Virtual host files won't direct correctly - apache

I have 4 virtual hosts.
I'm using Zend server. The httpd.conf file seems to include the virtual host conf files using a wildcard like so:
Include "C:\blah\blah2\Zend\ZendServer/etc/sites.d/vhost_*.conf"
My virtual host conf files are below. Now, what's puzzling to me is that
when I go to https://www-test.blah.com, or https://www-test2.blah.com, it works fine. But when I go to https://review-test.blah.com, it goes to the www-test.blah.com
This baffles me, because as far as I can tell, everything looks like it's set up the same way.
Is it possible that since the virtual host files are being included via wildcard, does the order in which they get included matter? If it's alphabetical order, then it would be included in the order shown.
One thing I did notice is that if I'm on the server, https://review-test.blah.com works fine. But when I'm somewhere else my the network, it directs me to https://www-test2.blah.com.
Or is there something else that can affect how Apache chooses the virtual host? For example, does the certificate file matter?
Listen 80
Listen 443
<VirtualHost *:80>
ServerName portal.blah.com:80
</VirtualHost>
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
NameVirtualHost review-test.blah.com:443
<VirtualHost review-test.blah.com:443>
OTHER STUFF HERE
OTHER STUFF HERE
OTHER STUFF HERE
OTHER STUFF HERE
SSLEngine on
SSLCertificateFile "C:\blah\blah\Apache2\conf\extra\ssl\review-test.blah.com.crt"
SSLCertificateKeyFile "C:\blah\blah\Apache2\conf\extra\ssl\review-test.blah.com.key"
ServerName review-test.blah.com
ServerAlias review-test.blah.com
</VirtualHost>
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
NameVirtualHost www-test.blah.com:443
<VirtualHost www-test.blah.com:443>
OTHER STUFF HERE
OTHER STUFF HERE
OTHER STUFF HERE
OTHER STUFF HERE
SSLEngine on
SSLCertificateFile "C:\blah\blah\Apache2\conf\extra\ssl\star.blah.com.crt"
SSLCertificateKeyFile "C:\blah\blah\Apache2\conf\extra\ssl\star.blah.com.key"
ServerName www-test.blah.com
ServerAlias www-test.blah.com
</VirtualHost>
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
NameVirtualHost www-test2.blah.com:443
<VirtualHost www-test2.blah.com:443>
OTHER STUFF HERE
OTHER STUFF HERE
OTHER STUFF HERE
OTHER STUFF HERE
SSLEngine on
SSLCertificateFile "C:\blah\blah\Apache2\conf\extra\ssl\star.blah.com.crt"
SSLCertificateKeyFile "C:\blah\blah\Apache2\conf\extra\ssl\star.blah.com.key"
ServerName www-test2.blah.com
ServerAlias www-test2.blah.com
</VirtualHost>

I was able to fix it.
The command below was helpful in seeing how the virtualhosts were being parsed.
httpd -S
My solution is below:
Listen 80
Listen 443
<VirtualHost *:80>
ServerName portal.blah.com:80
</VirtualHost>
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
<VirtualHost *:443>
OTHER STUFF HERE
OTHER STUFF HERE
OTHER STUFF HERE
OTHER STUFF HERE
SSLEngine on
SSLCertificateFile "C:\blah\blah\Apache2\conf\extra\ssl\review-test.blah.com.crt"
SSLCertificateKeyFile "C:\blah\blah\Apache2\conf\extra\ssl\review-test.blah.com.key"
ServerName review-test.blah.com
ServerAlias review-test.blah.com
</VirtualHost>
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
NameVirtualHost *:443
<VirtualHost *:443>
OTHER STUFF HERE
OTHER STUFF HERE
OTHER STUFF HERE
OTHER STUFF HERE
SSLEngine on
SSLCertificateFile "C:\blah\blah\Apache2\conf\extra\ssl\star.blah.com.crt"
SSLCertificateKeyFile "C:\blah\blah\Apache2\conf\extra\ssl\star.blah.com.key"
ServerName www-test.blah.com
ServerAlias www-test.blah.com
</VirtualHost>
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
<VirtualHost *:443>
OTHER STUFF HERE
OTHER STUFF HERE
OTHER STUFF HERE
OTHER STUFF HERE
SSLEngine on
SSLCertificateFile "C:\blah\blah\Apache2\conf\extra\ssl\star.blah.com.crt"
SSLCertificateKeyFile "C:\blah\blah\Apache2\conf\extra\ssl\star.blah.com.key"
ServerName www-test2.blah.com
ServerAlias www-test2.blah.com
</VirtualHost>

