Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: http and https overlap in virtual host | apache 2.4.25 deb9 |
|
| Author |
|
jangar
Joined: 02 Apr 2020
Posts: 1
Location: Italy,Naples
|
 Posted: Thu 02 Apr '20 13:24 Post subject: http and https overlap in virtual host | apache 2.4.25 deb9 |
 |
|
Hi,
nice to partecipate to this list
I have a question:
i have many virtual-host on apache for http and https pointing same web application folder
/var/www/website1 --> /var/www/clients/client2/web1107/web
following this schema https://pastebin.com/raw/s6WacZzd
WebApplication has many domain list in db and impersonate that domains.
1) for http://website1.example.com and http://www.httpwebsite[1-1000].com there is this configuration
| Code: | <Directory /var/www/website1>
AllowOverride None
Require all denied
</Directory>
<VirtualHost *:80>
DocumentRoot /var/www/clients/client2/web1107/web
ServerName website1.example.com
ServerAlias www.httpwebsite1.com
ServerAlias www.httpwebsite2.com
ServerAlias www.httpwebsite3.com
ServerAlias www.httpwebsite4.com
ServerAlias www.httpwebsite5.com
ServerAdmin webmaster@website1.example.com
ErrorLog /var/log/ispconfig/httpd/website1/error.log
<IfModule mod_ssl.c>
</IfModule>
<Directory /var/www/website1/web>
# Clear PHP settings of this website
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler None
</FilesMatch>
Options +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Directory /var/www/clients/client2/web1107/web>
# Clear PHP settings of this website
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler None
</FilesMatch>
Options +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# suexec enabled
<IfModule mod_suexec.c>
SuexecUserGroup web1107 client2
</IfModule>
<IfModule mod_fastcgi.c>
<Directory /var/www/clients/client2/web1107/cgi-bin>
Require all granted
</Directory>
<Directory /var/www/website1/web>
<FilesMatch "\.php[345]?$">
SetHandler php-fcgi
</FilesMatch>
</Directory>
<Directory /var/www/clients/client2/web1107/web>
<FilesMatch "\.php[345]?$">
SetHandler php-fcgi
</FilesMatch>
</Directory>
Action php-fcgi /php-fcgi virtual
Alias /php-fcgi /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1
FastCgiExternalServer /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 -idle-timeout 300 -socket /var/lib/php7.0-fpm/web1107.sock -pass-header Authorization -pass-header Content-Type
</IfModule>
<IfModule mod_proxy_fcgi.c>
#ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.0-fpm/web1107.sock|fcgi://localhost//var/www/clients/client2/web1107/web/$1
<Directory /var/www/clients/client2/web1107/web>
<FilesMatch "\.php[345]?$">
SetHandler "proxy:unix:/var/lib/php7.0-fpm/web1107.sock|fcgi://localhost"
</FilesMatch>
</Directory>
</IfModule>
# add support for apache mpm_itk
<IfModule mpm_itk_module>
AssignUserId web1107 client2
</IfModule>
<IfModule mod_dav_fs.c>
# Do not execute PHP files in webdav directory
<Directory /var/www/clients/client2/web1107/webdav>
<ifModule mod_security2.c>
SecRuleRemoveById 960015
SecRuleRemoveById 960032
</ifModule>
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
</Directory>
DavLockDB /var/www/clients/client2/web1107/tmp/DavLock
# DO NOT REMOVE THE COMMENTS!
# IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
# WEBDAV BEGIN
# WEBDAV END
</IfModule>
</VirtualHost> |
2) for https://website1.example.com i have another virtual host config file
| Code: | <IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/clients/client2/web1107/web
ServerName website1.example.com
ServerAdmin webmaster@website1.example.com
ErrorLog /var/log/ispconfig/httpd/website1/error.log
<IfModule mod_ssl.c>
</IfModule>
<Directory /var/www/website1/web>
# Clear PHP settings of this website
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler None
</FilesMatch>
Options +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Directory /var/www/clients/client2/web1107/web>
# Clear PHP settings of this website
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler None
</FilesMatch>
Options +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# suexec enabled
<IfModule mod_suexec.c>
SuexecUserGroup web1107 client2
</IfModule>
<IfModule mod_fastcgi.c>
<Directory /var/www/clients/client2/web1107/cgi-bin>
Require all granted
</Directory>
<Directory /var/www/website1/web>
<FilesMatch "\.php[345]?$">
SetHandler php-fcgi
</FilesMatch>
</Directory>
<Directory /var/www/clients/client2/web1107/web>
<FilesMatch "\.php[345]?$">
SetHandler php-fcgi
</FilesMatch>
</Directory>
Action php-fcgi /php-fcgi virtual
Alias /php-fcgi /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1
FastCgiExternalServer /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 -idle-timeout 300 -socket /var/lib/php7.0-fpm/web1107.sock -pass-header Authorization -pass-header Content-Type
</IfModule>
<IfModule mod_proxy_fcgi.c>
#ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.0-fpm/web1107.sock|fcgi://localhost//var/www/clients/client2/web1107/web/$1
<Directory /var/www/clients/client2/web1107/web>
<FilesMatch "\.php[345]?$">
SetHandler "proxy:unix:/var/lib/php7.0-fpm/web1107.sock|fcgi://localhost"
