Apache2 VirtualHost SSL config issues - ssl

Debian 10 / Apache2 -
GOAL: redirect all web traffic to VPS server to SSL. I have 2 sites hosted: bjmurrey.com and nextcloud.bjmurrey.com. I have 1 IP address.
PROBLEM: I can't for the life of me find a way to make this work. I have tried 1000 suggestions posted here and elsewhere with no success. The closest I get is everything redirects to https://bjmurrey.com when typing in nextcloud.bjmurrey.com. I am also a novice at this so please be kind.
I have a default.conf that looks like this:
<VirtualHost *:80>
ServerName www.bjmurrey.com
ServerAlias bjmurrey.com
DocumentRoot /var/www/blog
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://bjmurrey.com/
</VirtualHost>
<VirtualHost *:80>
ServerName nextcloud.bjmurrey.com
DocumentRoot /var/www/nextcloud
ServerAlias nextcloud.bjmurrey.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://nextcloud.bjmurrey.com/
</VirtualHost>
I have a default-ssl.conf that looks like this:
<VirtualHost bjmurrey.com:443>
ServerName bjmurrey.com
ServerAlias www.bjmurrey.com
DocumentRoot /var/www/blog
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/bjmurrey.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/bjmurrey.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost nextcloud.bjmurrey.com:443>
ServerName nextcloud.bjmurrey.com
DocumentRoot /var/www/nextcloud
ServerAlias nextcloud.bjmurrey.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/nextcloud.bjmurrey.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.bjmurrey.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
bjmurrey.com is in var/www/blog and nextcloud.bjmurrey.com in the var/www/nextcloud directories.
I have my DNS records www and nextcloud both pointed to same IP. I only have 1 IP available. This is a very low traffic site.
I have done all kinds of things like just have the default virtual host redirect to only nextcloud and removed all mention of the www site and it still redirects to bjmurrey.com, or redirects with an SSL error saying that nextcloud can't be loaded because the ssl is for bjmurrey.com only. As you can see I have made certs with letsencrypt for both bjmurrey.com and nextcloud.bjmurrey.com.
I'm about to yank all my hair out in frustration, so I know I've tapped out all my knowledge here. Help!

I have retested with http and is working for me.
Both addresses mydomain.myhost.example.com and myhost.example.com resolve to the same IP.
This is my configuration file
ServerName example.com
<VirtualHost *:80>
ServerName mydomain.myhost.example.com
DocumentRoot /var/www/mydomain
</VirtualHost>
<VirtualHost *:80>
ServerName myhost.example.com
DocumentRoot /var/www/myhost
</VirtualHost>
Tested in Ubuntu 20.04.1, Apache 2.4

Related

Apache: two domains on the same server with different ports

I'm newbie on this stuff so forgive me if i'm doing a stupid question. I have a vue application running on port 80 working just fine over SSL (say www.domain.com and domain.com).
Now I need my springboot application, which is running over port 8443 to be accessible by a secure connection too (say on api.domain.com) but i can't quite figure what i'm doing wrong...
I can access the api if i'm not including the second virtualhost, but only using http... Also, when I just type api.domain.com it goes to domain.com start page too. And when I include the second virtualhost, I can't even acces domain.com.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName www.domain.com
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias domain.com
ProxyPreserveHost On
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName api.domain.com
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias api.domain.com
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8443/
ProxyPassReverse / http://127.0.0.1:8443/
</VirtualHost>
</IfModule>
Found it out: there are some apache modules that need to be activated. Just did it with
sudo a2enmod proxy
sudo a2enmod proxy_http
and everything works like a charm.

