As far as I understand, you have vhost1 *:443 siteA.com vhost2 *:443 Zsize.com If the definitions are included in this order, vhost1 is the default selection initially. Then the client host name is inspected (send via TLS as SNI). If it *matches* any other vhost, that vhost is then taken. Otherwise it stays on vhost1. > Am 02.04.2020 um 12:19 schrieb Gianluca Gargiulo <gianluca.gargiulo@xxxxxxxxxxxx>: > > Hi, > > nice to partecipate to this list > I have a question: > > > i have many virtual-host on apache for http and https pointing same web application folder > > /var/www/website1 --> /var/www/clients/client2/web1107/web > > following this schema https://pastebin.com/raw/s6WacZzd > > WebApplication has many domain list in db and impersonate that domains. > > > 1) for http://website1.example.com and http://www.httpwebsite[1-1000].com there is this configuration > > > <Directory /var/www/website1> > AllowOverride None > Require all denied > </Directory> > > <VirtualHost *:80> > > DocumentRoot /var/www/clients/client2/web1107/web > > ServerName website1.example.com > ServerAlias www.httpwebsite1.com > ServerAlias www.httpwebsite2.com > ServerAlias www.httpwebsite3.com > ServerAlias www.httpwebsite4.com > ServerAlias www.httpwebsite5.com > ServerAdmin webmaster@xxxxxxxxxxxxxxxxxxxx > > > ErrorLog /var/log/ispconfig/httpd/website1/error.log > > > <IfModule mod_ssl.c> > </IfModule> > > <Directory /var/www/website1/web> > # Clear PHP settings of this website > <FilesMatch ".+\.ph(p[345]?|t|tml)$"> > SetHandler None > </FilesMatch> > Options +FollowSymLinks > AllowOverride All > Require all granted > </Directory> > <Directory /var/www/clients/client2/web1107/web> > # Clear PHP settings of this website > <FilesMatch ".+\.ph(p[345]?|t|tml)$"> > SetHandler None > </FilesMatch> > Options +FollowSymLinks > AllowOverride All > Require all granted > </Directory> > # suexec enabled > <IfModule mod_suexec.c> > SuexecUserGroup web1107 client2 > </IfModule> > <IfModule mod_fastcgi.c> > <Directory /var/www/clients/client2/web1107/cgi-bin> > Require all granted > </Directory> > <Directory /var/www/website1/web> > <FilesMatch "\.php[345]?$"> > SetHandler php-fcgi > </FilesMatch> > </Directory> > <Directory /var/www/clients/client2/web1107/web> > <FilesMatch "\.php[345]?$"> > SetHandler php-fcgi > </FilesMatch> > </Directory> > Action php-fcgi /php-fcgi virtual > Alias /php-fcgi /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 > FastCgiExternalServer /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 -idle-timeout 300 -socket /var/lib/php7.0-fpm/web1107.sock -pass-header Authorization -pass-header Content-Type > </IfModule> > <IfModule mod_proxy_fcgi.c> > #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.0-fpm/web1107.sock|fcgi://localhost//var/www/clients/client2/web1107/web/$1 > <Directory /var/www/clients/client2/web1107/web> > <FilesMatch "\.php[345]?$"> > SetHandler "proxy:unix:/var/lib/php7.0-fpm/web1107.sock|fcgi://localhost" > </FilesMatch> > </Directory> > </IfModule> > > > > # add support for apache mpm_itk > <IfModule mpm_itk_module> > AssignUserId web1107 client2 > </IfModule> > > <IfModule mod_dav_fs.c> > # Do not execute PHP files in webdav directory > <Directory /var/www/clients/client2/web1107/webdav> > <ifModule mod_security2.c> > SecRuleRemoveById 960015 > SecRuleRemoveById 960032 > </ifModule> > <FilesMatch "\.ph(p3?|tml)$"> > SetHandler None > </FilesMatch> > </Directory> > DavLockDB /var/www/clients/client2/web1107/tmp/DavLock > # DO NOT REMOVE THE COMMENTS! > # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! > # WEBDAV BEGIN > # WEBDAV END > </IfModule> > /VirtualHost> > > > > 2) for https://website1.example.com i have another virtual host config file > > > <IfModule mod_ssl.c> > <VirtualHost *:443> > > DocumentRoot /var/www/clients/client2/web1107/web > > ServerName website1.example.com > ServerAdmin webmaster@xxxxxxxxxxxxxxxxxxxx > > > ErrorLog /var/log/ispconfig/httpd/website1/error.log > > > <IfModule mod_ssl.c> > </IfModule> > <Directory /var/www/website1/web> > # Clear PHP settings of this website > <FilesMatch ".+\.ph(p[345]?|t|tml)$"> > SetHandler None > </FilesMatch> > Options +FollowSymLinks > AllowOverride All > Require all granted > </Directory> > <Directory /var/www/clients/client2/web1107/web> > # Clear PHP settings of this website > <FilesMatch ".+\.ph(p[345]?|t|tml)$"> > SetHandler None > </FilesMatch> > Options +FollowSymLinks > AllowOverride All > Require all granted > </Directory> > > > > > # suexec enabled > <IfModule mod_suexec.c> > SuexecUserGroup web1107 client2 > </IfModule> > <IfModule mod_fastcgi.c> > <Directory /var/www/clients/client2/web1107/cgi-bin> > Require all granted > </Directory> > <Directory /var/www/website1/web> > <FilesMatch "\.php[345]?$"> > SetHandler php-fcgi > </FilesMatch> > </Directory> > <Directory /var/www/clients/client2/web1107/web> > <FilesMatch "\.php[345]?