Related

Apache: Central Virtual Host configuration per domain

I'm having some problems configuring multiple domains in my apache instance.
I have 2 domains: a.com and b.com
I only want to configure the cert files once, so i have a configuration for a.com and b.com. But if i have something like this:
<VirtualHost *:443>
ServerName a.com
ServerAlias www.a.com *.a.com
SSLEngine On
SSLCertificateFile /path/fullchain-a.pem
SSLCertificateKeyFile /path/privkey-a.pem
</VirtualHost>
<VirtualHost *:443>
ServerName b.com
ServerAlias www.b.com *.b.com
SSLEngine On
SSLCertificateFile /path/fullchain-b.pem
SSLCertificateKeyFile /path/privkey-b.pem
</VirtualHost>
it wont allow me to define subdomains in seperate configuration files. Because of the whole wildcard stuff, it just doesn't care about the following vhosts.
Is there a way to configure the certificates centrally so all subdomain vhosts will automatically default to them, without having to specify the whole path in each and every subdomain config?
So i just need to do this:
<VirtualHost *:443>
ServerName subdomain.b.com
DocumentRoot /var/www/html-b
</VirtualHost>
<VirtualHost *:443>
ServerName subdomain.a.com
DocumentRoot /var/www/html-a
</VirtualHost>
<VirtualHost *:443>
ServerName test.a.com
ServerAlias test.b.com
DocumentRoot /var/www/shared-html
</VirtualHost>
or do i need to specify the certificate paths for each subdomain?
I tried using multiple default vhosts, but it would always default to the fist one.

Apache VirtualHost multiple domain multiple SSL

Hi I have the following use case, I have an application (let's call it foobar) on a remote server /var/www/foobar and I have the following Apache VirtualHost conf
<VirtualHost *:80>
DocumentRoot /var/www
# This is to redirect http traffic to https
Redirect permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/example.com.crt
SSLCertificateKeyFile /etc/ssl/private/example.com.key
SSLCertificateChainFile /etc/ssl/certs/example.com.bundle.crt
ServerName example.com:443
DocumentRoot /var/www/foobar
</VirtualHost>
And its working all fine. Now suppose I have another domain example2.com and I want it to point to the same foobar application. My current thinking is create another VirtualHost below, something like this
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/example2.com.crt
SSLCertificateKeyFile /etc/ssl/private/example2.com.key
SSLCertificateChainFile /etc/ssl/certs/example2.com.bundle.crt
ServerName example2.com:443
DocumentRoot /var/www/foobar
</VirtualHost>
But I was wondering is this the correct way of doing stuff like this? I need both domains to be "independent" so I didn't make a permanent redirect from example2.com to example.com
You can do something like below,You can use the server alias for this, Also I don't see anything wrong in having 2 virtual hosts as well.
<VirtualHost *:443>
ServerName example1.com
ServerAlias example2.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/testlink
</VirtualHost>
If you are getting unable to get a certificate error, you can create a certificate with a wildcard CN. e.g : *.comthis will match both example1.com and example2.com.

Fedora apache server

I've created two virtual hosts on Fedora. I have a websites.config file in /etc/httpd/conf.d directory:
<VirtualHost *:443>
ServerName www.beratyeniceri.com
DocumentRoot /var/www/beratyeniceri.com/public_html
ServerAlias beratyeniceri.com
SSLEngine ON
SSLCertificateFile /etc/httpd/certs/beratyeniceri.com/1000.pem
SSLCertificateKeyFile /etc/httpd/certs/beratyeniceri.com/beratyeniceri.key
ErrorLog logs/virtual.host-error_log
CustomLog logs/virtual.host-access_log combined
</VirtualHost>
<VirtualHost *:443>
ServerName www.tugbanursari.com
DocumentRoot /var/www/tugbanursari.com/public_html
ServerAlias tugbanursari.com
SSLEngine ON
SSLCertificateFile /etc/httpd/certs/tugbanursari.com/1001.pem
SSLCertificateKeyFile /etc/httpd/certs/tugbanursari.com/tugbanur.key
ErrorLog logs/virtual.host-error_log
CustomLog logs/virtual.host-access_log combined
</VirtualHost>
When I run,
service httpd restart
it asks pass phrase for tugbanursari.com, but does not ask for beratyeniceri.com. When I switch their spot, then it only ask for second block. Hence,it skip first site which is on first block. Then, I think it does not work.
How do I fix that?
What is my server ip address to change hosts file for clients?

