We Keep Coding

Apache2 VirtualHost SSL config issues

Debian 10 / Apache2 -
GOAL: redirect all web traffic to VPS server to SSL. I have 2 sites hosted: bjmurrey.com and nextcloud.bjmurrey.com. I have 1 IP address.
PROBLEM: I can't for the life of me find a way to make this work. I have tried 1000 suggestions posted here and elsewhere with no success. The closest I get is everything redirects to https://bjmurrey.com when typing in nextcloud.bjmurrey.com. I am also a novice at this so please be kind.
I have a default.conf that looks like this:
<VirtualHost *:80>
ServerName www.bjmurrey.com
ServerAlias bjmurrey.com
DocumentRoot /var/www/blog
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://bjmurrey.com/
</VirtualHost>
<VirtualHost *:80>
ServerName nextcloud.bjmurrey.com
DocumentRoot /var/www/nextcloud
ServerAlias nextcloud.bjmurrey.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Redirect permanent / https://nextcloud.bjmurrey.com/
</VirtualHost>
I have a default-ssl.conf that looks like this:
<VirtualHost bjmurrey.com:443>
ServerName bjmurrey.com
ServerAlias www.bjmurrey.com
DocumentRoot /var/www/blog
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/bjmurrey.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/bjmurrey.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost nextcloud.bjmurrey.com:443>
ServerName nextcloud.bjmurrey.com
DocumentRoot /var/www/nextcloud
ServerAlias nextcloud.bjmurrey.com
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/nextcloud.bjmurrey.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/nextcloud.bjmurrey.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
bjmurrey.com is in var/www/blog and nextcloud.bjmurrey.com in the var/www/nextcloud directories.
I have my DNS records www and nextcloud both pointed to same IP. I only have 1 IP available. This is a very low traffic site.
I have done all kinds of things like just have the default virtual host redirect to only nextcloud and removed all mention of the www site and it still redirects to bjmurrey.com, or redirects with an SSL error saying that nextcloud can't be loaded because the ssl is for bjmurrey.com only. As you can see I have made certs with letsencrypt for both bjmurrey.com and nextcloud.bjmurrey.com.
I'm about to yank all my hair out in frustration, so I know I've tapped out all my knowledge here. Help!

I have retested with http and is working for me.
Both addresses mydomain.myhost.example.com and myhost.example.com resolve to the same IP.
This is my configuration file
ServerName example.com
<VirtualHost *:80>
ServerName mydomain.myhost.example.com
DocumentRoot /var/www/mydomain
</VirtualHost>
<VirtualHost *:80>
ServerName myhost.example.com
DocumentRoot /var/www/myhost
</VirtualHost>
Tested in Ubuntu 20.04.1, Apache 2.4

One-line configuration for both www and non-www VirtualHost

I have many VirtualHost and it seems that we need to do these two lines each time:
<VirtualHost *:80>
...
ServerName www.example.com
ServerAlias example.com
Is there a one-line solution that allows to do this?
<VirtualHost *:80>
ServerName *.example.com # works for both http://example.com and http://www.example.com
i.e. without having to duplicate example.com?

No, it is not possible.
ServerName is used to uniquely identify protocol, name and port of a host. It accepts only one parameter and no wildcard.
You can use wildcards in ServerAlias, and also specify multiple names on it:
ServerAlias *.example.com
or
ServerAlias www1.example.com www2.example.com www3 foo
Source: https://httpd.apache.org/docs/2.4/mod/core.html#serveralias

A trick I like to do is
<VirtualHost *:80>
Include /.../example.com.conf.include
</VirtualHost>
<VirtualHost *:443>
Include /.../example.com.conf.include
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf #optional, maybe you should not do that
</VirtualHost>
and the xxx.conf.include file like:
ServerAdmin someone#somewhere.tld
ServerName example.com
ServerAlias example.com *.example.com andmore.example.com
DocumentRoot /var/www/html/example.com
ErrorLog /.../example.com_error.log
CustomLog /.../example.com_custom.log combined
<Directory /var/www/html/example.com>
Options Indexes FollowSymLinks
AllowOverride AuthConfig
Order allow,deny
allow from all
</Directory>
This way, you can have HTTP and HTTPS virtual hosts in exactly the same configuration file.
Specifically to your question,
ServerAlias *.example.com
should do the trick

