Re: Multiple SSL vhosts problem (Apache Users)

Re: Multiple SSL vhosts problem

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: users@xxxxxxxxxxxxxxxx

Subject: Re: Multiple SSL vhosts problem

From: Theodotos Andreou <theo@xxxxxxxxxxxx>

Date: Sat, 06 Sep 2014 09:01:24 +0300

In-reply-to: <540A8998.5080708@ubuntucy.org>

Reply-to: users@xxxxxxxxxxxxxxxx

User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0

I found the error:

<VirtualHost *:80>
   ServerName logs.markouassociates.com
   ServerName logs

The last line should be ServerAlias instead of ServerName.

Apparently working at night is not my best :)

Thanks for the support guys!

On 06/09/2014 07:12 πμ, Theodotos Andreou wrote:

After some sleep I figured out that the problem was the incorrect redirection.

So if I call https directly it works. For example https://sub2.myexample.com will get me to the right location.

If I visit http://sub2.myexample.com it redirects to https://sub1.myexample.com

This is the first configuration I tried:
<VirtualHost *:80>
   ServerName logs.markouassociates.com
   ServerName logs

   RewriteCond %{HTTPS} !=on

   RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
and this is the second:
<VirtualHost *:80>
   ServerName logs.markouassociates.com
   ServerName logs

   Redirect permanent / https://sub2.example.com/
</VirtualHost>
but none of them worked.

I do not use any https redirection on sub1.example.com. https is enforced by the application rather than apache config.

On 06/09/2014 01:28 πμ, Yehuda Katz wrote:
You don't need NameVirtualHost, but you do need ServerName and/or ServerAlias directives to tell apache which ghost serves which site.

- Y

Sent from a gizmo with a very small keyboard and hyperactive autocorrect.

On Sep 5, 2014 6:07 PM, "Theodotos Andreou" <theo@xxxxxxxxxxxx> wrote:

Hi guys. I am trying to setup two SSL vhosts on apache but getting redirected to the first one.

I read this guide:
https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
Apparently that guide about SNI is old since the NameServer directive seems to be deprecated on mine:
AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/apache2/conf-enabled/namevirtualhost.conf:1

And this FAQ:
https://httpd.apache.org/docs/current/ssl/ssl_faq.html#vhosts2

I am using a wildcard cert for both vhosts

# apache2 -version
Server version: Apache/2.4.7 (Ubuntu)
Server built: Jul 22 2014 14:36:38
This is the stock apache from Ubuntu 14.04.01

SSLStrictSNIVHostCheck has not been enabled:

        #   Whether to forbid non-SNI clients to access name based virtual hosts.
        #   Default: Off
        #SSLStrictSNIVHostCheck On

Any hints to the right direction? How can I troubleshoot this issue further?