Solutions to Apache SSL Virtual Host woes (for dynamic IP too)
So I've wracked my brain for the last 24 hours reading and playing with a stock installation of Mandrake Linux 9.2 with MySQL, PHP, and mod_ssl for apache.
My goal was to get name-based Virtual Hosts working so that multiple domains resolving to my server's Internet routable IP would point to specific folders on my server.
I wanted silly.somedomain.com pointing to /home/silly/www
misc.somedomain.com pointing to /home/misc/www
and harv.somedomain.com pointing to /var/www/html
In Mandrake 9.2 (and i think for 9.1 too), the default installation of Apache includes .conf files in /etc/httpd/conf and /etc/httpd/conf/vhosts and /etc/httpd/conf.d/
Now as seen in many other threads (I'll reference at the end of this post), after you add the Virtualhost directives to /etc/httpd/conf/vhosts/Vhosts.conf in a fashion for name-based virtual hosting, things mess up.
This problem arises because SSL Vhosts is already set-up by default when installing Apache with Mandrake 9.2. (though this probably doesn't only apply to Mandrake). Looking at the file /etc/httpd/conf.d/41_mod_ssl.default-vhost.conf you'll see the following near the start of the file:
Quotes from http://httpd.apache.org/docs-2.0/mod/core.html
Now the solutions!
First, ensure that Apache is allowed to serve files from /home/users/www (in my case at least). The file /etc/httpd/conf/commonhttpd.conf is set to be restrictive on files outside of /var/www/html.
But it also acts a little strange:
both go to the same page as https://harv.somedomain.com/.
However, https://silly.somedomain.com/webpage.html and https://misc.somedomain.com/webpage2.html end up going nowhere. Anyone care to explain?
So now only https://harv.somedomain.com/ can use SSL. I've also yet to try accessing these virtual hosts from my LAN which is behind this Linux-based web server/firewall.
Note that this means that only one certificate can be given out among these virtual hosts. But this is a limitation of name-based Virtual hosting and not of my proposed fix. It is a much discussed fact that you need multiple IP's each with their own domain name in order for your server to distribute unique certificates to visitors of those websites. i.e. only one of your virtual hosts using the given external IP can now use SSL.
There is another solution in which you replace the '*' wildcards with the actual numeric IP address in the file /etc/httpd/conf/vhosts/Vhosts.conf. But I believe this is called an IP-based virtual host. I'll test this solution out later... I've already spent too long on this... does anyone have any explanations why what I tried works?
Ok, now I've tried the other method, and after 2-3 hours of screwing around with the Vhosts.conf file and the 41_mod_ssl.default-vhost.conf, I've finally figured it out. This method works best with a static IP.
In the file /etc/httpd/conf/vhosts/Vhosts.conf.
Replace the '*'s (asterisks) with your IP and port 80 like below
Thanks - totally resolved my issue!
Thanks Silly22, your solution helped me save a couple of hours. Only if I saw this yesterday...
I ended up using your first method just because it suited best for my project. Thanks!
|All times are GMT -5. The time now is 11:39 AM.|