VirtualHost: Deactivate catch all for SSL (443)

I created a SSL VirtualHost
<VirtualHost *:443>
ServerName cloud.url.com
ServerAlias www.url.com
DocumentRoot /var/www/owncloud
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/owncloud.crt
SSLCertificateKeyFile /etc/apache2/ssl/owncloud.key
</VirtualHost>
My problem is that every SSL connection now is going to /var/www/owncloud
For instance https://url.com is going to /var/www/owncloud instead of /var/www/
How can I only set the VirtualHost for cloud.url.com and the other domains "ignore the ssl" - so they stay in there directories?

In fact, your virtualhost says www.url.com and cloud.url.com goes to /var/www/owncloud. I think you don't want www.url.go to points to your owncloud. So, just remove serverAlias :
<VirtualHost *:443>
ServerName cloud.url.com
DocumentRoot /var/www/owncloud
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/owncloud.crt
SSLCertificateKeyFile /etc/apache2/ssl/owncloud.key
</VirtualHost>
I think you haven't set any virtualhost listening to url.com on port 443. That's why, apache redirect it to an url configured with https.
if you don't want ssl on url.com, you can just do this :
<VirtualHost *:443>
ServerName url.com
Redirect 301 / http://url.com
</VirtualHost>

Found the solution, put this in one file together:
<VirtualHost *:443>
ServerName cloud.domain.com
ServerAlias www.cloud.domain.com
DocumentRoot /var/www/owncloud
<Directory /var/www/owncloud/>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/owncloud.crt
SSLCertificateKeyFile /etc/apache2/ssl/owncloud.key
</VirtualHost>
<VirtualHost *:443>
ServerName domain.com
ServerAlias *.domain.com
Redirect 301 / http://domain.com
</VirtualHost>
Thank you!

Wildcard SSL with Multiple Domains

I have a CentOS/Apache+OpenSSL server. I host two domain names with wildcard sub domains (application logic surfaces the correct site), e.g.
https://*.testing1.com
https://*.testing2.com
It works great over HTTP:-
<VirtualHost *:80>
# Admin email, Server Name (domain name) and any aliases
ServerAdmin webmaster#testing1.com
ServerName testing1.com
ServerName testing2.com
ServerAlias *.testing1.com *.testing2.com
# Index file and Document Root (where the public files are located)
DirectoryIndex index.html index.php
DocumentRoot /home/app/public_html/public
</VirtualHost>
I've purchased two Wildcard SSL certificated for both testing1.com and testing2.com, but I'm unsure how to set it up in this structure:-
<VirtualHost *.testing1.com:443>
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/*.testing1.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/*.testing1.com.key
SSLCACertificateFile /etc/httpd/ssl/geotrust.cer
ServerAdmin john#testing1.com
ServerName testing1.com
ServerAlias *.testing1.com
DirectoryIndex index.html index.php
DocumentRoot /home/app/public_html/public
</VirtualHost>
<VirtualHost *.testing2.com:443>
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/*.testing2.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/*.testing2.com.key
SSLCACertificateFile /etc/httpd/ssl/geotrust.cer
ServerAdmin john#testing2.com
ServerName testing2.com
ServerAlias *.testing2.com
DirectoryIndex index.html index.php
DocumentRoot /home/app/public_html/public
</VirtualHost>
The above for the SSL doesn't work, with the *.testing1.com definition, nor with just testing1.com.
I will also need to repeat this for testing2.com

Name-based virtualhosts and SSL wil only work if all the virtualhosts are within the same domain and you have a wildcard SSL certificate for that domain.
But you have 2 different domains.
In this case it will only work if you give each SSL-enabled virtualhost it's own IPaddress.
So you should use IP-based virtualhosts, not Name-based.
Explanation:
The ServerName which is requested, is contained in the HTTP request headers, but before that the SSL encryption must be already setup. So the ServerName is only available after the encryption has been setup. Therefore Apache can never know which SSL certificate te serve up and wil just use the first one available on that particular IPaddress.

