wrong vhost reported as default by Apache

deesto · 05-20-2009, 10:46 AM

Trying to make sense of an Apache configuration that's all over the map. The relevant files are:
/etc/httpd/conf/httpd.conf
/etc/httpd/conf.d/*.conf (several files, including ssl.conf)
/etc/httpd/virtualhosts.d/*.conf (1 file)

The files in conf.d/ and virtualhosts.d/ are pulled in via Include directives after NameVirtualHost *:80, and two vhosts are also defined in httpd.conf itself.

I would like the server defined by a virtual host in ssl.conf to be considered the "default" server, meaning if Apache reports a server error or other problem, I would like it to come on behalf of this server. The main problem is that even though the vhost in ssl.conf is defined with <VirtualHost _default_:443>, one of the non-SSL vhosts (the one in virtualhosts.d/, actually) shows up as the server name in client error messages (Not found, Forbidden, etc.).

Apache says the config syntax is okay and reports the following:

Code:

# apachectl -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
_default_:443          main.site.com (/etc/httpd/conf.d/ssl.conf:88)
*:80                   is a NameVirtualHost
         default server some.vhost.com (/etc/httpd/virtualhost.d/some.vhost.com-80:1)
         port 80 namevhost some.vhost.com (/etc/httpd/virtualhost.d/some.vhost.com-80:1)
         port 80 namevhost another.virtualhost.com (/etc/httpd/conf/httpd.conf:1028)
         port 80 namevhost main.site.com (/etc/httpd/conf/httpd.conf:1040)

Here, main.site.com:443 is correctly defined as _default_, but some.vhost.com shows up as the "default server" and the server name displayed in error messages. main.site.com:80 contains only a rewrite to send all requests to port 443. I tried adding a default directive there, in case a default on port 80 was required, but Apache returned warnings:

Code:

[warn] _default_ VirtualHost overlap on port 80, the first has precedence
[warn] NameVirtualHost *:80 has no VirtualHosts

Is there a way to tell Apache to return the _default_:443 vhost as the "default server"?

archangel_617b · 05-20-2009, 01:08 PM

Quote:

Originally Posted by deesto

Is there a way to tell Apache to return the _default_:443 vhost as the "default server"?

The short answer is "no".

The longer explanation is that there are two parts: your standard port 80 and your HTTPS on port 443. Virtual hosts have different IPs or ports. So you have basically two "real" hosts, one on port 80 and the other on port 443. On port 80, it's just picking your first port 80 virtual host as the default (my guess).

On port 443, you've only got one virtual host so you wouldn't have anything that wasn't default anyhow.

So to me it looks like you need to remove the "_default_" statement from your port 443 host and then I think your port 80 one should work and successfully redirect clients to the HTTPS site.

Hope this helps,

- Arch

deesto · 05-21-2009, 08:00 AM

Thanks Arch. Makes sense, though I wish Apache's configuration didn't work that way. Still, I've tried to fix it by removing the _default_ definition from the vhost in ssl.conf, and adding it to the vhost on port 80 in httpd.conf that redirects to 443. Yet it looks like nothing changed: Apache still reports the "default server" to be the one defined in virtualhost.d/ . Is this because its Include directive occurs physically before the others in httpd.conf? If so, I may have a problem, as I need the last host to serve as a fall-through, such that any requests not addressed in previous vhost definitions would be redirected to the SSL port.

archangel_617b · 05-21-2009, 10:29 AM

Hm, yeah I've had issues too with how apache picks the virtual host. At some point, I basically resorted to stacking my vhosts such that the one I wanted as the default was included first in the apache config.

- Arch