I have two websites in the same web server (Ubuntu 16.04.2 LTS - Apache/2.4.18). Everything works well when I try to access to both websites using HTTP (port 80). This is the vhosts.conf file content:
<VirtualHost *:80>
ServerName site1
DocumentRoot /var/www/html/site1
ErrorLog ${APACHE_LOG_DIR}/site1_error.log
CustomLog ${APACHE_LOG_DIR}/site1_access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName site2
DocumentRoot /var/www/html/site2
ErrorLog ${APACHE_LOG_DIR}/site2_error.log
CustomLog ${APACHE_LOG_DIR}/site2_access.log combined
</VirtualHost>
So, both sites are accessible through "mydomain.com/site1" and "mydomain.com/site2". I have installed a Let's Encrypt certificate and, to make it works, I have configured a virtual host like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.com
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/site_error.log
CustomLog ${APACHE_LOG_DIR}/site_access.log combined
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
I can access both site using SSL (port 443) successfully but I can't use different log files for different sites. I have tried something like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.com/site1
DocumentRoot /var/www/html/site1
ErrorLog ${APACHE_LOG_DIR}/site1_error.log
CustomLog ${APACHE_LOG_DIR}/site1_access.log combined
Alias /site1 /var/www/html/site1
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost *:443>
ServerName mydomain.com/site2
DocumentRoot /var/www/html/site2
ErrorLog ${APACHE_LOG_DIR}/site2_error.log
CustomLog ${APACHE_LOG_DIR}/site2_access.log combined
Alias /site2 /var/www/html/site2
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
But it doesn't work. How can I distinguish between two sites in order to have two different log files?
Following the link proposed by CBroe, I have found the solution by using the SetEnvIf directive. The final working virtual host configuration looks like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName mydomain.com
DocumentRoot /var/www/html
SetEnvIf Request_URI ^/site1(/|$) site1
SetEnvIf Request_URI ^/site2(/|$) site2
CustomLog ${APACHE_LOG_DIR}/site1_access.log combined env=site1
CustomLog ${APACHE_LOG_DIR}/site2_access.log combined env=site2
ErrorLog ${APACHE_LOG_DIR}/site_error.log
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>
Related
I'm newbie on this stuff so forgive me if i'm doing a stupid question. I have a vue application running on port 80 working just fine over SSL (say www.domain.com and domain.com).
Now I need my springboot application, which is running over port 8443 to be accessible by a secure connection too (say on api.domain.com) but i can't quite figure what i'm doing wrong...
I can access the api if i'm not including the second virtualhost, but only using http... Also, when I just type api.domain.com it goes to domain.com start page too. And when I include the second virtualhost, I can't even acces domain.com.
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ServerName www.domain.com
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias domain.com
ProxyPreserveHost On
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster#localhost
ServerName api.domain.com
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias api.domain.com
SSLCertificateFile /etc/letsencrypt/live/domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain.com/privkey.pem
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8443/
ProxyPassReverse / http://127.0.0.1:8443/
</VirtualHost>
</IfModule>
Found it out: there are some apache modules that need to be activated. Just did it with
sudo a2enmod proxy
sudo a2enmod proxy_http
and everything works like a charm.
I want my sites served via SSL to have a bunch of the same properies in my apache2 config. Unfortunately, I can't find anywhere that demos how to do that. Here's my config at the moment for two separate servers accessed by www.mydomain.com and blog.mydomain.com:
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/html
ServerName www.mydomain.com
# Repeated stuff
ServerAdmin webmaster#localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /var/www/wordpress
ServerName blog.mydomain.com
# Repeated stuff
ServerAdmin webmaster#localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
</VirtualHost>
</IfModule>
As you can see, both virtualhosts have a lot of the same properties under #Repeated stuff. How can I specify these properties once and then have ONLY these virtualhosts inherit those properties? E.g. can virtualhosts be nested?
mod_macro gave me just what I wanted. On ubuntu it can simply be enabled with sudo a2enmod macro. My apache2 SSL config now looks something like this:
<IfModule mod_ssl.c>
<Macro SSLStuff>
ServerAdmin webmaster#localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.mydomain.com/privkey.pem
</Macro>
<VirtualHost *:443>
Use SSLStuff
DocumentRoot /var/www/html
ServerName mydomain.com
ServerAlias www.mydomain.com
</VirtualHost>
<VirtualHost *:443>
Use SSLStuff
DocumentRoot /var/www/wordpress
ServerName blog.mydomain.com
</VirtualHost>
<VirtualHost *:443>
Use SSLStuff
ServerName mynodeapp.mydomain.com
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
</VirtualHost>
</IfModule>
I get slightly crazy :)
I have a domain example.com and I have a SSL certificate for www.example.com
The example.com refers to the IP address of the server (it is an EC2 instance).