With the single dedicated IP we can configure domain-based wildcard SSL in centos + apache2.2 server.
Hope the configurations below will help you guys!!
NameVirtualHost IP:80
NameVirtualHost IP:443
Domain 1
<VirtualHost IP:80>
ServerName abc.domain1.com
DocumentRoot /var/www/html/domain1
</VirtualHost>
<VirtualHost IP:443>
ServerName *.domain1.com
DocumentRoot /var/www/html/domain1
SSLEngine On
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /var/www/html/domain1/cert/5465456.crt
SSLCertificateKeyFile /var/www/html/domain1/cert/domain1.com.key
SSLCertificateChainFile /var/www/html/domain1/cert/g2-g1.crt
</VirtualHost>
Domain 2
<VirtualHost IP:80>
ServerName abc.domain2.com
DocumentRoot /var/www/html/domain2
</VirtualHost>
<VirtualHost IP:443>
ServerName abc.domain2.com
DocumentRoot /var/www/html/domain2
SSLEngine On
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /var/www/html/domain2/cert/5465456.crt
SSLCertificateKeyFile /var/www/html/domain2/cert/domain1.com.key
SSLCertificateChainFile /var/www/html/domain2/cert/g2-g1.crt
</VirtualHost>

Virtualhost For Wildcard Subdomain and Static Subdomain

I have an odd situation where I want to have the URLs app1.example.com, example.com and *.example.com all using a different virtual host. This is what I have (excluding example.com because it just makes it messier).
<VirtualHost *>
ServerName app1.example.com
ServerAlias app1.example.com
DocumentRoot = /var/www/app1
# Other configuration for this app here
</VirtualHost>
<VirtualHost *>
ServerName wildcard.example.com
ServerAlias *.example.com
DocumentRoot = /var/www/wildcard
# other configuration for this app here
</VirtualHost>
The problem is that they conflict. Whichever one is listed first wins out. How can I host both a wildcard virtualhost and a specific one?
Note: I'm not just changing DocumentRoot in the config, so using mod_rewrite to change the DocumentRoot variable does not fix it.

<VirtualHost *:80>
DocumentRoot /var/www/app1
ServerName app1.example.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /var/www/example
ServerName example.com
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /var/www/wildcard
ServerName other.example.com
ServerAlias *.example.com
</VirtualHost>
Should work. The first entry will become the default if you don't get an explicit match. So if you had app.otherexample.com point to it, it would be caught be app1.example.com.

Wildcards can only be used in the ServerAlias rather than the ServerName. Something which had me stumped.
For your use case, the following should suffice
<VirtualHost *:80>
ServerAlias *.example.com
VirtualDocumentRoot /var/www/%1/
</VirtualHost>

This also works for https needed a solution to making project directories this was it. because chrome doesn't like non ssl anymore used free ssl. Notice: My Web Server is Wamp64 on Windows 10 so I wouldn't use this config because of variables unless your using wamp.
<VirtualHost *:443>
ServerAdmin test#test.com
ServerName test.com
ServerAlias *.test.com
SSLEngine On
SSLCertificateFile "conf/key/certificatecom.crt"
SSLCertificateKeyFile "conf/key/privatecom.key"
VirtualDocumentRoot "${INSTALL_DIR}/www/subdomains/%1/"
DocumentRoot "${INSTALL_DIR}/www/subdomains"
<Directory "${INSTALL_DIR}/www/subdomains/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>