What's wrong with this simple SSL Vhost declaration?

Any reason why the middle vhost setting is causing an issue w/ Apache? Maybe it's because I don't have the SSL details in there?
<VirtualHost *:80>
ServerName www.windfarmstudios.com
ServerAlias windfarmstudios.com
Redirect permanent / https://windfarmstudios.com
</VirtualHost>
#<VirtualHost *:443>
# ServerName www.windfarmstudios.com
# Redirect permanent / https://windfarmstudios.com
#</VirtualHost>
<VirtualHost *:443>
ServerName windfarmstudios.com
DocumentRoot /var/www/windfarmstudios.com/public_html
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/windfarm.crt
SSLCertificateKeyFile /etc/apache2/ssl/windfarm.key
SSLCACertificateFile /etc/apache2/ssl/windfarm.ca-bundle
</VirtualHost>

Wildcard SSL with Multiple Domains

I have a CentOS/Apache+OpenSSL server. I host two domain names with wildcard sub domains (application logic surfaces the correct site), e.g.
https://*.testing1.com
https://*.testing2.com
It works great over HTTP:-
<VirtualHost *:80>
# Admin email, Server Name (domain name) and any aliases
ServerAdmin webmaster#testing1.com
ServerName testing1.com
ServerName testing2.com
ServerAlias *.testing1.com *.testing2.com
# Index file and Document Root (where the public files are located)
DirectoryIndex index.html index.php
DocumentRoot /home/app/public_html/public
</VirtualHost>
I've purchased two Wildcard SSL certificated for both testing1.com and testing2.com, but I'm unsure how to set it up in this structure:-
<VirtualHost *.testing1.com:443>
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/*.testing1.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/*.testing1.com.key
SSLCACertificateFile /etc/httpd/ssl/geotrust.cer
ServerAdmin john#testing1.com
ServerName testing1.com
ServerAlias *.testing1.com
DirectoryIndex index.html index.php
DocumentRoot /home/app/public_html/public
</VirtualHost>
<VirtualHost *.testing2.com:443>
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/*.testing2.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/*.testing2.com.key
SSLCACertificateFile /etc/httpd/ssl/geotrust.cer
ServerAdmin john#testing2.com
ServerName testing2.com
ServerAlias *.testing2.com
DirectoryIndex index.html index.php
DocumentRoot /home/app/public_html/public
</VirtualHost>
The above for the SSL doesn't work, with the *.testing1.com definition, nor with just testing1.com.
I will also need to repeat this for testing2.com
Name-based virtualhosts and SSL wil only work if all the virtualhosts are within the same domain and you have a wildcard SSL certificate for that domain.
But you have 2 different domains.
In this case it will only work if you give each SSL-enabled virtualhost it's own IPaddress.
So you should use IP-based virtualhosts, not Name-based.
Explanation:
The ServerName which is requested, is contained in the HTTP request headers, but before that the SSL encryption must be already setup. So the ServerName is only available after the encryption has been setup. Therefore Apache can never know which SSL certificate te serve up and wil just use the first one available on that particular IPaddress.
With the single dedicated IP we can configure domain-based wildcard SSL in centos + apache2.2 server.
Hope the configurations below will help you guys!!
NameVirtualHost IP:80
NameVirtualHost IP:443
Domain 1
<VirtualHost IP:80>
ServerName abc.domain1.com
DocumentRoot /var/www/html/domain1
</VirtualHost>
<VirtualHost IP:443>
ServerName *.domain1.com
DocumentRoot /var/www/html/domain1
SSLEngine On
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /var/www/html/domain1/cert/5465456.crt
SSLCertificateKeyFile /var/www/html/domain1/cert/domain1.com.key
SSLCertificateChainFile /var/www/html/domain1/cert/g2-g1.crt
</VirtualHost>
Domain 2
<VirtualHost IP:80>
ServerName abc.domain2.com
DocumentRoot /var/www/html/domain2
</VirtualHost>
<VirtualHost IP:443>
ServerName abc.domain2.com
DocumentRoot /var/www/html/domain2
SSLEngine On
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /var/www/html/domain2/cert/5465456.crt
SSLCertificateKeyFile /var/www/html/domain2/cert/domain1.com.key
SSLCertificateChainFile /var/www/html/domain2/cert/g2-g1.crt
</VirtualHost>