Apache2 multiple domains to use same document root - apache

Trying to get multiple domains (potentially dozens) to use the same document root as I want laravel to take care of all the routing.
Sites will be custom domain names ie. johnwilson.com, davidsmith.com, lisabrown.com and laravel will display a templated page. I do not want the URL rewritten in the address bar to the user.
I can't get apache2 to respect my virtual host configuration though, especially using SSL.
The configuration is a LAMP stack on Ubuntu. I have two other runrelated sites already running successfully on this server, using two seperate document roots. These are proxied through cloudfare.
These "templated" pages I'm just going to use lets encrypt for though.
I've tried:
2 seperate virtual hosts.
<VirtualHost *:443>
ServerName johnsmith.com.au
DocumentRoot /var/www/microsites/public
# letsencrypt certificate details here
</VirtualHost>
<VirtualHost *:443>
ServerName lisabrown.com.au
DocumentRoot /var/www/microsites/public
# letsencrypt certificate details here
</VirtualHost>
In this case johnsmith.com.au works, but lisabrown.com.au just redirects to johnsmith.com.au. completely rewriting the url in the address bar.
I've tried using ServerAlias aswell but this leads me to various errors, 404, SSL_INSECURE.
What's the correct way to do this? TIA

Using the following conf files (one per domain) I got it to work as expected. (and deleting the letsencrypt auto generated domain-le-ssl.conf file)
<VirtualHost *:80>
ServerName domain.com.au
ServerAlias www.domain.com.au
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain.com.au [OR]
RewriteCond %{SERVER_NAME} =domain.com.au
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName domain.com.au
ServerAdmin admin#domain.com.au
DocumentRoot /var/www/microsites/public
ErrorLog ${APACHE_LOG_DIR}/microsites/domain.error.log
CustomLog ${APACHE_LOG_DIR}/microsites/domain.access.log combined
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/domain.com.au/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com.au/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Related

VirtualHost causing ERR_TOO_MANY_REDIRECTS after installing LetsEncrypt certificates

Edit: I took the redirect lines out of the VirtualHosts for the two domains that aren't working. After rebooting Apache, both the HTTP and HTTPS version of both sites work as intended, but its not automatically redirecting anymore (obviously). But those same exact redirect rules are working fine for sidmandesign.com
I am migrating my webserver from an IIS server to a LAMP stack using Ubuntu. I used certbot to install three SSL certificates for my three domains. Certbot added a -le-ssl.conf file to the virtualhosts directory, so in there I now have (all in /etc/apache2/sites-enabled/ directory with the proper include inside apache.conf):
sidmandesign.conf:
<VirtualHost *:80>
ServerName www.sidmandesign.com
ServerAlias sidmandesign.com
DocumentRoot "/var/www/html/Sidman Designs/"
RewriteEngine on
RewriteCond %{SERVER_NAME} =sidmandesign.com [OR]
RewriteCond %{SERVER_NAME} =www.sidmandesign.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
sidmandesign-le-ssl.conf:
<VirtualHost *:443>
ServerName www.sidmandesign.com
ServerAlias sidmandesign.com
DocumentRoot "/var/www/html/Sidman Designs"
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/sidmandesign.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/sidmandesign.com/privkey.pem
</VirtualHost>
augustinebuilders.conf:
<VirtualHost *:80>
ServerName www.augustinebuilders.com
ServerAlias augustinebuilders.com
DocumentRoot "/var/www/html/augustine/"
RewriteEngine on
RewriteCond %{SERVER_NAME} =augustinebuilders.com [OR]
RewriteCond %{SERVER_NAME} =www.augustinebuilders.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
augustinebuilders-le-ssl.conf:
<VirtualHost *:443>
ServerName www.augustinebuilders.com
ServerAlias augustinebuilders.com
DocumentRoot "/var/www/html/augustine"
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/augustinebuilders.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/augustinebuilders.com/privkey.pem
</VirtualHost>
salvagedserendipity.conf:
<VirtualHost *:80>
ServerName www.salvagedserendipity.com
ServerAlias salvagedserendipity.com
DocumentRoot "/var/www/html/salvagedserendipity/"
RewriteEngine on
RewriteCond %{SERVER_NAME} =salvagedserendipity.com [OR]
RewriteCond %{SERVER_NAME} =www.salvagedserendipity.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
salvagedserendipity-le-ssl.conf:
<VirtualHost *:443>
ServerName www.salvagedserendipity.com
ServerAlias salvagedserendipity.com
DocumentRoot "/var/www/html/salvagedserendipity"
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/salvagedserendipity.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/salvagedserendipity.com/privkey.pem
</VirtualHost>
Sidmandesign.com works just fine, it redirects to HTTPS and I can see everything. However when I try the other two sites, they redirect to HTTPS but I get a ERR_TOO_MANY_REDIRECTS in Chrome and a generic cannot display this page in Edge/IE.
Any ideas why one domain would work but the other two don't when configs appear identical?
Your RewriteCond syntax
In your *:80 VirtualHost, remove your RedirectCond and RewriteRule directives and add (well, adjust for your domains!):
Redirect permanent / https://www.example.com
No need to verify if the domain names match, Apache will only use the configuration in that VirtualHost if the domain matches ServerName or ServerAlias directives values anyway.
Another point, RewriteCond does not need the = sign (for future reference):
RewriteCond %{SERVER_NAME} ^www.example.com$
Remove DocumentRoot in VirtualHost *:80
Since you never server any content for the *:80 VirtualHost, you should remove DocumentRoot directives.
Multiple SSL VirtualHosts problem
For port 80, no problem you can have many VirtualHosts defined. Apache will look at the requested domain and use the matching configuration.
But for SSL, that does not work. Apache cannot read the requested domain until after the SSL certificates negotiation is done with the browser. So what does it do? It uses the first *:443 VirtualHost it finds.
Ways around this are:
1 SSL domain == 1 IP == 1 VirtualHost set for that IP only (i.e. not *:443). The problem here is you might not have access to more than one address.
1 SSL domain == 1 port == 1 VirtualHost set for that port (i.e. *:443, *:444, ...). The problem here is that port 443 is the default for https sites, so other sites need to be explicitly requested for in the browser, which is counter intuitive for clients. If you have network infrastructure in front of your Apache, you could change the port there. https://www.example.com is sent to apache:443, https://www.example2.com is sent to apache:444, and so forth. But this needs to be done before the traffic gets to Apache.
Use SNI in Apache (https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI).
In your case
The request http://<SOMEDOMAIN>, on port 80 is sent to the proper VirtualHost.
This VH redirects it to https://<SOMEDOMAIN>, on port 443. Well it should.
The first VH is always used, so certificate /etc/letsencrypt/live/sidmandesign.com/fullchain.pem is the one send to the client's browser. You can validate this by looking at the browser console and inspecting the certificate.
The browser thus sees a certificate for one domain, which does not match the requested one (well besides the first domain).
Lastly
For the "ERR_TOO_MANY_REDIRECTS in Chrome", look at the console (F12, Network tab, check Preserve logs). You will see every redirection Chrome got. This way you will see what is looping. My guess is that the '=' sign is messing things up.

