18

In Apache2 on ubuntu I have my site listening on 80, and now I want to add SSL. Is there a way to enable the SSLEngine for port 443 so I do not have to copy the entire VirtualHost block?

When I do this:

Listen 80
Listen 443
NameVirtualHost *
<VirtualHost *>
  SSLEngine On
  ... a bunch more lines...
</VirtualHost>

It is turning on the SSLEngine for port 80. Is there a way to use only the one VirtualHost block, and only turn on the SSLEngine for port 443? So I can do something like this?

Listen 80
Listen 443
NameVirtualHost *
<VirtualHost *>
   <IfPort 443>
      SSLEngine On
   </IfPort>
   ... a bunch of lines I don't want to copy into another VirutalHost block...
</VirtualHost>
dar
  • 499
  • 1
  • 5
  • 11

3 Answers3

14

You can't make one vhost do both HTTP and HTTPS, because they are separate vhosts servicing separate protocols. Instead, you should put all of the common configuration into a separate file, and then include that file in both the SSL and non-SSL vhosts for the domain.

Minimal example:

# /etc/apache2/sites-available/example.com
<VirtualHost *:80>
  Include /etc/apache2/domains/example.com
</VirtualHost>

<VirtualHost 192.0.2.1:443>
  SSLEngine On
  SSLCertificateFile /etc/ssl/example.com_crt
  SSLCertificateKeyFile /etc/ssh/example.com_key

  Include /etc/apache2/domains/example.com
</VirtualHost>

# /etc/apache2/domains/example.com
ServerName example.com
ServerAlias www.example.com

ServerAdmin webmaster@example.com
DocumentRoot /home/example/public_html
ErrorLog /home/example/apache/error.log
womble
  • 95,029
  • 29
  • 173
  • 228
  • Can you give me a short example of what the file should look like? Does it need a VirtualHost wrapper, or should I just move all the lines to it without any wrapper? – dar Nov 11 '09 at 16:31
  • 1
    I've added an example to my answer. – womble Nov 11 '09 at 16:42
2

As I mentioned on a different question on stackoverflow (https://stackoverflow.com/questions/679383/do-i-have-to-duplicate-the-virtualhost-directives-for-port-80-and-443/52375167#52375167):

Another option instead of using Include is using Macro (so you can keep it all in one file).

First enable the macro module:

a2enmod macro

Then put your shared stuff in a macro and use it from your virtualhosts:

<Macro SharedStuff>
   ServerName example.com
   ServerAdmin example@example.com
   <DocumentRoot /var/www/example>
      ...
   </DocumentRoot>
</Macro>

<VirtualHost *:80>
  Use SharedStuff
</VirtualHost>

<VirtualHost *:443>
  Use SharedStuff

  SSLEngine On
  SSLProtocol All -SSLv2 -SSLv3
  ...
</VirtualHost>

Macros can also take parameters, and be defined in other files that are included; so you can use them a bit like Functions, and save a lot of duplication across your Apache config files.

See here for more details:

https://httpd.apache.org/docs/2.4/mod/mod_macro.html

Seb
  • 71
  • 5
0

You can put directory settings in a <Directory> block outside of any <VirtualHost> blocks. That will apply them across all virtual hosts, but only inside the specified path.

DanMan
  • 161
  • 1
  • 4