Apache Virtual Host by name

Question

Is it possible to replace "*" with a domain name or subdomain?

<VirtualHost *:443>

update

The problem is that I get this error on booting up apache:

[Mon Aug 16 13:42:48 2010] [warn] _default_ VirtualHost overlap on port 443, the first has precedence

I have a virtualHost on :443 for a subdomain and one for a primary domain. When I remove the subdomain I no longer get that error.

as a side note, if this configuration can be more efficient, please let me know how

domain.com config

<VirtualHost *:80>
 ServerAdmin webmaster@domain.com
 ServerName  www.domain.com
 ServerAlias domain.com
 ServerAlias xx.xxx.xxx.xx

 # Directory Root.
 DocumentRoot /sites/domain.com/www/

 # Logfiles
 ErrorLog  /sites/domain.com/logs/error.log
 CustomLog /sites/domain.com/logs/access.log combined
</VirtualHost>

<VirtualHost *:443>
 ServerName  www.domain.com

 # Directory Root.
 DocumentRoot /sites/domain.com/www/

 # Enable SSL
 SSLEngine On
 SSLCertificateFile  /sites/domain.com/ssl/star_domain_com.crt
 SSLCertificateKeyFile /sites/domain.com/ssl/ikeyless.key
 SSLCertificateChainFile /sites/domain.com/ssl/DigiCertCA.crt
 SetEnvIf User-Agent ..*MSIE.*. nokeepalive ssl-unclean-shutdown
</VirtualHost>

support.domain.com config

<VirtualHost *:80>
 ServerName support.domain.com

 # Directory Root.
 DocumentRoot /sites/support.domain.com/www/

 # Logfiles
 ErrorLog  /sites/support.domain.com/logs/error.log
 CustomLog /sites/support.domain.com/logs/access.log combined
</VirtualHost>

<VirtualHost *:443>
 ServerName support.domain.com

 # Directory Root.
 DocumentRoot /sites/support.domain.com/www/

 # Logfiles
 ErrorLog  /sites/support.domain.com/logs/error.log
 CustomLog /sites/support.domain.com/logs/access.log combined

 # Enable SSL
 SSLEngine On
 SSLCertificateFile  /sites/domain.com/ssl/star_domain_com.crt
 SSLCertificateKeyFile /sites/domain.com/ssl/domain.key
 SSLCertificateChainFile /sites/domain.com/ssl/DigiCertCA.crt
 SetEnvIf User-Agent ..*MSIE.*. nokeepalive ssl-unclean-shutdown
</VirtualHost>

When I try to access support.domain.com it points to domain.com and won't load our support site when in https, it works fine in http.

The general answer is yes, but there are some sub-cases. Which type of vhosting are you trying to do? IP, port, name, or mass name-based vhosting? — Marcin, Aug 16 '10 at 18:28
Did my answer resolve the issue? If so, please mark is as the answer, or let me know what still doesn't work. — Mike Fiedler, Sep 02 '10 at 17:27

Mike Fiedler · Answer 1 · 2010-08-16T18:35:19.330

5

Yes, this is a very powerful part of apache's configuration.

For example, suppose that you are serving the domain www.domain.tld and you wish to add the virtual host www.otherdomain.tld, which points at the same IP address. Then you simply add the following to httpd.conf:

NameVirtualHost *:80

<VirtualHost *:80>
    ServerName www.domain.tld
    ServerAlias domain.tld *.domain.tld
    DocumentRoot /www/domain
</VirtualHost>

<VirtualHost *:80>
    ServerName www.otherdomain.tld
    DocumentRoot /www/otherdomain
</VirtualHost>

See full documentation here: http://httpd.apache.org/docs/2.2/vhosts/

The final answer: Add the NameVirtualHost *:443 directive to your default config.

edited Aug 16 '10 at 18:35

answered Aug 16 '10 at 17:45

Mike Fiedler

2,152
1
17
33

The problem I'm having is that I'm defining a subdomain and primary domain to *:443 but the subdomain continues to forward to the primary domain on that port. – Ben Aug 16 '10 at 17:53
Can you post a copy of your conf file to the case? Replace any sensitive information, and explain the desired behavior. – Mike Fiedler Aug 16 '10 at 18:02
It looks like you're missing the overall "NameVirtualHost" directive as well. See here: http://httpd.apache.org/docs/2.2/mod/core.html#namevirtualhost – Mike Fiedler Aug 16 '10 at 18:28
I'm trying to find it, there's about 20 config files here for various domains and subdomains..... https works on our primary domain though, so wouldn't that mean that it's defined somewhere? – Ben Aug 16 '10 at 19:35
That is works is the _default_ kicking in, and it's not defined. Run a grep on all files for it, and if it's not there, simply add it to the default config. – Mike Fiedler Aug 18 '10 at 13:03
1

Why does nobody upvote the question? Please do! – ripper234 Dec 27 '11 at 12:53

score 2 · Answer 2 · answered Aug 16 '10 at 17:46

2

You can specify a specific IP in place with the asterisk, as long as the IP is specified with NameVirtualHost. The name is specified in ServerName and ServerAlias.

The asterisk is matching all IP addresses that Apache binds to in the VirtualHost.

answered Aug 16 '10 at 17:46

Warner

23,440
2
57
69

(+1) Right on... straight to the point. The asterisk refers to the IP apache should listen on for that vhost. You can listen on all IPs apache is bound to (*) or a specific one. – Khai Aug 18 '10 at 12:56

Andrejs Cainikovs · Answer 3 · 2010-08-17T08:09:30.403

0

Not for SSL:

You cannot use name based virtual hosts with SSL because the SSL handshake (when the browser accepts the secure Web server's certificate) occurs before the HTTP request, which identifies the appropriate name based virtual host. If you plan to use name-based virtual hosts, remember that they only work with your non-secure Web server.

Update:

Apparently latest web servers supports this.. Check the link provided by Warner.

edited Aug 17 '10 at 08:09

answered Aug 16 '10 at 18:01

Andrejs Cainikovs

1,611
1
14
20

This is no longer the case. See: http://serverfault.com/questions/126072/ssl-certificate-selection-based-on-host-header-is-it-possible/126075#126075 – Warner Aug 16 '10 at 18:03
@Warner: It was for some time, and even with Apache, you need 2.2.12 or newer to support it. – Powerlord Aug 16 '10 at 20:23

score 0 · Answer 4 · answered Aug 16 '10 at 19:16

Have you done anything with default virtual host it makes?

If you don't do any customization apache will make a separate config file for some SSL stuff in conf.d/ssl.conf, and in there it declares a virtual host named _default_:443.

If I add a vhost as *:443 in my main config it gives the same error, and if I remove the _default_:443 vhost in the conf.d/ssl.conf it doesn't.

score 0 · Accepted Answer · answered Sep 02 '10 at 18:12

0

We resolved this issue by putting all of our SSL on a specific IP address and then all other sites on a secondary IP. When we did this, everything worked.

answered Sep 02 '10 at 18:12

Ben

3,630
17
62
93

Apache Virtual Host by name

5 Answers5