Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Portforwarding 2 domains and 1 subdomain in 1 apache server |
|
Author |
|
Mobby
Joined: 12 Mar 2024 Posts: 3
|
Posted: Thu 14 Mar '24 11:40 Post subject: Portforwarding 2 domains and 1 subdomain in 1 apache server |
|
|
Hey guys,
hope you're doing well.
I have 1 small "forwarding" problem with my webserver that i would like to explain, hopefully to get any help here:
My Apache Server version:
Server version: Apache/2.4.52 (Ubuntu)
Server built: 2023-10-26
I have 2 Domains and 1 Sub-Domain running on the same server.
Let's call them:
- Dom1 (Domain 1)
-- Sub (Sub-Dom1 on Domain 1)
- Dom2 (Domain 2)
My configuration:
File 1:
<IfModule mod_ssl.c>
<Directory /var/www/html/presentation>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<VirtualHost *:80>
ServerName Dom1.de
# ServerAlias www.Dom1.de
DocumentRoot /var/www/html/presentation
Redirect / https://www.Dom1.de
</VirtualHost>
<VirtualHost *:443>
ServerName www.Dom1.de
ServerAdmin info@Dom1.de
DocumentRoot /var/www/html/DOM1_website
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/www.Dom1.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.Dom1.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost *:80>
ServerName Dom2.de
DocumentRoot /var/www/html/presentation/DOM2_website
RedirectPermanent / https://www.Dom2.de
</VirtualHost>
<VirtualHost *:443>
ServerName www.Dom2.de
ServerAdmin info@Dom1.de
DocumentRoot /var/www/html/presentation/Dom2_website
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/www.Dom1.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.Dom1.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
File 2:
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName Sub.Dom1.de
# ServerAlias Sub-Dom1.de
RedirectPermanent / https://Sub.Dom1.de
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin@Dom1.de
DocumentRoot /var/www/html/Folder
ErrorLog ${APACHE_LOG_DIR}/app_error.log
CustomLog ${APACHE_LOG_DIR}/app_access.log combined
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCertificateFile /etc/ssl/DOM1/Dom1.crt
SSLCertificateKeyFile /etc/ssl/DOM1/privkey.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
My Problem:
1. The Portforwarding from Port 80 to port 443 is not working for all domains.
2. When i try to open the subdomain without using https or http the webserver opens the port 80 without ssl.
What i would like to have...
1. Portforwarding from port 80 to 443 of all domains and subdomains
2. Forwarding all domains and subdomain when using the domain without "www." to "https://www...."
I tried also the htaccess option but also without any success.
If you need any other info please let me know.
Thanks for your help.
Best regards |
|
Back to top |
|
tangent Moderator
Joined: 16 Aug 2020 Posts: 348 Location: UK
|
Posted: Mon 18 Mar '24 22:34 Post subject: |
|
|
I don't understand the reasoning for spliting this configuration into separate files, with a sub-domain being handled by the second file, not least of which the order in which you define virtual hosts is important. If you look at the Apache documentation page on virtual hosts https://httpd.apache.org/docs/current/mod/core.html#virtualhost, it says:
Note in the case where there's no specific domain match for a virtual host, the following applies:
If multiple virtual hosts contain the best matching IP address and port, the server selects from these virtual hosts the best match based on the requested hostname. If no matching name-based virtual host is found, then the first listed virtual host that matched the IP address will be used. As a consequence, the first listed virtual host for a given IP address and port combination is the default virtual host for that IP and port combination. So the first virtual host for a given IP and port is the default if there's no specific domain match, noting you've not specified a ServerName for the port 443 virtual host (sub domain) in file two.
As to your requirements, I'd replace all the port 80 virtual hosts with one default, to handle all your non-secure redirects using mod_rewrite, viz.
Code: | LoadModule rewrite_module modules/mod_rewrite.so
# Define default virtual host
#
<VirtualHost *:80>
# Inherit mod_rewrite
#
RewriteEngine On
RewriteOptions InheritBefore
# Check for a non-secure HTTP request and if found redirect to HTTPS.
#
RewriteCond %{HTTPS} off
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [L,NE,QSA,R]
</VirtualHost> |
Next, I'd define three port 443 virtual hosts, one for each of your secure sites Dom1, Sub-Dom1 and Dom2, including appropriate ServerName and ServerAlias entries as needed in each entry, plus other configuration as required.
You don't say if you're using a SAN certificate covering all the domains (the separate certificate entry in file 2 rather suggests you're not), but you may want to add a default port 443 virtual host to cover requests that don't match any of your server domain names.
As to your second requirement, over redirecting non-www prefix domains, you could add the following to each secure virtual host.
Code: |
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^/(.*)$ https://www.%{HTTP_HOST}/$1 [L,NE,QSA,R] |
|
|
Back to top |
|
Mobby
Joined: 12 Mar 2024 Posts: 3
|
Posted: Thu 21 Mar '24 17:00 Post subject: |
|
|
Thanks for your reply.
I thought, when i split the virtualhosts i have a better overview, seems not.
Many thanks for all your hints. Will try it this weekend and give a feedback. |
|
Back to top |
|
Mobby
Joined: 12 Mar 2024 Posts: 3
|
Posted: Sun 24 Mar '24 8:05 Post subject: |
|
|
Hi,
all changes are done and it works fine now.
Thank you so much for your help. Really appreciate.
Have a nice sunday.
This topic can be closed. |
|
Back to top |
|
|
|
|
|
|