-2

I've searched a lot, i also tried lots of thing but still cannot find the problem.

I have an apache 2.2.22 server installed on an ubuntu server 12.04 lts. I have a number of http virtual hosts and 2 https vhosts. Everything works fine, but the strange thing is that if i give on my browser one of my http sites, with https instead, it redirects me to the actual https site. This is very awkward an i really don't know what is causing it.

Has anyone faced that too? and can you help with this? Thanks in advance

siotokan
  • 1
  • 1
  • It is not the same. My https works fine. but when i request an http site with https it redirects me to an https site (which is different) – siotokan Feb 02 '16 at 08:46
  • You are misunderstanding the entire concept. There is no redirect going on; there's just apache handling virtualhosts the way it's supposed to. – Jenny D Feb 02 '16 at 08:58
  • Sorry for my expression, that is what i ment. – siotokan Feb 02 '16 at 09:12

2 Answers2

0

HTTP and HTTPS are different protocols on different ports. If you hit HTTPS apache will only "see" the https vhosts. If you hit HTTP Apache will only "see" the http vhosts. If you wish to rewrite one to the other then you need to do so explicitly.

Catherine MacInnes
  • 1,958
  • 11
  • 15
0

It's not clear what you are asking, but there's two potential problems:

1) Apache will attempt to find the best vhost to match to and default to the first vhost that matches the IP address and port if nothing else matches, which sometimes causes unexpected results to those who don't understand this.

So if you have the following:

NameVirtualHost *:80

<VirtualHost *:80>
    ServerName www.example1.com
    DocumentRoot /www/example1/htdocs
</VirtualHost>

<VirtualHost *:80>
    ServerName www.example2.com
    DocumentRoot /www/example2/htdocs
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example1.com
    DocumentRoot /www/example1/htdocs
</VirtualHost>

You might be surprised what happens when you try to go to https://www.example2.com. You might think it would either error out, or serve the example2 site over https but actually what Apache does is look for a match on port 443 and, when it fails to find an exact match it defaults to the first match and so serves up the same as https://www.example1.com.

2) Alternatively if you mean you have this config:

NameVirtualHost *:80

<VirtualHost *:80>
    ServerName www.example1.com
    DocumentRoot /www/example1/htdocs
</VirtualHost>

<VirtualHost *:80>
    ServerName www.example2.com
    DocumentRoot /www/example2/htdocs
</VirtualHost>

NameVirtualHost *:443

<VirtualHost *:443>
    ServerName www.example1.com
    SSLCertificateFile /ssl/cert1.crt
    DocumentRoot /www/example1/htdocs
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example2.com
    SSLCertificateFile /ssl/cert2.crt
    DocumentRoot /www/example2/htdocs
</VirtualHost>

Then in this case you would hope that https://www.example2.com would work.

The problem is that normally https requests are initially made to the IP address, without passing the servername so Apache doesn't know which one you want, so again it assumes the first and passes back cert1.crt to set up the session, which may be incorrect. After the https session is set up, it gets the ServerName and can correctly route the request.

An update to https called SNI (Server Name Indication) allows the ServerName to be passed with the initial request so the correct cert will be used, but this depends on you're server using OpenSSL 0.9.8f or higher and which browser you are using (notably not IE on Windows XP which doesn't support this). There are work arounds if this is an issue (use same cert for both assuming it covers both domains, or use different IP addresses for each domain).

Barry Pollard
  • 4,461
  • 14
  • 26
  • Thanks for your answer. My config is actually the case 1 you described. and when i ask browse https://www.example2.com it sends me to https://www.example1.com. I will check the OpenSSL and try to update. The solution i initially thought was to have one apache web server for https sites and one for http. But i will leave this as last option. – siotokan Feb 02 '16 at 08:34
  • Well that is working as expected then. The only way to prevent this is to set up example2.com on 443 (perhaps with s redirect back to http - though if setting it up why not go with https!). This will require a https cert which us valid for example2.com. Other alternative is to have no https for any site. – Barry Pollard Feb 02 '16 at 08:36
  • Possibly, i will end up with this solution. One web server for the https and another for http. Thanks again for the help – siotokan Feb 02 '16 at 08:44
  • Or a different IP address on same web server. As then it won't match so won't serve the incorrect site. – Barry Pollard Feb 02 '16 at 08:46