Currently my server has 1 website running on https/ssl. The thing is when i enable a second vhost, also with https/ssl, the first website I have running is now using the ssl cert of the new website.
I have tried putting the two websites in a single vhost file, didn't work so I made 2 seperate files instead.
Here are my vhost config files:
(Naming them websiteZ and website Y because of alfabetical order they are in)
vhost current running website .conf
<VirtualHost *:80>
ServerAlias *.websiteZ.nl
Redirect 301 / https://websiteZ.nl
</VirtualHost>
NameVirtualHost *:443
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.websiteZ.nl
DocumentRoot "/var/www/html/websites/websiteZ.nl/public"
<Directory "/var/www/html/websites/websiteZ.nl/public">
Require all granted
Options Includes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/websiteZ.nl/certificate.crt
SSLCertificateKeyFile /etc/apache2/ssl/websiteZ.nl/certificate.key
SSLCertificateChainFile /etc/apache2/ssl/websiteZ.nl/cabundle.crt
</VirtualHost>
</IfModule>
new website with ssl .conf
<VirtualHost *:80>
ServerName websiteY.nl
ServerAlias www.websiteY.nl
RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
RewriteRule ^(/(.*))?$ https://%{HTTP_HOST}/$1 [R=301,L]
DocumentRoot "/var/www/html/websites/websiteY.nl/public/"
<Directory "/var/www/html/websites/websiteY.nl/public/">
Require all granted
Options Includes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.websiteY.nl
DocumentRoot "/var/www/html/websites/websiteY.nl/public"
<Directory "/var/www/html/websites/websiteY.nl/public">
Require all granted
Options Includes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
SSLStrictSNIVHostCheck on
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/websiteY.nl/certificate.crt
SSLCertificateKeyFile /etc/apache2/ssl/websiteY.nl/certificate.key
SSLCertificateChainFile /etc/apache2/ssl/websiteY.nl/cabundle.crt
</VirtualHost>
</IfModule>
ports.conf
NameVirtualHost *:80
NameVirtualHost *:443
Listen 80
<IfModule mod_ssl.c>
Listen 443
</IfModule>
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
I looked up the SNI thing, but I think i'm missing something. The way I understand it is that I have to use NameVirtualHost to make it work.
The server is running on AWS ece2 with Ubuntu 16.04.2
The problem occors when i type in terminal:
a2ensite websiteY.conf
When I do that websiteZ will lose it's https cert and will show a big red cross wich says: NOT SECURE! When you click to proceed it links to websiteY
I am a little bit out of options, can someone help me out? Thanks!
When you enter www.websiteZ.nl without https, the request will first be caught by
<VirtualHost *:80>
ServerAlias *.websiteZ.nl
Redirect 301 / https://websiteZ.nl
</VirtualHost>
and therefore redirected to https://websiteZ.nl
Since none of your :443 Virtual Hosts has neither ServerName or ServerAlias configured with websiteZ.nl, then the one from alphabetically first .conf file will be used, which is in this case the one with websiteY cert.
Related
I am setting up my project on centos os, i have installed my ssl certificates and updated my ssl.conf. My project is accessible using http://test.com but when i try to access https://test.com, i can see the site is secure, but it displays the default apache in page. This is despite the fact that i have specified the directory and document root in my 443 virtualhost. Is there a step or error i have, any advise or useful links will be appreciated.
My code looks like this :
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
DocumentRoot "/var/www/html/strategy"
ServerName test.com/
ServerAlias www.test.com
<Directory "/var/www/html/strategy">
RewriteEngine on
# if (HTTP_ACCESS.contains('text/html') && file_not_exists(REQUEST_FILENAME))
RewriteCond %{HTTP_ACCEPT} text/html
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.html [last]
# Any ressources loaded by index.html should behave correctly (i.e: Return 404 if missing)
RewriteRule ^ - [last]
Options Indexes FollowSymLinks
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin info#stratex.com
ServerName www.test.com
DocumentRoot "/var/www/html/strategy"
<Directory "/var/www/html/strategy">
DirectoryIndex index.html
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
SSLEngine On
SSLCertificateFile /home/mydir/certificates/public-cert.pem
SSLCertificateKeyFile /home/mydir/certificates/priv-key.pem
</VirtualHost>
Since i had a ssl.conf file, i removed the conf file for port 443 from the httpd.conf file and i updated the virtual host with port 443 in the ssl.conf file with these details and my app works well.
<VirtualHost *:443>
ServerAdmin info#stratex.com
ServerName www.test.com
DocumentRoot "/var/www/html/strategy"
<Directory "/var/www/html/strategy">
DirectoryIndex index.html
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
SSLEngine On
SSLCertificateFile /home/mydir/certificates/public-cert.pem
SSLCertificateKeyFile /home/mydir/certificates/priv-key.pem
</VirtualHost>
I'm have a an Apache HTTP server that has a reverse proxy to a tomcat server. However, I only want the reverse proxy to happen when the client uses the subdomain www. This is because I want to use other subdomains to point to other applications, such as email.
e.g. www.example.com will go display the apache tomcat webapp.
