SSL for secure.DOMAIN.com on port 443 and 2443, is it possible?

Question

So I have a sub-domain that is secured using a godaddy ssl. what I would like to do is have the standard 443 port secured as well as port 2443 so when going to https://secure.domain.com its secured as it should be and then when going to https://secure.domain.com:2443 it is also secured. The 443 is the standard site and 2443 is for the control panel.

I have added the ssl entry's to the vhosts listening under 2443 and this did not get the results I was looking for. im new at this and google has not been very helpful.

this is on a lamp system. centos 6.4 apache2 Can this be done?

heres the vhosts config:

            <VirtualHost IP:80>

              SuexecUserGroup PATH PATH

              DocumentRoot /home/PATH/DOMAIN.COM/html
              ServerName DOMAIN.COM

              ServerAlias www.DOMAIN.COM ftp.DOMAIN.COM mail.DOMAIN.COM secure.DOMAIN.COM scripts.DOMAIN.COM
              ServerAlias help.DOMAIN.COM
              ServerAdmin webmaster@DOMAIN.COM

              # subdomain logic
              RewriteEngine On
              RewriteOptions inherit
              RewriteCond %{HTTP_HOST} !^www\.tandgweb\.com [NC]
              RewriteCond %{HTTP_HOST} !^PATH\.com [NC]
              RewriteCond %{HTTP_HOST} ^([A-Z0-9a-z-.]+)\.PATH\.com [NC]
              RewriteCond %{DOCUMENT_ROOT}/%1 -d
              RewriteRule ^(.+) %{HTTP_HOST}/$1 [C]
              RewriteRule ^([0-9A-Za-z-.]+)\.PATH\.com/?(.*)$ %{DOCUMENT_ROOT}/$1/$2 [L]

              RewriteCond %{HTTP_HOST} ^www\.([A-Z0-9a-z-.]+)\.PATH\.com [NC]
              RewriteCond %{DOCUMENT_ROOT}/%1 -d
              RewriteRule ^(.+) %{HTTP_HOST}/$1 [C]
              RewriteRule ^www\.([0-9A-Za-z-.]+)\.PATH\.com/?(.*)$ %{DOCUMENT_ROOT}/$1/$2 [L]
              # end subdomain logic

              ErrorLog /home/PATH/var/PATH.com/logs/error.log
              CustomLog /home/PATH/var/PATH.com/logs/transfer.log combined

              # php: default  don't edit between this and the "end php" comment below
              <IfModule mod_suphp.c>
                suPHP_Engine On
                suPHP_UserGroup PATH PATH
                AddHandler x-httpd-php .php
                suPHP_AddHandler x-httpd-php .php
                suPHP_ConfigPath /home/PATH/etc
              </IfModule>

              <IfModule !mod_suphp.c>
                <IfModule mod_php5.c>
                  php_admin_flag engine On
                </IfModule>
                <IfModule mod_php4.c>
                  php_admin_flag engine On
                </IfModule>
              </IfModule>
              # end php

              # cgi: 1 don't edit between this and the "end cgi" comment below
              <Directory /home/PATH/PATH.com/html>
                AllowOverride  All
              </Directory>

              <Location />
                Options +ExecCGI
              </Location>
              ScriptAlias /cgi-bin/ /home/PATH/PATH.com/html/cgi-bin/
              # end cgi


              <IfModule mod_interworx_settings.c>
                # InterWorx adds this dummy module section to store settings
                # There is no mod_interworx_settings module
                # DO NOT DELETE

                last_update 2014-01-10 00:10:18
                iworx_controlled_ips IP:80
              </IfModule>
            </VirtualHost>
            <VirtualHost IP:443>

              SuexecUserGroup PATH PATH

              DocumentRoot /home/PATH/PATH.com/html
              ServerName PATH.com

              ServerAlias www.PATH.com ftp.PATH.com mail.PATH.com secure.PATH.com scripts.PATH.com
              ServerAlias help.PATH.com
              ServerAdmin webmaster@PATH.com

              # subdomain logic
              RewriteEngine On
              RewriteOptions inherit
              RewriteCond %{HTTP_HOST} !^www\.PATH\.com [NC]
              RewriteCond %{HTTP_HOST} !^PATH\.com [NC]
              RewriteCond %{HTTP_HOST} ^([A-Z0-9a-z-.]+)\.PATH\.com [NC]
              RewriteCond %{DOCUMENT_ROOT}/%1 -d
              RewriteRule ^(.+) %{HTTP_HOST}/$1 [C]
              RewriteRule ^([0-9A-Za-z-.]+)\.PATH\.com/?(.*)$ %{DOCUMENT_ROOT}/$1/$2 [L]

              RewriteCond %{HTTP_HOST} ^www\.([A-Z0-9a-z-.]+)\.PATH\.com [NC]
              RewriteCond %{DOCUMENT_ROOT}/%1 -d
              RewriteRule ^(.+) %{HTTP_HOST}/$1 [C]
              RewriteRule ^www\.([0-9A-Za-z-.]+)\.PATH\.com/?(.*)$ %{DOCUMENT_ROOT}/$1/$2 [L]
              # end subdomain logic

