logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.



Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: http and https overlap in virtual host | apache 2.4.25 deb9
Author
jangar



Joined: 02 Apr 2020
Posts: 1
Location: Italy,Naples

PostPosted: Thu 02 Apr '20 13:24    Post subject: http and https overlap in virtual host | apache 2.4.25 deb9 Reply with quote

Hi,

nice to partecipate to this list
I have a question:


i have many virtual-host on apache for http and https pointing same web application folder

/var/www/website1 --> /var/www/clients/client2/web1107/web

following this schema https://pastebin.com/raw/s6WacZzd

WebApplication has many domain list in db and impersonate that domains.


1) for http://website1.example.com and http://www.httpwebsite[1-1000].com there is this configuration

Code:
<Directory /var/www/website1>
        AllowOverride None
                Require all denied
        </Directory>

<VirtualHost *:80>

                    DocumentRoot /var/www/clients/client2/web1107/web
           
        ServerName website1.example.com
        ServerAlias www.httpwebsite1.com
        ServerAlias www.httpwebsite2.com
        ServerAlias www.httpwebsite3.com
        ServerAlias www.httpwebsite4.com
        ServerAlias www.httpwebsite5.com
        ServerAdmin webmaster@website1.example.com


        ErrorLog /var/log/ispconfig/httpd/website1/error.log


        <IfModule mod_ssl.c>
        </IfModule>

        <Directory /var/www/website1/web>
                # Clear PHP settings of this website
                <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                        SetHandler None
                </FilesMatch>
                Options +FollowSymLinks
                AllowOverride All
                                Require all granted
                        </Directory>
        <Directory /var/www/clients/client2/web1107/web>
                # Clear PHP settings of this website
                <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                        SetHandler None
                </FilesMatch>
                Options +FollowSymLinks
                AllowOverride All
                                Require all granted
                        </Directory>
        # suexec enabled
        <IfModule mod_suexec.c>
            SuexecUserGroup web1107 client2
        </IfModule>
        <IfModule mod_fastcgi.c>
                <Directory /var/www/clients/client2/web1107/cgi-bin>
                                        Require all granted
                                    </Directory>
                <Directory /var/www/website1/web>
                    <FilesMatch "\.php[345]?$">
                        SetHandler php-fcgi
                    </FilesMatch>
                </Directory>
                <Directory /var/www/clients/client2/web1107/web>
                    <FilesMatch "\.php[345]?$">
                        SetHandler php-fcgi
                    </FilesMatch>
                </Directory>
                Action php-fcgi /php-fcgi virtual
                Alias /php-fcgi /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1
                FastCgiExternalServer /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 -idle-timeout 300 -socket /var/lib/php7.0-fpm/web1107.sock -pass-header Authorization  -pass-header Content-Type
        </IfModule>
        <IfModule mod_proxy_fcgi.c>
            #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.0-fpm/web1107.sock|fcgi://localhost//var/www/clients/client2/web1107/web/$1
            <Directory /var/www/clients/client2/web1107/web>
                <FilesMatch "\.php[345]?$">
                        SetHandler "proxy:unix:/var/lib/php7.0-fpm/web1107.sock|fcgi://localhost"
                </FilesMatch>
            </Directory>
            </IfModule>



        # add support for apache mpm_itk
        <IfModule mpm_itk_module>
            AssignUserId web1107 client2
        </IfModule>

        <IfModule mod_dav_fs.c>
        # Do not execute PHP files in webdav directory
            <Directory /var/www/clients/client2/web1107/webdav>
                <ifModule mod_security2.c>
                    SecRuleRemoveById 960015
                    SecRuleRemoveById 960032
                </ifModule>
                <FilesMatch "\.ph(p3?|tml)$">
                    SetHandler None
                </FilesMatch>
            </Directory>
            DavLockDB /var/www/clients/client2/web1107/tmp/DavLock
            # DO NOT REMOVE THE COMMENTS!
            # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
      # WEBDAV BEGIN
            # WEBDAV END
        </IfModule>
</VirtualHost>



