0

I'm currently trying to make a default vhost for HTTPS to block traffic from unauthorized domains. However, when I define a default 443 vhost, ALL other HTTPS vhosts inherit this as well and prevents normal access. I've been scratching my head for hours about this...

Apache Info:

OS: Ubuntu Server 20.04

Server version: Apache/2.4.41 (Ubuntu)

Server built: 2022-06-14T13:30:55

Here's my default vhosts file:

<VirtualHost _default_:80>

        ServerName default

        Alias /error/ /var/www/redirects/

        ErrorDocument 400 /error/400.html
        ErrorDocument 401 /error/401.html
        ErrorDocument 402 /error/402.html
        ErrorDocument 403 /error/403.html
        ErrorDocument 404 /error/404.html
        ErrorDocument 405 /error/405.html
        ErrorDocument 408 /error/408.html
        ErrorDocument 503 /error/maintenance.html

        <Location />
                Require all denied
        </Location>

</VirtualHost>

<VirtualHost _default_:443>

        ServerName default

        Alias /error/ /var/www/redirects/

        ErrorDocument 400 /error/400.html
        ErrorDocument 401 /error/401.html
        ErrorDocument 402 /error/402.html
        ErrorDocument 403 /error/403.html
        ErrorDocument 404 /error/404.html
        ErrorDocument 405 /error/405.html
        ErrorDocument 408 /error/408.html
        ErrorDocument 503 /error/maintenance.html

        <Location />
                Require all denied
        </Location>

</VirtualHost>

And the rest are within separate config files and enabled using sudo a2ensite mydomain.com.conf

Here is one of those configs:

<IfModule mod_ssl.c>
<VirtualHost *:443>
     ServerName mydomain.com
     ServerAlias mydomain.com

        Alias /error/ /var/www/redirects/

        ErrorDocument 400 /error/400.html
        ErrorDocument 401 /error/401.html
        ErrorDocument 402 /error/402.html
        ErrorDocument 403 /error/403.html
        ErrorDocument 404 /error/404.html
        ErrorDocument 405 /error/405.html
        ErrorDocument 408 /error/408.html
        ErrorDocument 503 /error/maintenance.html

     DocumentRoot /var/www/html/mydomain.com/public

     <Directory /var/www/html/mydomain.com/public>
         Options -Indexes +FollowSymLinks
         AllowOverride All
         Require all granted
     </Directory>

        ErrorLog /var/www/html/mydomain.com/logs/error.log
        CustomLog /var/www/html/mydomain.com/logs/access.log combined

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
</VirtualHost>
</IfModule>

Further information to help: sudo apachectl -S

VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server default (/etc/apache2/sites-enabled/000-default.conf:22)
         port 443 namevhost default (/etc/apache2/sites-enabled/000-default.conf:22)
         port 443 namevhost example.com1 (/etc/apache2/sites-enabled/example.com1-le-ssl.conf:2)
         port 443 namevhost example.com2 (/etc/apache2/sites-enabled/example.com2.conf:18)
         port 443 namevhost example.com3 (/etc/apache2/sites-enabled/example.com3-le-ssl.conf:2)
                 alias example.com3
         port 443 namevhost example.com4 (/etc/apache2/sites-enabled/example.com4-le-ssl.conf:2)
         port 443 namevhost example.com5 (/etc/apache2/sites-enabled/example.com5-le-ssl.conf:2)
         port 443 namevhost example.com6 (/etc/apache2/sites-enabled/example.com6-le-ssl.conf:2)
*:80                   is a NameVirtualHost
         default server default (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost default (/etc/apache2/sites-enabled/000-default.conf:1)
         port 80 namevhost example.com1 (/etc/apache2/sites-enabled/example.com1.conf:1)
         port 80 namevhost example.com2 (/etc/apache2/sites-enabled/example.com2.conf:1)
         port 80 namevhost example.com3 (/etc/apache2/sites-enabled/example.com3.conf:1)
                 alias example.com3
         port 80 namevhost example.com4 (/etc/apache2/sites-enabled/example.com4.conf:1)
         port 80 namevhost example.com5 (/etc/apache2/sites-enabled/example.com5.conf:1)
         port 80 namevhost example.com6 (/etc/apache2/sites-enabled/example.com6.conf:1)

Any help would be much appreciated ...

Skyler Mews
  • 1
  • 2
  • At first glance I'd start with including a (self-signed) SSL Certificate in the default https host VirtualHost stanza - – diya Jan 23 '23 at 10:44

1 Answers1

0

At first glance I'd start with including a (self-signed) SSL Certificate in the default https host VirtualHost – diya

This was the answer. I installed the SnakeOil cert and everything is working perfectly!

<VirtualHost _default_:443>

        SSLEngine On
        SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

       ServerName default

       Alias /error/ /var/www/redirects/

       ErrorDocument 400 /error/400.html
       ErrorDocument 401 /error/401.html
       ErrorDocument 402 /error/402.html
       ErrorDocument 403 /error/403.html
       ErrorDocument 404 /error/404.html
       ErrorDocument 405 /error/405.html
       ErrorDocument 408 /error/408.html
       ErrorDocument 503 /error/maintenance.html

       <Location />
               Require all denied
       </Location>

</VirtualHost>
Skyler Mews
  • 1
  • 2