias.

    The asterisk is matching all IP addresses that Apache binds to in the VirtualHost.

    Khai : (+1) Right on... straight to the point. The asterisk refers to the IP apache should listen on for that vhost. You can listen on all IPs apache is bound to (*) or a specific one.
    From Warner

  • Not for SSL:

    You cannot use name based virtual hosts with SSL because the SSL handshake (when the browser accepts the secure Web server's certificate) occurs before the HTTP request, which identifies the appropriate name based virtual host. If you plan to use name-based virtual hosts, remember that they only work with your non-secure Web server.

    Update:

    Apparently latest web servers supports this.. Check the link provided by Warner.

    Warner : This is no longer the case. See: http://serverfault.com/questions/126072/ssl-certificate-selection-based-on-host-header-is-it-possible/126075#126075
    R. Bemrose : @Warner: It was for some time, and even with Apache, you need 2.2.12 or newer to support it.
    From Andrejs Cainikovs

  • Have you done anything with default virtual host it makes?

    If you don't do any customization apache will make a separate config file for some SSL stuff in conf.d/ssl.conf, and in there it declares a virtual host named _default_:443.

    If I add a vhost as *:443 in my main config it gives the same error, and if I remove the _default_:443 vhost in the conf.d/ssl.conf it doesn't.

    From

  • We resolved this issue by putting all of our SSL on a specific IP address and then all other sites on a secondary IP. When we did this, everything worked.

    From Webnet
Posted by Mu Cat at 8:50 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)