VirtualHosts and mod_ssl

Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can!

Moderator: General Moderators

Post Reply
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

VirtualHosts and mod_ssl

Post by neophyte »

I've got a virtual host "somesite.com" running on 443/ssl (mod_ssl) on a separate IP address. When someone types http://somesite.com, right now the default virtual host is served up. What do I need to do in order to get apache to catch that server name "somesite.com" and redirect it to ssl on the correct virtual host? I hope that makes sense. If it doesn't feel free to reply "wtf"....

Thanks
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

If i'm not mistaken, you would have to add a virtualhost just as with regular apache...

By heart:

Code: Select all

NameVirtualHost *:443

<VirtualHost 192.168.1.11:443>
  hostname     somehost
  rootdir          /var/wwws/somehost
  enablessl
</Virtualhost>
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

Here a few more details i've got...

NameVirtualHost 11.11.111.1

running on one port....

<VirtualHost 11.11.111.1>
ServerName thissite.com
</VirtualHost>

Then I've got a second IP like:

NameVirtualHost *:443
<VirtualHost 22.22.222.222>
ServerName somesite.com
SSLEngine on
</VirtualHost>

When you make an https://somesite.com you get somesite.com's content.

When you make an http://somesite.com you get the content of the default VirtualHost running on 80 thissite.com.

So the question is how do I set it up so port 80 connections to somesite.com end up secure and deliver somesite.com content.

I tried adding another virtual host under port 80 with the same server name and I got the same results described above...
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Not 100% but I'd be looking down the mod_proxy route myself.... As I say, not 100% just a thought :)

i.e. Use mod_proxy to forward connection to somesite.com:80 over to somesite.com:443
redmonkey
Forum Regular
Posts: 836
Joined: Thu Dec 18, 2003 3:58 pm

Post by redmonkey »

A simple mod_rewrite rule will suffice....

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} !^on [NC]
RewriteRule (.*) https://somesite.com/$1 [R]
Should work fine either in a .htaccess file within the root of your http virtual host or in the main httpd.conf file within your virtual host config.
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

Thanks I'll give it a try. But I'm not sure what it does. Can you explain?
redmonkey
Forum Regular
Posts: 836
Joined: Thu Dec 18, 2003 3:58 pm

Post by redmonkey »

When a request is made to your default (port 80) server it hits the RewriteCondition and only if that condition is met will the RewriteRule be applied.

The RewriteCondition is essentially an 'if' statement which checks the request method is not https. If it is not https then the RewriteRule will be applied.

The RewriteRule is a very simple one. Basically it takes any request and redirects it to your https server.

Technically the RewriteCondition should use SERVER_PROTOCOL and not HTTPS but I have found this to be 'flaky' on some versions of Apache.

You could also use the more simplistic 'Redirect' directive but I've also seen problems with that approach too, anything from simply not redirecting through to endless loop redirects.

I've found the above mod_rewrite to be the most reliable solution.
User avatar
neophyte
DevNet Resident
Posts: 1537
Joined: Tue Jan 20, 2004 4:58 pm
Location: Minnesota

Post by neophyte »

I tried the redirect method and generated an endless loop today! :lol: :oops: :lol:

I saw in my search mod_rewrite but I didn't find anything that would work. I'll give this a shot and see how it goes!

Thanks again for the tip and the explanation!
redmonkey
Forum Regular
Posts: 836
Joined: Thu Dec 18, 2003 3:58 pm

Post by redmonkey »

If you have any problems please provide details of your exact Apache version, OS and also if you are running it from .htaccess or httpd.conf.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Now i have access to my the webserver, here is a modified example (it should redirect all requests for http://example.com/awstats to https://example.com/awstats)

apache httpd.conf

Code: Select all

<VirtualHost 192.168.1.11>
        ServerName example.com
        DocumentRoot/var/www/example.com
        Redirect /awstats https://example.com/awstats
</VirtualHost>
apache-ssl httpd.conf

Code: Select all

<VirtualHost  192.168.1.11:443>
        ServerName example.com
        DocumentRoot /var/www/example.com
        # For awstats
        Alias /awstatsclasses "/var/wwws/example.com/awstats/awstatsclasses"
        Alias /awstats "/var/wwws/example.com/awstats/awstatsclasses/www"
        SSLEnable
</VirtualHost>
Post Reply