Order to declare VirtualHost for domain and subdomains, Apache2, Ubuntu

I declared in my DNS, my domain, subdomain1 and subdomain2, and everything works.
Then I create my directories like this :
/var/www/domain.com/public_html/index.html /var/www/subdomain1.domain.com/public_html/index.html /var/www/subdomain2.domain.com/public_html/index.html
Then I create : /etc/apache2/sites-available/domain.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.subdomain1.domain.com
ServerAlias www.subdomain1.domain.com
ServerAdmin webmaster#domain.com
DocumentRoot /var/www/subdomain1.domain.com/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName www.subdomain2.domain.com
ServerAlias www.subdomain2.domain.com
ServerAdmin webmaster#domain.com
DocumentRoot /var/www/subdomain2.domain.com/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName www.domain.com
ServerAlias www.domain.com
ServerAdmin webmaster#domain.com
DocumentRoot /var/www/domain.com/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
I disable the default configuration: sudo a2dissite 000-default.conf
Then I activate each of the websites: sudo a2ensite domain.conf
I restart Apache 2: sudo systemctl restart apache2.service
The problem is that all links point to the first declared VirtualHost, even when I separate the VirtualHost declarations in separate .conf files, it will always be the first VirtualHost in the directory that will be opened for all DNS domains.
Apache will try to match the requested domain to one of the VirtualHost it knows about. When it cannot find a match, it will use the first one it read, top to bottom in the configurations. Hence here, your domains are not being recognized by Apache, and you get the first one all the time.
I modified your configuration a little bit:
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.subdomain1.example.com
ServerAlias subdomain1.example.com
ServerAdmin webmaster#example.com
DocumentRoot /var/www/subdomain1.example.com/public_html
ErrorLog ${APACHE_LOG_DIR}/sub1_error.log
CustomLog ${APACHE_LOG_DIR}/sub1_access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName www.subdomain2.example.com
ServerAlias subdomain2.example.com
ServerAdmin webmaster#example.com
DocumentRoot /var/www/subdomain2.example.com/public_html
ErrorLog ${APACHE_LOG_DIR}/sub2_error.log
CustomLog ${APACHE_LOG_DIR}/sub2_access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
ServerAdmin webmaster#example.com
DocumentRoot /var/www/example.com/public_html
ErrorLog ${APACHE_LOG_DIR}/example_error.log
CustomLog ${APACHE_LOG_DIR}/example_access.log combined
</VirtualHost>
Details:
NameVirtualHost is only required if you run Apache 2.2. >2.4, it is automatic, no need to put it, it will work anyway.
ServerAlias is useful to define another domain name that applies to this VirtualHost. If you define ServerAlias == ServerName, it is useless.
Therefore, the ServerAlias are now configured with the domain names, without "www."
Split your log files. If you have 3 VH pointing to the same logs, it will be a real mess to debug. It makes it easier when split.
So with this configuration...
http://www.subdomain1.example.com and http://subdomain1.example.com will go to the 1st VH.
Similar for subdomain2
And http://www.example.com and http://example.com will use the third one.
This is based on your question and the comment where you say you tried example.com. In your configuration, example.com was not listed anywhere (i.e. www.example.com != example.com).

How to make an redirectSSL in the vhost

I get slightly crazy :)
I have a domain example.com and I have a SSL certificate for www.example.com
The example.com refers to the IP address of the server (it is an EC2 instance).
In the vhost.conf of the Server I have the following entries
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://www.example.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName www.example.com
DocumentRoot /var/www/vhosts/example-wp
SSLEngine On
...
</VirtualHost>
I took the information from the apache wiki.
https://wiki.apache.org/httpd/RedirectSSL
Thanks for helping
Tristan
You already have the necessary directives listed to perform the redirect. You also need to tell the vhost file where your certificate and key for the certificate exist. You also need to say whether or not a directory the user browses to is to load SSL. Please see a full example configuration file below.
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
Redirect / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
ServerAlias example.com
ServerAdmin webmaster#local
DocumentRoot /path/to/web/content
DirectoryIndex index.php index.html
ErrorLog logs/error_log
CustomLog logs/access combined
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl.crt/certfile.cer
SSLCertificateKeyFile /etc/apache2/ssl.key/keyfile.key
<Directory "/path/to/web/content/">
Options None
AllowOverride None
Order allow,deny
Allow from all
SSLRequireSSL
</Directory>
</VirtualHost>

