Topic: Virtual Hosts and SSL problem

[pips]

I want to setup our apache server to host both normal (port80) websites and SSL (port443) websites.
I have setup the directory structure as follows:-

d:\apache2\htdocs\80 - for port 80 websites
d:\apache2\htdocs\443 - for port 443 SSL websites

I have also included in the HTTPD.CONF the following configuration:-

NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.domain1.co.uk
DocumentRoot "d:/Apache2/htdocs/80/domain1"
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain2.co.uk
DocumentRoot "d:/Apache2/htdocs/80/domain2"
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain3.co.uk
DocumentRoot "d:/Apache2/htdocs/80/domain3"
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain3.com
DocumentRoot "d:/Apache2/htdocs/80/domain3"
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain4.co.uk
DocumentRoot "d:/Apache2/htdocs/80/domain4"
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain5.co.uk
DocumentRoot "d:/Apache2/htdocs/80/domain5"
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain6.co.uk
DocumentRoot "d:/Apache2/htdocs/80/domain6"
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain7.co.uk
DocumentRoot "d:/Apache2/htdocs/80/domain7"
</VirtualHost>

<VirtualHost *:80>
ServerName www.domain8.co.uk
DocumentRoot "d:/Apache2/htdocs/80/domain8"
</VirtualHost>

NameVirtualHost *:443
<VirtualHost *:443>
ServerName www.domain9.co.uk
DocumentRoot "d:/Apache2/htdocs/443"
SSLEngine On
SSLCertificateFile conf/ssl/domain9.crt
SSLCertificateKeyFile conf/ssl/domain9.key
</VirtualHost>


Everything works well if I type in https://domain9.co.uk and it asks me to accept the certificate, then gives me the login screen to the secure area.
Also if I type in http://www.domain1.co.uk or http://www.domain2.co.uk etc. I get the appropriate website displayed.

The problem is that if I type https://www.domain1.co.uk or any of the domains 1 to 8, it will serve up the domain9 website. I only want SSL for domain 9 not for the others.

I have searched google for answers and tried various ways of trying to stop this, but nothing I seem to do stops the problem.

Anyone got any ideas please?

Thanks in advance,
Phil.

[tdonovan]

Unfortunately, you probably cannot do what you want to do with name-based virtual servers and a single IP address.

Per the Apache docs for Name-based Virtual Host Support:

"Name-based virtual hosting cannot be used with SSL secure servers because of the nature of the SSL protocol."

An SSL connection is established before the name of the server (e.g. 'www.domain1.co.uk', 'www.domain2.co.uk', etc.) gets sent to Apache.
This prevents Apache from making any SSL-related decisions based on the host name.

Since you only want one server to use SSL, you can make the situation a little better using mod_rewrite.

Enable:

LoadModule rewrite_module modules/mod_rewrite.so

in your httpd.conf, and put this inside your <VirtualHost *:443> section:

[pips]

Tom, you're a star, thanks!!

I'm not too worried about the security warning about the certificate not matching etc. It was just worrying me a bit that if someone typed https instead of http they were presented with the logon screen for our company database!

Your solution is fantastic.

Thanks again,
Phil.