Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
Topic: Subdomain and certificate conf |
|
Author |
|
Mox
Joined: 14 Sep 2021 Posts: 8
|
Posted: Wed 29 Jun '22 10:26 Post subject: Subdomain and certificate conf |
|
|
My site example.com has an SSL certificate for example.com and www.example.com and 000-default.conf file is set like this:
Code: |
<VirtualHost *:80>
ServerAdmin admin@example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com
Redirect / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin admin@example.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example.com
SSLEngine on
SSLCertificateKeyFile /SSL/MyServer.key
SSLCertificateFile /SSL/www_example_com.crt
SSLCertificateChainFile /SSL/My_CA_Bundle.ca-bundle
</VirtualHost>
|
That is working fine, but I have a problem with subdomain sub.example.com
When you enter in browser https://sub.example.com you get warning about invalid certificate.
I want to ban access to https://sub.example.com and only allow http://sub.example.com
How to do that?
Current sub.example.com.conf file looks like this:
Code: |
<VirtualHost *:80>
ServerAdmin admin@example.com
ServerName sub.example.com
ServerAlias sub.example.com
DocumentRoot /var/www/sub.example.com
</VirtualHost>
|
|
|
Back to top |
|
tangent Moderator
Joined: 16 Aug 2020 Posts: 346 Location: UK
|
Posted: Sat 02 Jul '22 15:20 Post subject: Re: Subdomain and certificate conf |
|
|
You can't control what URL users put in their browser, and browsers now default to https over http, so as described believe your site is going to get hit with requests for https://sub.example.com.
So the obvious question is why not set up a further secure virtual host for https://sub.example.com (using a SAN entry for the subdomain in your site certificate).
If you really have to serve non-secure content via http://sub.example.com, then you could always redirect from the secure virtual host to the non-secure one, unintuitive as that seems. |
|
Back to top |
|
James Blond Moderator
Joined: 19 Jan 2006 Posts: 7360 Location: Germany, Next to Hamburg
|
Posted: Sun 03 Jul '22 15:54 Post subject: |
|
|
Side note: Please mind not to use Strict-Transport-Security otherwise you will no be able to go back to http:// protocol |
|
Back to top |
|
|
|
|
|
|