Redirect HTTP to HTTPS Apache2

im trying to redirect http to https.
I've found a lot answers, but nothing works for me.
I dont know why, maybe its a apache2 config error?
I tryin it also in the .htaccess and there also nothing happens.
Just this Error:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
Here's my Virtual Host File.
#Redirect HTTP TO HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/%$1 [R,L]
#VHOSTS
<VirtualHost *:443>
Servername www.latoya.eu
ServerAlias latoya.eu www.latoya.eu
Documentroot /var/www/latoya
ErrorLog /path/to/log/error.log
CustomLog /path/to/log/access.log combined
SSLEngine on
SSLCertificateFile /path/to/ssl/files/pem.crt
SSLCertificateKeyFile /path/to/ssl/files/private.key
SSLCertificateChainFile /path/to/ssl/files/pem.ca-bundle
</VirtualHost>
<VirtualHost *:443>
Servername board.latoya.eu
Documentroot /var/www/latoya
ErrorLog /path/to/log/error.log
CustomLog /path/to/log/access.log combined
SSLEngine on
SSLCertificateFile /path/to/ssl/files/pem.crt
SSLCertificateKeyFile /path/to/ssl/files/private.key
SSLCertificateChainFile /path/to/ssl/files/pem.ca-bundle
</VirtualHost>
<VirtualHost *:443 *:80>
Servername secure.latoya.eu
Documentroot /var/www/latoya
ErrorLog /path/to/log/error.log
CustomLog /path/to/log/access.log combined
SSLEngine on
SSLCertificateFile /path/to/ssl/files/pem.crt
SSLCertificateKeyFile /path/to/ssl/files/private.key
SSLCertificateChainFile /path/to/ssl/files/pem.ca-bundle
</VirtualHost>
<VirtualHost *:80 *:443>
Servername static.kritzelpixel.com
Documentroot /var/www/static.kritzelpixel.com
ErrorLog /path/to/log/error.log
CustomLog /path/to/log/access.log combined
SSLCertificateFile /path/to/ssl/files/pem.crt
SSLCertificateKeyFile /path/to/ssl/files/private.key
SSLCertificateChainFile /path/to/ssl/files/pem.ca-bundle
</VirtualHost>
Using "VirtualHost *:80 *:443" or the opposite in the same virtualhost tag is completely incorrect since one virtualhost can't be SSL and not be SSL at the same time.
The fact that Apache HTTPD is not screaming in pain about it is because you "can" use different ports in the same virtualhost but that was certainly not designed to have a SSL port and a non-SSL port together.
So my suggestion is you correct your configuration to look sane, that is, having specific virtualhost *:80 and virtualhost *:443 separately.
In the VirtualHost *:80 entries you can then Redirect / https://example.com/ with the specific hostnames for your case to redirect from 80 to 443 a single line and without the need to use mod_rewrite.
To redirect to SSL mod_rewrite is not needed and overkill.
Briefly:
<VirtualHost *:80>
ServerName example.com
Redirect / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
SSLEngine on
#other directives here
</VirtualHost>
And the same with the rest of the names if they have different configurations.

Apache virtual-host not working correctly for subdomain

I've got a site set up on localhost that I'm actively developing, and I'd like to set up a subdomain on localhost to make my life 10* easier.
I added this to C:\xampp\apache\conf\extra\httpd-vhosts.conf:
<VirtualHost i1.localhost:80>
ServerAdmin dummy#localhost
DocumentRoot "C:/xampp/htdocs/i1/"
ServerName i1.localhost
ServerAlias www.i1.localhost
ErrorLog "logs/dummy-host2.localhost-error.log"
CustomLog "logs/dummy-host2.localhost-access.log" combined
</VirtualHost>
Apache stats up fine, but when I navigate to http://localhost/ I'm seeing content from the i1 subdomain. http://i1.localhost/ works fine, however.
Then I tried doing this:
<VirtualHost localhost:80>
ServerAdmin dummy#localhost
DocumentRoot "C:/xampp/htdocs/"
ServerName localhost
ServerAlias www.localhost
ErrorLog "logs/dummy-host2.localhost-error.log"
CustomLog "logs/dummy-host2.localhost-access.log" combined
</VirtualHost>
<VirtualHost i1.localhost:80>
ServerAdmin dummy#localhost
DocumentRoot "C:/xampp/htdocs/i1/"
ServerName i1.localhost
ServerAlias www.i1.localhost
ErrorLog "logs/dummy-host2.localhost-error.log"
CustomLog "logs/dummy-host2.localhost-access.log" combined
</VirtualHost>
But that worked the opposite. On both localhost and i1.localhost I'm seeing content from C:/xampp/htdocs/.
Anyone got an idea what's going wrong?
Cheers.
Apache usually does not like a vhosts document root inside another vhost, try:
DocumentRoot "C:/xampp/htdocs/"
and
DocumentRoot "C:/xampp/i1/"