              ErrorLog /home/PATH/var/PATH.com/logs/error.log
              CustomLog /home/PATH/var/PATH.com/logs/transfer.log combined

              # php: default  don't edit between this and the "end php" comment below
              <IfModule mod_suphp.c>
                suPHP_Engine On
                suPHP_UserGroup PATH PATH
                AddHandler x-httpd-php .php
                suPHP_AddHandler x-httpd-php .php
                suPHP_ConfigPath /home/PATH/etc
              </IfModule>

              <IfModule !mod_suphp.c>
                <IfModule mod_php5.c>
                  php_admin_flag engine On
                </IfModule>
                <IfModule mod_php4.c>
                  php_admin_flag engine On
                </IfModule>
              </IfModule>
              # end php

              # cgi: 1 don't edit between this and the "end cgi" comment below
              <Directory /home/PATH/PATH.com/html>
                AllowOverride  All
              </Directory>

              <Location />
                Options +ExecCGI
              </Location>
              ScriptAlias /cgi-bin/ /home/PATH/PATH.com/html/cgi-bin/
              # end cgi


             SSLEngine on
              SSLHonorCipherOrder On
              SSLCipherSuite RC4:HIGH:MEDIUM:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW
              SSLCACertificatePath /home/PATH/var/PATH.com/ssl
              SSLCertificateKeyFile /home/PATH/var/PATH.com/ssl/PATH.com.priv.key
              SSLCertificateFile /home/PATH/var/PATH.com/ssl/PATH.com.crt
              SSLCACertificateFile /home/PATH/var/PATH.com/ssl/PATH.com.chain.crt
              SSLOptions +ExportCertData +StrictRequire
              SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
              <IfModule mod_interworx_settings.c>
                # InterWorx adds this dummy module section to store settings
                # There is no mod_interworx_settings module
                # DO NOT DELETE

                last_update 2014-01-10 00:10:18
                iworx_controlled_ips IP:443
              </IfModule>
            </VirtualHost>

            <VirtualHost IP:2443>
             SSLEngine on
              SSLHonorCipherOrder On
              SSLCipherSuite RC4:HIGaH:MEDIUM:!SSLv2:!ADH:!aNULL:!eNULL:!NULL:!LOW
              SSLCACertificatePath /home/PATH/var/PATH.com/ssl
              SSLCertificateKeyFile /home/PATH/var/PATH.com/ssl/PATH.com.priv.key
              SSLCertificateFile /home/PATH/var/PATH.com/ssl/PATH.com.crt
              SSLCACertificateFile /home/PATH/var/PATH.com/ssl/PATH.com.chain.crt
              SSLOptions +ExportCertData +StrictRequire
              SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
              <strong></strong>

Pls. give configuration data, and exactly what you mean by "did not get the results i was looking for" - what occurred? — ETL, Feb 01 '14 at 19:42
the results I was looking for was when browsing to 2443 i expected for it to be secured with the verified cert from godaddy. not the self signed cert that the control panel installed. the cert works fine on the default 443, just not 2443. What config data are you looking for? what my vhosts have? — Steven Gunn, Feb 01 '14 at 20:01
If it's reading out the self-signed cert then your configuration is wrong, you need the vhost for 2443 to point to the same cert you have on 443. Adding vhost information would definitely help! — c4urself, Feb 01 '14 at 20:09
Exactly as @c4urself pointed out - you don't show your config so nobody can help really. — ETL, Feb 01 '14 at 20:35

score 1 · Accepted Answer · edited Apr 13 '17 at 12:14

1

As noted in this answer, you can have one vhost serve multiple endpoints.

Simply change <VirtualHost IP:443> to <VirtualHost IP:443 IP:2443>
Now you get the same site/vhost on port 443 and 2443

Make sure that the config is set to listen on port 2443:

Listen 2443
NameVirtualHost IP:2443

edited Apr 13 '17 at 12:14

Community

1

answered Feb 01 '14 at 23:43

Mathias R. Jessen

24,907
4
62
95

after making the changes your suggested. restarting apache fails and returns: (98)Address already in use: make_sock: could not bind to address [::]:2443 (98)Address already in use: make_sock: could not bind to address 0.0.0.0:2443 no listening sockets available, shutting down Unable to open logs [FAILED] – Steven Gunn Feb 01 '14 at 23:54
Then you are probably already listening on port 2443. Or another process is. Is this control panel something you've built yourself and are hosting in apache, or...? – Mathias R. Jessen Feb 02 '14 at 00:08
Interworx CP is using 2443, thats what I am trying to secure with my signed cert rather then using the self signed cert. – Steven Gunn Feb 02 '14 at 00:10
This answer was the point in the right direction to help me solve my issue. THANKS! – Steven Gunn Feb 02 '14 at 00:50

SSL for secure.DOMAIN.com on port 443 and 2443, is it possible?

1 Answers1