2) for https://website1.example.com i have another virtual host config file

Code:
<IfModule mod_ssl.c>
<VirtualHost *:443>

    DocumentRoot /var/www/clients/client2/web1107/web
         
    ServerName website1.example.com
    ServerAdmin webmaster@website1.example.com


    ErrorLog /var/log/ispconfig/httpd/website1/error.log


<IfModule mod_ssl.c>
</IfModule>
<Directory /var/www/website1/web>
    # Clear PHP settings of this website
    <FilesMatch ".+\.ph(p[345]?|t|tml)$">
        SetHandler None
    </FilesMatch>
    Options +FollowSymLinks
                AllowOverride All
                                Require all granted
                        </Directory>
        <Directory /var/www/clients/client2/web1107/web>
                # Clear PHP settings of this website
                <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                        SetHandler None
                </FilesMatch>
                Options +FollowSymLinks
                AllowOverride All
                                Require all granted
                        </Directory>




        # suexec enabled
        <IfModule mod_suexec.c>
            SuexecUserGroup web1107 client2
        </IfModule>
        <IfModule mod_fastcgi.c>
                <Directory /var/www/clients/client2/web1107/cgi-bin>
                                        Require all granted
                                    </Directory>
                <Directory /var/www/website1/web>
                    <FilesMatch "\.php[345]?$">
                        SetHandler php-fcgi
                    </FilesMatch>
                </Directory>
                <Directory /var/www/clients/client2/web1107/web>
                    <FilesMatch "\.php[345]?$">
                        SetHandler php-fcgi
                    </FilesMatch>
                </Directory>
                Action php-fcgi /php-fcgi virtual
                Alias /php-fcgi /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1
                FastCgiExternalServer /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 -idle-timeout 300 -socket /var/lib/php7.0-fpm/web1107.sock -pass-header Authorization  -pass-header Content-Type
        </IfModule>
        <IfModule mod_proxy_fcgi.c>
            #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.0-fpm/web1107.sock|fcgi://localhost//var/www/clients/client2/web1107/web/$1
            <Directory /var/www/clients/client2/web1107/web>
                <FilesMatch "\.php[345]?$">
                        SetHandler "proxy:unix:/var/lib/php7.0-fpm/web1107.sock|fcgi://localhost"
                </FilesMatch>
            </Directory>
            </IfModule>



        # add support for apache mpm_itk
        <IfModule mpm_itk_module>
            AssignUserId web1107 client2
        </IfModule>

        <IfModule mod_dav_fs.c>
        # Do not execute PHP files in webdav directory
            <Directory /var/www/clients/client2/web1107/webdav>
                <ifModule mod_security2.c>
                    SecRuleRemoveById 960015
                    SecRuleRemoveById 960032
                </ifModule>
                <FilesMatch "\.ph(p3?|tml)$">
                    SetHandler None
                </FilesMatch>
            </Directory>
            DavLockDB /var/www/clients/client2/web1107/tmp/DavLock
            # DO NOT REMOVE THE COMMENTS!
            # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
      # WEBDAV BEGIN
            # WEBDAV END
        </IfModule>

SSLCertificateFile /etc/letsencrypt/live/website1.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/website1.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>



3) for https://www.httpwebsite1.com i have another virtual host config file

Code:
<IfModule mod_ssl.c>
<VirtualHost *:443>

                    DocumentRoot /var/www/clients/client2/web1107/web
           
        ServerName www.httpwebsite1.com
        ServerAdmin webmaster@httpwebsite1.com


        ErrorLog /var/log/ispconfig/httpd/website1/error.log


        <IfModule mod_ssl.c>
        </IfModule>

        <Directory /var/www/website1/web>
                # Clear PHP settings of this website
                <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                        SetHandler None
                </FilesMatch>
                Options +FollowSymLinks
                AllowOverride All
                                Require all granted
                        </Directory>
        <Directory /var/www/clients/client2/web1107/web>
                # Clear PHP settings of this website
                <FilesMatch ".+\.ph(p[345]?|t|tml)$">
                        SetHandler None
                </FilesMatch>
                Options +FollowSymLinks
                AllowOverride All
                                Require all granted
                        </Directory>




