logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Virtual Hosts and SSL problem
Author
pips



Joined: 03 May 2006
Posts: 65
Location: Manchester, UK

PostPosted: Thu 23 Nov '06 14:57    Post subject: Virtual Hosts and SSL problem Reply with quote

I want to setup our apache server to host both normal (port80) websites and SSL (port443) websites.
I have setup the directory structure as follows:-

d:\apache2\htdocs\80 - for port 80 websites
d:\apache2\htdocs\443 - for port 443 SSL websites

I have also included in the HTTPD.CONF the following configuration:-

NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.domain1.co.uk
DocumentRoot "d:/Apache2/htdocs/80/domain1"
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain2.co.uk
DocumentRoot "d:/Apache2/htdocs/80/domain2"
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain3.co.uk
DocumentRoot "d:/Apache2/htdocs/80/domain3"
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain3.com
DocumentRoot "d:/Apache2/htdocs/80/domain3"
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain4.co.uk
DocumentRoot "d:/Apache2/htdocs/80/domain4"
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain5.co.uk
DocumentRoot "d:/Apache2/htdocs/80/domain5"
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain6.co.uk
DocumentRoot "d:/Apache2/htdocs/80/domain6"
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain7.co.uk
DocumentRoot "d:/Apache2/htdocs/80/domain7"
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain8.co.uk
DocumentRoot "d:/Apache2/htdocs/80/domain8"
</VirtualHost>

NameVirtualHost *:443
<VirtualHost *:443>
ServerName www.domain9.co.uk
DocumentRoot "d:/Apache2/htdocs/443"
SSLEngine On
SSLCertificateFile conf/ssl/domain9.crt
SSLCertificateKeyFile conf/ssl/domain9.key
</VirtualHost>



Everything works well if I type in https://domain9.co.uk and it asks me to accept the certificate, then gives me the login screen to the secure area.
Also if I type in http://www.domain1.co.uk or http://www.domain2.co.uk etc. I get the appropriate website displayed.

The problem is that if I type https://www.domain1.co.uk or any of the domains 1 to 8, it will serve up the domain9 website. I only want SSL for domain 9 not for the others.

I have searched google for answers and tried various ways of trying to stop this, but nothing I seem to do stops the problem.

Anyone got any ideas please?

Thanks in advance,
Phil.
Back to top
tdonovan
Moderator


Joined: 17 Dec 2005
Posts: 611
Location: Milford, MA, USA

PostPosted: Sun 26 Nov '06 2:23    Post subject: Reply with quote

Unfortunately, you probably cannot do what you want to do with name-based virtual servers and a single IP address.

Per the Apache docs for Name-based Virtual Host Support:
    "Name-based virtual hosting cannot be used with SSL secure servers because of the nature of the SSL protocol."
An SSL connection is established before the name of the server (e.g. 'www.domain1.co.uk', 'www.domain2.co.uk', etc.) gets sent to Apache.
This prevents Apache from making any SSL-related decisions based on the host name.

Since you only want one server to use SSL, you can make the situation a little better using mod_rewrite.

Enable:
    LoadModule rewrite_module modules/mod_rewrite.so
in your httpd.conf, and put this inside your <VirtualHost *:443> section:
Code:
<IfModule rewrite_module>
# redirect any SSL requests to hosts other than www.domain9.co.uk back to non-SSL http://hostname
    RewriteEngine on
    RewriteCond %{HTTPS} on
    RewriteCond %{HTTP_HOST} !www.domain9.co.uk
    RewriteRule .* http://%{HTTP_HOST}$0 [R=permanent]
</IfModule>

This will cause any SSL request like https://www.domain2.co.uk to be redirected to a non-SSL http://www.domain2.co.uk/.

Alas, redirection can only happen after a connection is established
- so your users will still need to click through the browser warniing "The name on the certificate does not match the name of the site"
before being redirected to the correct non-SSL URL.

-tom-
Back to top
pips



Joined: 03 May 2006
Posts: 65
Location: Manchester, UK

PostPosted: Sun 26 Nov '06 11:29    Post subject: Reply with quote

Tom, you're a star, thanks!!

I'm not too worried about the security warning about the certificate not matching etc. It was just worrying me a bit that if someone typed https instead of http they were presented with the logon screen for our company database!

Your solution is fantastic. Very Happy

Thanks again,
Phil.
Back to top


Reply to topic   Topic: Virtual Hosts and SSL problem View previous topic :: View next topic
Post new topic   Forum Index -> Apache