httpd-vhosts.conf SSL Configuration

Question

Where's the right place to put my vhost config for SSL

/opt/lamp/etc/extra/httpd-vhosts.conf or in httpd.conf ?

Currently, my configuration for SSL is located in httpd-vhosts.conf

<VirtualHost *:1223>
DocumentRoot "/opt/lampp/htdocs/api_tk_b/public"
DirectoryIndex index.php
ServerName api-b.mydomain.com
ServerAlias api-b.mydomain.com
ServerAdmin *.mydomain.com
#SSLEngine on
#SSLCertificateFile "/opt/lampp/htdocs/crt/gd.crt"
#SSLCertificateKeyFile "/opt/lampp/htdocs/crt/mydomain.key"
#SSLCACertificateFile "/opt/lampp/htdocs/crt/gd-bundle.crt"
<Directory "/opt/lampp/htdocs/api_tk_b/public">
    Options All
    AllowOverride All
    Require all granted
</Directory>
ErrorLog "logs/api_b-error_log"
CustomLog "logs/api_b-access_log" common
</VirtualHost>

But it's not working, I don't think the error is in my crt , key and bundle maybe there's something I need to do first before doing this?

I'm using GoDaddy as of now

My Update

This is my update as of now.

First, Why *:1223 because I have multiple projects I have in the server and uses sub-domain but these projects are not using ssl that's why I tried to use 1223 to make it work too.

api-b.mydomain.com

is now working if I comment the SSL configuration

and When I comment out the SSL configuration

the apache fail to restart.

It keeps running but, when I try to access on web

using this link: https://api-b.mydomain.com the web says

This site can’t be reached api-b.mydomain.com refused to connect.

Note:

My key folder is exists and my key files are not empty.

This configuration code is working in Windows but not in linux is there any configuration do I need to do?

Also

If I access the error.log, it's not empty but there's no connected issue occured in the log related to my api and the api-b-error.log is empty too

/opt/lampp/etc/extra/httpd-vhosts.conf api-a.mydomain.com

Do you have ssh access? can you run httpd -t (or similar for your distro) ? What exactly are the symptoms of it *not working* - does apache not start? blank web page? 404? (As Gerald Mentions in his answer - it should be a :443 vhost - what errors do you get then when accessing http**s**://api-b.mydomain.com) — Smock, Aug 05 '19 at 12:31
If you don't use the standard port for https (443) you need to provide it when you connect to it: `https://api-b.mydomain.com:1223`. — Gerald Schneider, Aug 06 '19 at 06:12

score 1 · Answer 1 · answered Aug 05 '19 at 07:43

1

This VirtualHost is listening on Port 80 only. You need to change it to 443:

<VirtualHost *:443>

Don't forget the Listen 443 directive which is most probably somewhere else in the Apache config.

To be clear: You need two VirtualHost directives. One for Port 80 and one for port 443. The 443 must be the only one containing the SSL directives. The rest can be identical (or 80 can contain only a redirect to 443).

answered Aug 05 '19 at 07:43

Gerald Schneider

19,757
8
52
79

1

Hello @Gerald Schneider , meaning I need to declare virtual host for 443 and 80 – Richard Guevara Aug 05 '19 at 07:46
AH00112: Warning: DocumentRoot [/opt/lampp/htdocs/Timekeeping_System/public] does not exist AH00526: Syntax error on line 296 of /opt/lampp/etc/extra/httpd-vhosts.conf: Cannot define multiple Listeners on the same IP:port I have multiple projects in 1 server with using vhost port 1223 but different ServerName without putting `listen *port` and it works fine but when I try to place vhost 443 it's not working – Richard Guevara Aug 05 '19 at 07:50
You only need one `Listen 443` directive. If you alrady had one it's fine. I only mentioned it so you won't forget it if it wasn't there yet. – Gerald Schneider Aug 05 '19 at 07:52
the `api-a.mydomain.com/api/login` works fine without the config for SSL. Hmm is there anything wrong with my SSL Configuration above – Richard Guevara Aug 05 '19 at 08:09
Apart from being in the wrong virtualhost I don't see anything wrong. It would be helpful if your would update your question with the config you currently have. The error logs might shed some light as well. Currently it's just blind guessing. – Gerald Schneider Aug 05 '19 at 08:12
I updated my post sir – Richard Guevara Aug 06 '19 at 03:07
RE: __"Syntax error on line 296 of /opt/lampp/etc/extra/httpd-vhosts.conf: Cannot define multiple Listeners on the same IP:port"__ --- Apparently, you have multiple/duplicate `listen` statements in both `/etc/apache2/ports.conf` (or comparable apache ports file) and that file? Perhaps `grep -Ri "listen" /opt/lampp/etc/` output would be helpful? Do you have an `/etc/apache2` directory? – B. Shea Aug 06 '19 at 03:52
Yes I have, etc/apache2 this directory contains these `apache2.conf conf-available conf-enabled envvars magic mods-available mods-enabled ports.conf sites-available sites-enabled. I'm okay with my sub domain name and it's working fine. But the problem is the ssl configuration above. Key folder and files are not empty and also exists. – Richard Guevara Aug 06 '19 at 03:57
As far as SSL - other than being commented out it looks okay. -> Make sure the permissions are correct on the private key folder and private key(s) (`sudo chmod -R 600`) ... I notice you are keeping private key in same area as public. Bad move. As for the :443 multi-listen issue, maybe check this out: https://serverfault.com/questions/932727/apache-2-4-updated-now-throws-cannot-define-multiple-listeners-on-the-same-ip – B. Shea Aug 06 '19 at 04:02
Also maybe read through this (geared for Ubuntu default Apache2 install (not xampp), though) https://serverfault.com/questions/259302/best-location-for-ssl-certificate-and-private-keys-on-ubuntu/638634#638634 -- it may help you understand the permissions you need on private keys and apache. – B. Shea Aug 06 '19 at 04:07

httpd-vhosts.conf SSL Configuration

1 Answers1