        # suexec enabled
        <IfModule mod_suexec.c>
            SuexecUserGroup web1107 client2
        </IfModule>
        <IfModule mod_fastcgi.c>
                <Directory /var/www/clients/client2/web1107/cgi-bin>
                                        Require all granted
                                    </Directory>
                <Directory /var/www/website1/web>
                    <FilesMatch "\.php[345]?$">
                        SetHandler php-fcgi
                    </FilesMatch>
                </Directory>
                <Directory /var/www/clients/client2/web1107/web>
                    <FilesMatch "\.php[345]?$">
                        SetHandler php-fcgi
                    </FilesMatch>
                </Directory>
                Action php-fcgi /php-fcgi virtual
                Alias /php-fcgi /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1
                FastCgiExternalServer /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 -idle-timeout 300 -socket /var/lib/php7.0-fpm/web1107.sock -pass-header Authorization  -pass-header Content-Type
        </IfModule>
        <IfModule mod_proxy_fcgi.c>
            #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.0-fpm/web1107.sock|fcgi://localhost//var/www/clients/client2/web1107/web/$1
            <Directory /var/www/clients/client2/web1107/web>
                <FilesMatch "\.php[345]?$">
                        SetHandler "proxy:unix:/var/lib/php7.0-fpm/web1107.sock|fcgi://localhost"
                </FilesMatch>
            </Directory>
            </IfModule>



        # add support for apache mpm_itk
        <IfModule mpm_itk_module>
            AssignUserId web1107 client2
        </IfModule>

        <IfModule mod_dav_fs.c>
        # Do not execute PHP files in webdav directory
            <Directory /var/www/clients/client2/web1107/webdav>
                <ifModule mod_security2.c>
                    SecRuleRemoveById 960015
                    SecRuleRemoveById 960032
                </ifModule>
                <FilesMatch "\.ph(p3?|tml)$">
                    SetHandler None
                </FilesMatch>
            </Directory>
            DavLockDB /var/www/clients/client2/web1107/tmp/DavLock
            # DO NOT REMOVE THE COMMENTS!
            # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
      # WEBDAV BEGIN
            # WEBDAV END
        </IfModule>

SSLCertificateFile /etc/letsencrypt/live/www.httpwebsite1.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.httpwebsite1.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>




I user call http://website1.example.com apache serve web application on virtualhost1 and web application redirect to https://website1.example.com, than served by Virtualhost2
It's same with http://www.httpwebsite1.com served by virtualhost1: the web application redirect to https://www.httpwebsite1.com, thank served by VirtuaHost3
If i call http://www.httpwebsite2[2-1000].com, served by Virtulhost1 it's ok, but if i call https://www.httpwebsite[2-1000].com there is the issue. Apache serve user call by VirtualHost3 giving the VirtulHost3 ssl Certificate.

I'ts possible stop this Apache behavior?


Thanks[/code]
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6742
Location: Germany, Next to Hamburg

PostPosted: Fri 03 Apr '20 8:22    Post subject: Reply with quote

Apache sends the SSL certificate for the vhost where ServerName matches the clients requested domain. If it doesn't match it uses the default vhost.

So you may create a ssl vhost without ServerName and start it with

Code:

<VirtualHost _default_:443>


Doing so, you will find any missing or mismatching vhosts.
Back to top


Reply to topic   Topic: http and https overlap in virtual host | apache 2.4.25 deb9 View previous topic :: View next topic
Post new topic   Forum Index -> Apache