apache vhosts w/ namevirtualhosts ans ssl

odious1 · 02-15-2005, 06:33 PM

I have played with a number of different configurations and just cannot get this worked out. I guess I would be happy to implement a way for apache to serve up nothing if the match is not perfect. But just to get it to serve one default port 80 page would be great.

Basically I have:

listen 80
listen 443
listen 888

namevirtualhosts 192.168.0.1:80

<virtualhost 192.168.0.1:80>
servername mydomain.com
</virtual host>

<virtualhost 192.168.0.1:80>
servername anotherdomain.com
</virtualhost>

<virtualhost 192.168.0.1:80>
servername webmail.anotherdomain.com
</virtual host>

<virtualhost 192.168.0.1:443>
servername webmail.mydomain.com
SSLEngine on
</virtualhost>

<virtualhost 192.168.0.1:888>
servername database.mydomain.com
SSLEngine on
</virtual host>

Basically apache is picking the closest match for each http and https. So if I enter http://webmail.mydomain.com it serves mydomain.com which is the firs http in the list. It is making the request on port 80.

If I enter https://mydomain.com it serves webmail.mydomain.com. There has to be a way to handle people not entering the correct protocol.

I would be happy with a catch everything but a perfect match where I could redirect or something.

I appreciate any ideas.

Tom

twantrd · 02-16-2005, 02:06 AM

Look into redirect. mod_rewrite is needed by apache for that to happen.

-twantrd

eagles-lair · 02-16-2005, 05:15 AM

The Apache users email list is a great source of help. I currently run 13 vhosts on a 1.3.28 or on a 1.3.31 (both on removeable drives on the same machine - with a minimum of fuss.

If you get badly stuck, we could talk privately about detail in your httpd.conf file that might be the problem.

I run a D-Link DSL-504 router with port forwarding on port 80. There was no difficulty setting that up, either.

Get back to me if you need to, I'm no expert

odious1 · 02-17-2005, 04:31 PM

I finally broke down and used two of my public ip's to solve this. The all the port 80 stuff resolves to one ip and is sorted out by namevirtuahost directive. The each ssl virtual host then gets its own ip. Now if the client enters http for a ssl enabled page (or conversly https for a port 80) it of course resolves but times out because my firewall explicitly names 443 (or 80) port for fowarding.

Just seems like there would be a solution other than burning ip's. I will need them back soon so please offer up any ideas

nazdrowie · 02-17-2005, 08:48 PM

I'm no expert by any means, but it definitely sounds like your problem is related to the fact that you can't run SSL with name-based virtual hosts:

http://httpd.apache.org/docs-2.0/vhosts/name-based.html

(check the second bullet from the top, which says:
"Name-based virtual hosting cannot be used with SSL secure servers because of the nature of the SSL protocol.")

eagles-lair · 02-17-2005, 09:10 PM

nazdrowie that's what it looks like from here too.

The main problem with Apache documentation is the amount of it (so much) and not knowing where of many places you can find the bit you need right now!

And as mentioned before, their user lists are very forgiving towards people who have looked and not found the answers.