In the vhost.conf of the Server I have the following entries
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://www.example.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName www.example.com
DocumentRoot /var/www/vhosts/example-wp
SSLEngine On
...
</VirtualHost>
I took the information from the apache wiki.
https://wiki.apache.org/httpd/RedirectSSL
Thanks for helping
Tristan
You already have the necessary directives listed to perform the redirect. You also need to tell the vhost file where your certificate and key for the certificate exist. You also need to say whether or not a directory the user browses to is to load SSL. Please see a full example configuration file below.
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
Redirect / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
ServerAlias example.com
ServerAdmin webmaster#local
DocumentRoot /path/to/web/content
DirectoryIndex index.php index.html
ErrorLog logs/error_log
CustomLog logs/access combined
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl.crt/certfile.cer
SSLCertificateKeyFile /etc/apache2/ssl.key/keyfile.key
<Directory "/path/to/web/content/">
Options None
AllowOverride None
Order allow,deny
Allow from all
SSLRequireSSL
</Directory>
</VirtualHost>
I've created two virtual hosts on Fedora. I have a websites.config file in /etc/httpd/conf.d directory:
<VirtualHost *:443>
ServerName www.beratyeniceri.com
DocumentRoot /var/www/beratyeniceri.com/public_html
ServerAlias beratyeniceri.com
SSLEngine ON
SSLCertificateFile /etc/httpd/certs/beratyeniceri.com/1000.pem
SSLCertificateKeyFile /etc/httpd/certs/beratyeniceri.com/beratyeniceri.key
ErrorLog logs/virtual.host-error_log
CustomLog logs/virtual.host-access_log combined
</VirtualHost>
<VirtualHost *:443>
ServerName www.tugbanursari.com
DocumentRoot /var/www/tugbanursari.com/public_html
ServerAlias tugbanursari.com
SSLEngine ON
SSLCertificateFile /etc/httpd/certs/tugbanursari.com/1001.pem
SSLCertificateKeyFile /etc/httpd/certs/tugbanursari.com/tugbanur.key
ErrorLog logs/virtual.host-error_log
CustomLog logs/virtual.host-access_log combined
</VirtualHost>
When I run,
service httpd restart
it asks pass phrase for tugbanursari.com, but does not ask for beratyeniceri.com. When I switch their spot, then it only ask for second block. Hence,it skip first site which is on first block. Then, I think it does not work.
How do I fix that?
What is my server ip address to change hosts file for clients?
elloo,
i have two virtualhost subdomains point to different directories however when i load both subdomains in the browser, i get them both pointing to same directory. here is my vhost.conf
<VirtualHost *:80>
ServerAdmin admin#domain.com
ServerName subdomain1.domain.com
ServerAlias *.domain.com
#Indexes + Directory Root.
DirectoryIndex index.php
DocumentRoot /subomain1/path/to/directory/trunk
#Logfiles
ErrorLog /subomain1/path/to/directory/trunk/error.log
CustomLog /subomain1/path/to/directory/trunk//access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin#domain.com
ServerName subdomain1.domain.com
ServerAlias *.subdomain.com
DirectoryIndex index.php
DocumentRoot /subomain1/path/to/directory/trunk
SSLEngine On
SSLCertificateFile /ssl/certs/subdomain1.crt
SSLCertificateKeyFile /ssl/private/subdomain1.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
<VirtualHost *:80>
ServerAdmin admin#domain.com
ServerName subdomain2.domain.com
ServerAlias *.domain.com
#Indexes + Directory Root.
DirectoryIndex index.php
DocumentRoot /subomain2/path/to/directory/trunk
#Logfiles
ErrorLog /subomain2/path/to/directory/trunk/error.log
CustomLog /subomain2/path/to/directory/trunk//access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin#domain.com
ServerName subdomain2.domain.com
ServerAlias *.subdomain.com
DirectoryIndex index.php
DocumentRoot /subomain2/path/to/directory/trunk
SSLEngine On
SSLCertificateFile /ssl/certs/subdomain2.crt
SSLCertificateKeyFile /ssl/private/subdomain2.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
i have tried google however none of the answers seems to help.
i'm using ubuntu server
many thanks in advance
don't know if you ever solved this, but i was having the same problem and it turned out i forgot to change the httpd.conf file like this:
Open the “httpd.conf” and uncomment line #461 (approx) which reads “Include /private/etc/apache2/extra/httpd-vhosts.conf”, then save.
taken from this tutorial which is priceless:
http://kevchapman.co.uk/development/setting-up-apache-on-snow-leopard/
I think its because youre using
ServerAlias *.domain.com
on both virtual hosts
since the ServerAlias directive indicates that the listed names are other names which people can use to see that same web site:
ServerAlias *.subdomain.com
then requests for all hosts in the subdomain.com domain will be served by the subdomain1.domain.com virtual host.
this might help http://httpd.apache.org/docs/2.0/vhosts/name-based.html