1

I have a web site deployed that uses kohana and URL rewriting to make the URLs more restful. This works fine.

I also have Moodle installed in a sub directory on the same server and a subdomain defined for this directory. So Moodle is installed in a directory called students and the subdomain is students.example.com. This too works fine.

I am now attempting to install an SSL certificate that I only need on the sub domain. I have a Comodo wildcard certificate so it is supposed to be able to work with the subdomains. When I use https://example.com it works fine so I can see that the SSL certificate is in force. However, when I try https://students.example.com it redirects to the main site. http://students.example.com works fine though.

The .htaccess file that works for the kohana rewrite rules is:

# Use PHP5.4 Single php.ini as default
AddHandler application/x-httpd-php54s .php
# Turn on URL rewriting
RewriteEngine On

# Installation directory
RewriteBase /

# Protect hidden files from being viewed
<Files .*>
   Order Deny,Allow
   Deny From All
</Files>

# Protect application and system files from being viewed
RewriteRule ^(?:application|modules|system)\b index.php/$0 [L]

# Allow any files or directories that exist to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

# Rewrite all other URLs to index.php/URL
RewriteRule .* index.php/$0 [PT]
Options -Indexes

According to the docs I will need the following rules to be added for the subdomain:

#.htaccess WildCard SSL 
RewriteCond %{HTTP_HOST} ^students.example.com$ 
RewriteCond %{REQUEST_URI} !^/students/ 
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)$ /students/$1 
RewriteCond %{HTTP_HOST} ^students.example.com$ 
RewriteRule ^(/)?$ students/index.php [L]

I tried adding this as the first rule and as the second rule but neither worked. I now understand that I will have to write a new set of rules to do what I want.

Any advice on how to accomplish this would be greatly appreciated. This site is hosted with Bluehost if that makes any difference.

Vincent Ramdhanie
  • 36
  • 6
  • What do you mean by "However, when I try https://students.example.com it redirects to the main site." Do you have an SSL VirtualHost for students.example.com? – aairey Oct 31 '14 at 15:16
  • I mean that it actually goes to https://example.com when you try to load https://students.example.com. However, the http version loads fine. Not sure about the SSL VirtualHost though? – Vincent Ramdhanie Oct 31 '14 at 17:03
  • you probably have a somewhere. copy that and change it to and put everything you would do different for this VirtualHost in there. – aairey Nov 02 '14 at 12:34

3 Answers3

0

I suspect you may have another issue. An HTTP request looks something like:

GET /foo.php HTTP/1.1
Host: monkedung.example.com
Keep-Alive: timeout=15
Connection: Keep-Alive

etc. When you encrypt it with SSL, everything after the GET line is encrypted, so Apache has no way of even knowing what host you are asking for. Without knowing the host, it has no way of knowing which certificate to use to decrypt the request. It also has no idea which directory to redirect to, which .htaccess file to use or anything else determined by the host. For this reason, AFAIK you can only use a single ssl host per IP address.

I would try setting

students.example.com

as the default apache domain and example.com if that is the only one that you want to use ssl for. I would also turn on debugging for your rewrite rules so you can see if they are actually firing. If the issue is the ssl issue mentioned above, I suspect you are not even getting that far.

Hope this helps.

jpgeek
  • 271
  • 1
  • 3
0

It looks like you are trying to host example.com and students.example.com on the same IP address. This is fine if you are use regular HTTP, but if you are using HTTPS (Port 443), then you need to serve this up on a different IP address. 

<VirtualHost *:80>
    DocumentRoot /var/www/example.com
    ServerName example.com
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot /var/www/students.example.com
    ServerName students.example.com
</VirtualHost>

<VirtualHost 192.168.1.10:443>
    DocumentRoot /var/www/example.com
    ServerName example.com
    SSLEngine on
    SSLCertificateFile /path/to/example.com.cert
    SSLCertificateKeyFile /path/to/example.com.key
</VirtualHost>


<VirtualHost 192.168.1.11:443>
    DocumentRoot /var/www/students.example.com
    ServerName students.example.com
    SSLEngine on
    SSLCertificateFile /path/to/example.com.cert
    SSLCertificateKeyFile /path/to/example.com.key
</VirtualHost>
Kevin Hayashi
  • 156
  • 3
  • 2
    No you don't, all modern browsers support SNI. – aairey Nov 02 '14 at 12:32
  • Right.. SNI should work to redirect traffic to the virtual host by hostname without the need for another static IP address. Check the apache2.conf or ports.conf config file for the entry `NameVirtualHost *:443` to ensure that you are resolving name-based hosts on port 443 – Kevin Hayashi Nov 04 '14 at 18:35
0

Have you reviewed your config.php in moodle after the SSL switch?

Note that your $CFG->wwwroot now has changed. It should be https://students.example.com

infrcl
  • 101
  • 1