Apache Virtual Hosts Non-www not working

I'm setting up a Virtual Hosts file on my CentOS 7 box and I'm having trouble getting my domain to resolve correctly.
Here's what my current /etc/httpd/conf.d/vhost.conf file looks like
NameVirtualHost *:80
<VirtualHost *:80>
ServerAdmin webmaster#domain.com
ServerName www.domain.com
ServerAlias domain.com
DocumentRoot /var/www/html/domain.com/public_html/
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain.com [OR]
RewriteCond %{SERVER_NAME} =domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
It seems the the correct redirects are happening. For exmaple:
domain.com redirects to https: //www.domain.com
www works fine
BUT
https: //domain.com doesn't work
http ://domain.com doesn't work
In fact, if I remove the redirects I have set, domain.com ins't working at all, so it looks like the ServerAlias is broken?
I'm wondering if I need another redirect or is there some other step I'm missing?
Also, don't mind the spaces between http and the domain name. StackOverflow made me format it that way.
As presented, no request to anything https will ever work. Normal, you only have a VirtualHost on port 80. You do have a Listen directive for that port right?
For your redirections. It says: if you ask for http://www.example.com or http://example.com, redirect to https://<WHAT THE USER ASKED FOR>. In essence you are forcing your users to use https all the time, no problem there. But you do not have a VirtualHost on port 443, hence no response.
So:
Listen *:80
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
ErrorLog /var/log/httpd/80_error.log
CustomLog /var/log/httpd/80_access.log combined
RewriteEngine on
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>
Listen *:443
<VirtualHost *:443>
ServerName www.example.com
# in case users do directly to https
ServerAlias example.com
DocumentRoot /var/www/html/domain.com/public_html/
DocumentIndex index.html
ErrorLog /var/log/httpd/443_error.log
CustomLog /var/log/httpd/443_access.log combined
# SSL CONFIGURATIONS, TODO!
</VirtualHost>
In your *:443 VH, you will have to configure certificates and SSL.
Your certificates will have to be valid for both www.example.com and example.com to avoid browser complaints.
Careful there might be an ssl.conf included file under conf.d that defines some of this. Make sure you only set it once to avoid confusion.
No need to define DocumentRoot in *:80 VH since it only redirects and does not respond content to client.
Have fun!
I solved the issue. I had my local hosts file configured to point to an old out of date IP address……
domain.com *bad ip address*
I'm so embarrassed. I must have set that up months ago and forgot.