</FilesMatch>
</Directory>
</IfModule>
# add support for apache mpm_itk
<IfModule mpm_itk_module>
AssignUserId web1107 client2
</IfModule>
<IfModule mod_dav_fs.c>
# Do not execute PHP files in webdav directory
<Directory /var/www/clients/client2/web1107/webdav>
<ifModule mod_security2.c>
SecRuleRemoveById 960015
SecRuleRemoveById 960032
</ifModule>
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
</Directory>
DavLockDB /var/www/clients/client2/web1107/tmp/DavLock
# DO NOT REMOVE THE COMMENTS!
# IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
# WEBDAV BEGIN
# WEBDAV END
</IfModule>
SSLCertificateFile /etc/letsencrypt/live/website1.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/website1.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule> |
3) for https://www.httpwebsite1.com i have another virtual host config file
| Code: | <IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/clients/client2/web1107/web
ServerName www.httpwebsite1.com
ServerAdmin webmaster@httpwebsite1.com
ErrorLog /var/log/ispconfig/httpd/website1/error.log
<IfModule mod_ssl.c>
</IfModule>
<Directory /var/www/website1/web>
# Clear PHP settings of this website
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler None
</FilesMatch>
Options +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<Directory /var/www/clients/client2/web1107/web>
# Clear PHP settings of this website
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler None
</FilesMatch>
Options +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
# suexec enabled
<IfModule mod_suexec.c>
SuexecUserGroup web1107 client2
</IfModule>
<IfModule mod_fastcgi.c>
<Directory /var/www/clients/client2/web1107/cgi-bin>
Require all granted
</Directory>
<Directory /var/www/website1/web>
<FilesMatch "\.php[345]?$">
SetHandler php-fcgi
</FilesMatch>
</Directory>
<Directory /var/www/clients/client2/web1107/web>
<FilesMatch "\.php[345]?$">
SetHandler php-fcgi
</FilesMatch>
</Directory>
Action php-fcgi /php-fcgi virtual
Alias /php-fcgi /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1
FastCgiExternalServer /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 -idle-timeout 300 -socket /var/lib/php7.0-fpm/web1107.sock -pass-header Authorization -pass-header Content-Type
</IfModule>
<IfModule mod_proxy_fcgi.c>
#ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.0-fpm/web1107.sock|fcgi://localhost//var/www/clients/client2/web1107/web/$1
<Directory /var/www/clients/client2/web1107/web>
<FilesMatch "\.php[345]?$">
SetHandler "proxy:unix:/var/lib/php7.0-fpm/web1107.sock|fcgi://localhost"
</FilesMatch>
</Directory>
</IfModule>
# add support for apache mpm_itk
<IfModule mpm_itk_module>
AssignUserId web1107 client2
</IfModule>
<IfModule mod_dav_fs.c>
# Do not execute PHP files in webdav directory
<Directory /var/www/clients/client2/web1107/webdav>
<ifModule mod_security2.c>
SecRuleRemoveById 960015
SecRuleRemoveById 960032
</ifModule>
<FilesMatch "\.ph(p3?|tml)$">
SetHandler None
</FilesMatch>
</Directory>
DavLockDB /var/www/clients/client2/web1107/tmp/DavLock
# DO NOT REMOVE THE COMMENTS!
# IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
# WEBDAV BEGIN
# WEBDAV END
</IfModule>
SSLCertificateFile /etc/letsencrypt/live/www.httpwebsite1.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.httpwebsite1.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule> |
I user call http://website1.example.com apache serve web application on virtualhost1 and web application redirect to https://website1.example.com, than served by Virtualhost2
It's same with http://www.httpwebsite1.com served by virtualhost1: the web application redirect to https://www.httpwebsite1.com, thank served by VirtuaHost3
If i call http://www.httpwebsite2[2-1000].com, served by Virtulhost1 it's ok, but if i call https://www.httpwebsite[2-1000].com there is the issue. Apache serve user call by VirtualHost3 giving the VirtulHost3 ssl Certificate.
I'ts possible stop this Apache behavior?
Thanks[/code] |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7442
Location: EU, Germany, Next to Hamburg
|
| Posted: Fri 03 Apr '20 8:22 Post subject: |
|
|
Apache sends the SSL certificate for the vhost where ServerName matches the clients requested domain. If it doesn't match it uses the default vhost.
So you may create a ssl vhost without ServerName and start it with
| Code: |
<VirtualHost _default_:443>
|
Doing so, you will find any missing or mismatching vhosts. |
|
| Back to top |
|
|
|
|
|
|