The way to do this, I presume, is to configure my DNS so that every subdomain I use will point to my server. Right now, in addition to www, that is server.example.com and posfixadmin.example.com. However, the issue is that all my subdomains end up pointing to tomcat.
So when I try to visit postfixadmin.example.com/setup.php to set up postfixadmin through its web setup, it ends up taking me to my tomcat webapp's 404.
Here is my virtualhost configuration:
<VirtualHost www.example.com:80>
ServerName http://www.example.com
ProxyPass / http://localhost:8080
ProxyPassReverse / http://localhost:8080
</Virtualhost>
<VirtualHost server.example.com:80>
ServerName server.example.com
DocumentRoot /var/www/html/
RewriteEngine on
RewriteCond %{SERVER_NAME} =server.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} {END,NE,R=permanent}
</VirtualHost>
<VirtualHost postfixadmin.example.com:80>
ServerName postfixadmin.example.com
DocumentRoot /var/www/postfixadmin/public
ErrorLog /var/log/httpd/postfixadmin_error.log
CustomLog /var/log/httpd/postfixadmin_access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/postfixadmin/public>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
EDIT
It looks like the proxy conf file doesn't do anything (??). I decided to experiment around and change the first virtualhost servername to the following:
<VirtualHost *:80>
ServerName abcd.example.com
ProxyPass / http://localhost:8080
ProxyPassReverse / http://localhost:8080
</Virtualhost>
Then, I restarted and reloaded Apache...But for some reason, going to www.example.com STILL took me to the tomcat webapp! Does anyone know what drives this?
As to the DNS: I have set specific CNAME entries for each subdomain including www; all of them point back to the public IP of my server that houses my example.com domain (using # in my case - possible with most DNS, I think). There may be some different strategies on this, but I believe you're on the correct path based on what you've suggested in the question.
As to Apache configuration:
I believe that the http protocol does not need to be specified in the ServerName directive and that, generally, the domain need not appear inside the <VirtualHost>...</VirtualHost> tags.
I should mention that I am relatively unfamiliar with Tomcat but am assuming it is listening at 8080 on the localhost, in which case this should help.
I'm not 100% certain that that is all that is snarling you, but try trimming that ServerName back and doing like so, including the change to the VirtualHost open tag:
<VirtualHost *:80>
ServerName www.example.com
ProxyPass / http://localhost:8080
ProxyPassReverse / http://localhost:8080
</Virtualhost>
Your second <VirtualHost> probably requires similar changes, though it also seems that you are directing it to serve requests from the web/network which are coming in on port 8080 -- which I don't believe is your intent.
I think what you want is to also listen on port 80 from the web/network, but to follow these directives if addressed to server.example.com like so:
<VirtualHost *:80>
ServerName server.example.com
DocumentRoot /var/www/html/
RewriteEngine on
RewriteCond %{SERVER_NAME} =server.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} {END,NE,R=permanent}
</VirtualHost>
And finally, similar change to the opening <VirtualHost> tag on the final one:
<VirtualHost *:80>
ServerName postfixadmin.example.com
DocumentRoot /var/www/postfixadmin/public
ErrorLog /var/log/httpd/postfixadmin_error.log
CustomLog /var/log/httpd/postfixadmin_access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/postfixadmin/public>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
Altogether, this seems more like what you're looking for:
<VirtualHost *:80>
ServerName www.example.com
ProxyPass / http://localhost:8080
ProxyPassReverse / http://localhost:8080
</Virtualhost>
<VirtualHost *:80>
ServerName server.example.com
DocumentRoot /var/www/html/
RewriteEngine on
RewriteCond %{SERVER_NAME} =server.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} {END,NE,R=permanent}
</VirtualHost>
<VirtualHost *:80>
ServerName postfixadmin.example.com
DocumentRoot /var/www/postfixadmin/public
ErrorLog /var/log/httpd/postfixadmin_error.log
CustomLog /var/log/httpd/postfixadmin_access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/postfixadmin/public>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
I got it!
It turns out that the problem was in the ssl configuration file - the :443 ports were overlapping.
Thanks for the help!
I have a website in an apache server and a mail server in the same machine. I want the port 80 request redirecting to https 443 port, so I put it in the vhost configuration.
I also want an autoconfig (Mozilla thunderbird use) for my mailserver. However I need to put a config-v1.1.xml accessible on port 80.
The problem is when I request http://example.com it's does not redirect to https://example.com like I want to but it redirects to the autoconfig.
Is there a way to keep autoconfig and have a redirection to https://example.com ?
I have setup a dns record for autoconfig.example.com and call it in vhost file but when I type mysite.com, it still goes in the autoconfig.
Any clues ?