Redirect sub domain A to https domain B

I've tried looking for a post related to my issue but I couldn't find a suitable one. If there is, let me know!
Here's the current situation that I'm facing now. I would like to redirect a domain,
example.hr
that is being used with another server and there's an SSL that comes with it.
Now, I have another server that comes with the domain,
example.co
and there's an SSL cert too.
I would like to redirect test.example.hr to https://example.co. How can I go about to do this? I'm testing it with the subdomain since the root domain is in used.
I've tried this method,
<VirtualHost *:80>
ServerName test.example.hr
ServerAlias www.test.example.hr
Redirect / https://example.co/
</VirtualHost>
<VirtualHost *:443>
ServerName example.co
ServerAlias www.example.co
DocumentRoot /var/www/html
ErrorLog /var/www/html/error.log
CustomLog /var/www/html/access.log combined
</VirtualHost>
The SSL configuration is inside the 443 block.
When I go to test.example.hr, it will change to https://test.example.hr and the error that comes up is "Your connection is not private. Attackers might be trying to steal your information from test.alt.hr (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID"
Can you try this and update me.
<VirtualHost *:80>
ServerName test.example.hr
ServerAlias www.test.example.hr
Redirect / http://example.co/
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
<VirtualHost *:443>
ServerName example.co
ServerAlias www.example.co
DocumentRoot /var/www/html
ErrorLog /var/www/html/error.log
CustomLog /var/www/html/access.log combined
</VirtualHost>
make sure to enable a2enmod rewrite

Apache permanent redirect goes to www automatically

My domain name is example.com without www. So if I put www.example.com then it does not work but example.com works. So I configured apache like this
<VirtualHost *:80>
ServerName example.com
ServerAdmin webmaster#example.com
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
ServerAdmin webmaster#example.com
DocumentRoot path/to/project/public
SSLEngine on
SSLCertificateFile /path/to/keys/xxx.crt
SSLCertificateKeyFile /path/to/keys/xxx.key
ErrorLog /var/log/apache2/error_log
CustomLog /var/log/apache2/access_log combined
<Directory "path/to/project/public">
Options FollowSymLinks
Require all granted
</Directory>
</VirtualHost>
Now, as you can see, I do a permanent redirection to https like
Redirect permanent / https://example.com/
But this redirection add www with the domain name by default. So the redirected url becomes https://www.example.com/. Obviously my website can not be accessed from with www since it is registered without www. So please tell me how can make the redirect to work and go to https://example.com/ without the https.
Add an Alias
<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
</VirtualHost>
This requires that the www.yourdomain.com points to the same place as yourdomain.com. However the www might not work with your SSL certificate, it depends on the certificates specificity.
I generally allow both on my sites as some people insist on including the www whenever they enter an address.
Apache's documentation can help out with more specifics https://httpd.apache.org/docs/2.2/vhosts/name-based.html
As far as the redirect issue you're having:
Make sure you don't have some RewriteEngine rules that are rewriting your non www requests to www. You might have an .htaccess file in your site directory that is doing the rewrite/redirect.
It might look something like:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://www.%{SERVER_NAME}/$1 [R,L]
Which would mean you should remove the www in the last Rewrite Rule

Apache2, vhosts and SSL

My setup:
site1.com | Port 80
site2.com | Port 80
panel.site1.com | Rewrites port 80 traffic to 443
This works until someone tries https:// site[x].com and the server redirects them to my panel. I need this panel to be open to the ~100 people who will use it, but I don't want the wrong people stumbling across it.
I've tried adding:
<VirtualHost *:443>
ServerAdmin me#email
ServerName site1.com
ServerAlias www.site1.com
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
to the vhost of site1.com, but it still returns the control panel. I believe this is because the certs are checked before Apache vhost rules are applied, but I'm not really sure. Is there a fix for this or is it simply the limitations of Apache2+SSL?
Apache document states that.
If no matching ServerName or ServerAlias is found in the set of
virtual hosts containing the most specific matching IP address and
port combination, then the first listed virtual host that matches that
will be used.
And so looks like you have kept the <VirtualHost> section of panel.site1.com on top of all other virtual host section. Because of this, requests for https://site[x].com will land in it, and so the issue is not related to SSL.
Update:
You can try below configuration and it should work.
<VirtualHost *:80>
ServerName www.site1.com
ServerAlias site1.com
DocumentRoot /var/www/site1
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^panel.site1.com
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
</VirtualHost>
<VirtualHost *:80>
ServerName www.site2.com
ServerAlias site2.com
DocumentRoot /var/www/site2
</VirtualHost>
<VirtualHost *:443>
ServerName panel.site1.com
DocumentRoot /var/www/panel
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /opt/apache1/conf/server.crt
SSLCertificateKeyFile /opt/apache1/conf/server.key
</VirtualHost>
How this works
When request are for http://site1.com the first VirtualHost
section will be selected.
When request are for http://site2.com the second VirtualHost section will be selected.
If a request arrives for http://site[x].com then first VirtualHost section will be selected.
If a request arrives for http://panel.site1.com the request will be redirected to https://panel.site1.com and the third VirtualHost section will be selected.