$"> > SetHandler php-fcgi > </FilesMatch> > </Directory> > Action php-fcgi /php-fcgi virtual > Alias /php-fcgi /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 > FastCgiExternalServer /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 -idle-timeout 300 -socket /var/lib/php7.0-fpm/web1107.sock -pass-header Authorization -pass-header Content-Type > </IfModule> > <IfModule mod_proxy_fcgi.c> > #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.0-fpm/web1107.sock|fcgi://localhost//var/www/clients/client2/web1107/web/$1 > <Directory /var/www/clients/client2/web1107/web> > <FilesMatch "\.php[345]?$"> > SetHandler "proxy:unix:/var/lib/php7.0-fpm/web1107.sock|fcgi://localhost" > </FilesMatch> > </Directory> > </IfModule> > > > > # add support for apache mpm_itk > <IfModule mpm_itk_module> > AssignUserId web1107 client2 > </IfModule> > > <IfModule mod_dav_fs.c> > # Do not execute PHP files in webdav directory > <Directory /var/www/clients/client2/web1107/webdav> > <ifModule mod_security2.c> > SecRuleRemoveById 960015 > SecRuleRemoveById 960032 > </ifModule> > <FilesMatch "\.ph(p3?|tml)$"> > SetHandler None > </FilesMatch> > </Directory> > DavLockDB /var/www/clients/client2/web1107/tmp/DavLock > # DO NOT REMOVE THE COMMENTS! > # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! > # WEBDAV BEGIN > # WEBDAV END > </IfModule> > > SSLCertificateFile /etc/letsencrypt/live/website1.example.com/fullchain.pem > SSLCertificateKeyFile /etc/letsencrypt/live/website1.example.com/privkey.pem > Include /etc/letsencrypt/options-ssl-apache.conf > </VirtualHost> > </IfModule> > > > > > 3) for https://www.httpwebsite1.com i have another virtual host config file > > > <IfModule mod_ssl.c> > <VirtualHost *:443> > > DocumentRoot /var/www/clients/client2/web1107/web > > ServerName www.httpwebsite1.com > ServerAdmin webmaster@xxxxxxxxxxxxxxxx > > > ErrorLog /var/log/ispconfig/httpd/website1/error.log > > > <IfModule mod_ssl.c> > </IfModule> > > <Directory /var/www/website1/web> > # Clear PHP settings of this website > <FilesMatch ".+\.ph(p[345]?|t|tml)$"> > SetHandler None > </FilesMatch> > Options +FollowSymLinks > AllowOverride All > Require all granted > </Directory> > <Directory /var/www/clients/client2/web1107/web> > # Clear PHP settings of this website > <FilesMatch ".+\.ph(p[345]?|t|tml)$"> > SetHandler None > </FilesMatch> > Options +FollowSymLinks > AllowOverride All > Require all granted > </Directory> > > > > > # suexec enabled > <IfModule mod_suexec.c> > SuexecUserGroup web1107 client2 > </IfModule> > <IfModule mod_fastcgi.c> > <Directory /var/www/clients/client2/web1107/cgi-bin> > Require all granted > </Directory> > <Directory /var/www/website1/web> > <FilesMatch "\.php[345]?$"> > SetHandler php-fcgi > </FilesMatch> > </Directory> > <Directory /var/www/clients/client2/web1107/web> > <FilesMatch "\.php[345]?$"> > SetHandler php-fcgi > </FilesMatch> > </Directory> > Action php-fcgi /php-fcgi virtual > Alias /php-fcgi /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 > FastCgiExternalServer /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 -idle-timeout 300 -socket /var/lib/php7.0-fpm/web1107.sock -pass-header Authorization -pass-header Content-Type > </IfModule> > <IfModule mod_proxy_fcgi.c> > #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.0-fpm/web1107.sock|fcgi://localhost//var/www/clients/client2/web1107/web/$1 > <Directory /var/www/clients/client2/web1107/web> > <FilesMatch "\.php[345]?$"> > SetHandler "proxy:unix:/var/lib/php7.0-fpm/web1107.sock|fcgi://localhost" > </FilesMatch> > </Directory> > </IfModule> > > > > # add support for apache mpm_itk > <IfModule mpm_itk_module> > AssignUserId web1107 client2 > </IfModule> > > <IfModule mod_dav_fs.c> > # Do not execute PHP files in webdav directory > <Directory /var/www/clients/client2/web1107/webdav> > <ifModule mod_security2.c> > SecRuleRemoveById 960015 > SecRuleRemoveById 960032 > </ifModule> > <FilesMatch "\.ph(p3?|tml)$"> > SetHandler None > </FilesMatch> > </Directory> > DavLockDB /var/www/clients/client2/web1107/tmp/DavLock > # DO NOT REMOVE THE COMMENTS! > # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! > # WEBDAV BEGIN > # WEBDAV END > </IfModule> > > SSLCertificateFile /etc/letsencrypt/live/www.httpwebsite1.com/fullchain.pem > SSLCertificateKeyFile /etc/letsencrypt/live/www.httpwebsite1.com/privkey.pem > Include /etc/letsencrypt/options-ssl-apache.conf > </VirtualHost> > </IfModule> > > > I user call http://website1.example.com apache serve web application on virtualhost1 and web application redirect to https://website1.example.com, than served by Virtualhost2 > It's same with http://www.httpwebsite1.com served by virtualhost1: the web application redirect to https://www.httpwebsite1.com, thank served by VirtuaHost3 > If i call http://www.httpwebsite2[2-1000], served by Virtulhost1 it's ok, but if i call https://www.httpwebsite[2-1000].com there is the issue. Apache serve user call by VirtualHost3 giving the VirtulHost3 ssl Certificate. > > I'ts possible stop this Apache behavior? > > > Thanks > Gianluca Gargiulo --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|