Apache + SSL + Virtual Hosts

otisthegbs · 10-04-2004, 01:50 PM

I'm currently running RH9 and Apache 2.0.40 with mod_ssl. I have two domains that I own, the first domain (from now on, know as tld-1.com) has two hosts (from now on know as host-1 and host-2) my second domain (tld-2.com) has three hosts (host-1 host-2 securehost-1)

The problem is that when I enable ssl (yes my certificate is certified- cacert.org, the gods gift to open source) all of the other virtual hosts give me NOTHING but the 400 Bad Request error. I can't figure out why. There is of course two conf files for this, httpd.conf and ssl.conf. Now it seems to me that apache parses the ssl.conf file first before the httpd.conf, that's just my theory. Here a mockup of my httpd.conf file, see if you can spot the prob.

NameVirtualHost tld-1.com

<VirtualHost tld-1.com>
ServerAdmin admin@tld-1.com
DocumentRoot /var/www/html/tld-1.com
ServerName tld-1.com
ErrorLog logs/tld-1.com-error_log
CustomLog logs/tld-1.com-access_log common
</VirtualHost>
<VirtualHost host-2.tld-1.com>
ServerAdmin admin@tld-1.com
DocumentRoot /var/www/html/tld-1.com/host-2
ServerName host-2.tld-1.com
ErrorLog logs/host-2-tld-1.com-error_log
CustomLog logs/host-2-tld-1.com-access_log common
</VirtualHost>
<VirtualHost tld-2.com>
ServerAdmin admin@tld-2.com
DocumentRoot /var/www/html/tld-2.com
ServerName tld-2.com
ErrorLog logs/tld-2.com-error_log
CustomLog logs/tld-2.com-access_log common
</VirtualHost>
<VirtualHost host-2.tld-2.com>
ServerAdmin admin@tld-2.com
DocumentRoot /var/www/html/tld-2.com/host-2
ServerName host-2.tld-2.com.
ErrorLog logs/tld-2.com-host-2-error_log
CustomLog logs/tld-2.com-host-2-access_log common
</VirtualHost>

then the ssl.conf file looks like this

<VirtualHost securehost-1.tld-2.com>
ServerAdmin admin@tld-2.com
DocumentRoot /usr/local/nocat/htdocs
ServerName tld-2.com
ErrorLog logs/securehost-1.tld-2.com-error_log
CustomLog logs/securehost-1.tld-2.com-access_log common
ScriptAlias /cgi-bin/ /usr/local/nocat/cgi-bin/
<Directory /usr/local/nocat/cgi-bin>
SetEnv PERL5LIB /usr/local/nocat/lib
SetEnv NOCAT /usr/local/nocat/nocat.conf
</Directory>
# SetEnvIf User-Agent ".*MSIE.*" \
# nokeepalive ssl-unclean-shutdown \
# downgrade-1.0 force-response-1.0
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

btmiller · 10-04-2004, 03:38 PM

Looks like you're trying to set up your secure host as a name based virtual host. Sadly, name based virtual hosts and SSL do not work together. You'll need to make your secure host IP based (you don't need a new IP address, just send all port 443 [HTTPS] requests to the secure host), while the others can use name based virtual hosting. So instead of

<VirtualHost securehost-1.tld-2.com>

you need

<VirtualHost *:443>

to refer to your secure host.

If you want more than one secure virtual host, you'll need to acquire another IP address for the machine and put the appropraite IP address in instead of the *.

otisthegbs · 10-04-2004, 04:14 PM

K, so i did that and all the regular virtual hosts show up, which is great but the url https://securehost-1.tld-2.com now has a popup error from firefox saying

Quote:

The connection to securehost-1.tld-2.com has terminated unexpectanly. Some data may have been transferred.

otisthegbs · 10-05-2004, 07:59 PM

So my basic understanding is this: in apache you can only have TWO virtual hosts IF one of them is SSL

basically
<VirtualHost *:443>
means ALL 443 traffic goes here
<VirtualHost whatever>
ALL other traffic goes here

cause thats the only way i can get it to go. which sucks cause i have 4 virtual servers in addition to the SSL one.