Can't set up domain and subdomain locally using SSL

Question

I have the following configuration for my local Apache server:

<VirtualHost mysite.local:443>
    ServerName mysite.local
    SSLEngine on
    SSLCertificateFile "/Users/graziano/Projects/mysite/ssl/mysite.local.pem"
    SSLCertificateKeyFile "/Users/graziano/Projects/mysite/ssl/mysite.local-key.pem"
    SSLProxyEngine On   
    ProxyPass / http://localhost:3000/
    ProxyPassReverse / http://localhost:3000/
</VirtualHost>

<VirtualHost access.mysite.local:443>
    ServerName access.mysite.local
    DocumentRoot "/Users/graziano/Projects/mysite/mysite-backend"
    SSLEngine on
    SSLCertificateFile "/Users/graziano/Projects/mysite/ssl/access.mysite.local.pem"
    SSLCertificateKeyFile "/Users/graziano/Projects/mysite/ssl/access.mysite.local-key.pem"         
</VirtualHost>

Here's my hosts:

127.0.0.1 localhost
127.0.0.1 mysite.local
127.0.0.1 access.mysite.local

I've generated the certificate files using this fantastic tool.

When I visit https://mysite.local, I'm correctly redirected to localhost:3000 (which serves a Next.js app), but if I hit https://access.mysite.local (which is a Wordpress installation) Google Chrome complains that the connection is not secure:

NET::ERR_CERT_COMMON_NAME_INVALID

If I invert the two VirtualHost directives, i.e. move the bottom one to the top and viceversa, then https://access.mysite.local works but then https://mysite.local doesn't and gives the same above error.

I need to make this work to test authentication cookies shared between the Next.js app and the Wordpress installation.

score 0 · Answer 1 · answered Apr 30 '19 at 18:51

If you want a simple redirection, you may be better off doing it the following way and skip the mod_proxy request:
Redirect 301 / https://localhost:3000/

Otherwise this line isn't required:
ProxyPassReverse / http://localhost:3000/

On your remote server (localhost:3000), you probably want to add the following line to your vhost configuration:
SetEnvIf X-Forwarded-Proto https HTTPS=on

On your proxy, you may want to add the following lines:
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"

I would also suggest to read this post:
How can I test if my apache server is an open proxy?

Regarding your vhost configuration:
I would replace mysite.local & access.mysite.local with either * or an IP adress (i.e. 127.0.0.1) on the first line making iit:

<VirtualHost *:443>

Then reload you Apache...

Thanks but 1) I don't want a simple redirection, I really need to use 'https://fotoroom.local' because I'm trying to test if a cookie I've set on the subdomain for '.fotoroom.local' works for the parent domain; 2) I can't configure the remote server because it's served by Now v2, which uses a serverless architecture, so I actually don't have a server. — grazdev, Apr 30 '19 at 19:25

Can't set up domain and subdomain locally using SSL

1 Answers1