Thanks
Here is the autoconfig.conf
Listen 80
Listen 443
<VirtualHost 178.33.235.19:80>
ServerName autoconfig.example.com
DocumentRoot /var/www/html/autoconfig/
<Directory /var/www/html/autoconfig>
Order allow,deny
allow from all
</Directory>
</VirtualHost>
And the site vhost example.conf
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</VirtualHost>
<VirtualHost _default_:443>
ServerAdmin admin#example.com
DocumentRoot /var/www/html/example/
DirectoryIndex index.php
ServerName example.com
ServerAlias www.example.com
#SSL Config
SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5
SSLHonorCipherOrder on
SSLCertificateFile /etc/httpd/ssl/STAR_example_com.crt
SSLCertificateKeyFile /etc/httpd/ssl/STAR_example_com.key
SSLCertificateChainFile /etc/httpd/ssl/COMODORSADomainValidationSecureServerCA.crt
<Directory /var/www/html/>
Options FollowSymLinks Indexes MultiViews
AllowOverride All
LogLevel crit
Require all granted
</Directory>
ErrorLog /var/log/apache/example-error_log
CustomLog /var/log/apache/example-access_log common
</VirtualHost>
I have 2 domains which I have separately configured in 2 vhosts files. I need one of this domains to permanently redirect to the second one. Before reloading apache, I've run 'configtest' and I got "Syntax Ok". However apparently I got a redirect loop. Btw, the website is a drupal installation, not sure how much does this count.
Here's my 2 conf files.
[root#prod ~]# cat meh-1_com.conf
<VirtualHost *:80>
ServerName meh-1.com
ServerAlias www.meh-1.com
DocumentRoot /var/www/html/meh1/
<Directory /var/www/html/meh1/>
Options +FollowSymLinks Indexes
AllowOverride All
order allow,deny
allow from all
</Directory>
RewriteEngine On
RewriteOptions inherit
CustomLog /var/log/httpd/meh1.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName meh-1.com
ServerAlias www.meh-1.com
DocumentRoot /var/www/html/meh1/
<Directory /var/www/html/meh1/>
Options +FollowSymLinks Indexes
AllowOverride All
order allow,deny
allow from all
</Directory>
RewriteEngine On
RewriteOptions inherit
CustomLog /var/log/httpd/meh1.log combined
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/ssl/meh1_com.crt
SSLCertificateKeyFile /etc/httpd/ssl/meh1_com.key
SSLCertificateChainFile /etc/httpd/ssl/meh1_com.ca-bundle.crt
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
[root#prod ~]# cat meh-2_com.conf
<VirtualHost *:80>
ServerName meh-2.com
ServerAlias www.meh-2.com
Redirect permanent / http://meh-1.com
</VirtualHost>
<VirtualHost *:443>
ServerName meh-2.com
ServerAlias www.meh-2.com
Redirect permanent / https://meh-1.com
</VirtualHost>
I have the following virtual hosts config:
listen 80
listen 443
servername "example.com"
serveradmin "email#example.com"
namevirtualhost *:80
namevirtualhost *:443
directoryindex index.html index.php
options -indexes -multiviews +followsymlinks
<directory /Volumes/dev1/http>
allowoverride all
</directory>
<virtualhost *:80 *:443>
servername example.com
serveralias www.example.com
documentroot "/Volumes/dev1/http/example"
rewriteengine on
SSLCertificateFile "/Volumes/dev1/ssl/_ssl-cert.crt"
SSLCertificateKeyFile "/Volumes/dev1/ssl/_ssl-privatekey.crt"
SSLCertificateChainFile "/Volumes/dev1/ssl/_ssl-csr.crt"
</virtualhost>
Of course example.com is just an ... example.
All is well if I access http://example.com, but if I try to access the HTTPS version I get
Safari can’t open the page “https://example.com/” because Safari
can’t establish a secure connection to the server “example.com”.
The _ssl* files are all in place and running httpd -t from Terminal returns Syntax OK.
What am I doing wrong? Thanks!
This what I'm using (only the vhosts section), omitting the FCGID, suexec and PHP specific parts:
<VirtualHost *:80>
ServerName example.com
DocumentRoot "/var/www/example.com/htdocs"
<Directory "/var/www/example.com/htdocs/">
Options -Indexes
AllowOverride All
Order allow,deny
Allow from All
</Directory>
ErrorLog "/var/www/example.com/error.log"
CustomLog "/var/www/example.com/access.log" combined
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
DocumentRoot "/var/www/example.com/htdocs"
<Directory "/var/www/example.com/htdocs/">
Options -Indexes
AllowOverride All
Order allow,deny
Allow from All
</Directory>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache/ssl/example.com.crt
SSLCertificateKeyFile /etc/apache/ssl/example.key
SSLCertificateChainFile /etc/apache/ssl/gd_bundle.crt
ErrorLog "/var/www/example.com/error.log"
CustomLog "/var/www/example.com/access.log" combined
</VirtualHost>