0

This should be a super simple setup!

I am trying to enable SSL on only a single subdomain. However, when I do this, all of my subdomains and my primary domain end up pointing towards that subdomain's document root.

To be clear, when I point my browser I get the following document roots served:

http://domain.com       -> /var/www            [GOOD]
http://sub1.domain.com  -> /media/large/sub1   [GOOD]
http://sub2.domain.com  -> /var/www            [Strange, but doesn't bother me.  And error message would be better if possible, or a redirect to https.]
https://domain.com      -> /media/large/sub2   [BAD]
https://sub1.domain.com -> /media/large/sub2   [BAD]
https://sub2.domain.com -> /media/large/sub2   [GOOD]

Those 2 [BAD] sectors are what's truly bothering me. I don't want people navigating to those URLs to be accessing the sub2 document root.

This is my ports.conf:

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
    NameVirtualHost *:443
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

And here are all of my /etc/apache2/sites-enabled

domain.com:

<VirtualHost *:80>
    ServerName domain.com
    DocumentRoot /var/www
</VirtualHost>

sub1.domain.com:

<VirtualHost *:80>
    ServerName sub1.domain.com
    DocumentRoot /media/large/sub1
</VirtualHost>

sub2.domain.com:

<VirtualHost *:443>
    ServerName sub2.domain.com:443
    DocumentRoot /media/large/sub2
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/apache.crt
    SSLCertificateKeyFile /etc/apache2/ssl/apache.key
</VirtualHost>

If it matters, this is on a totally default Ubuntu server.

Leng
  • 125
  • 1
  • 5

1 Answers1

2

You've only got one VirtualHost defined on port 443, so any access to port 443 will have to use that config, no matter what domain name they're using. If that's not what you want, set up VirtualHost configs for the other domains and point them somewhere different.

The same in reverse for your issue with http://sub2.domain.com -- you've not defined a VirtualHost for that domain name, so it's using your default VirtualHost, which is the first one, and so it's using /var/www as the root.

Mike Scott
  • 7,993
  • 31
  • 26
  • Thanks a lot, Mike. What would you suggest for these new VirtualHosts? Is it possible to redirect from the VirtualHost config itself for the subdomains that don't have SSL enabled, essentially removing the `s` from the `https`? Thanks again. – Leng Jan 21 '14 at 20:51
  • I think I may have found the answer in mod_rewrite... I thought it could only be done from `.htaccess` files but I'll give it a try. – Leng Jan 21 '14 at 20:53
  • Yes, you should be able to use mod_rewrite to redirect the domains that you don't want to use SSL with to the non-SSL versions, and vice versa. Do be aware that you can't (generally) use ServerName directives to host multiple SSL sites with different SSL certificates on the same IP address, but since you've only got one SSL certificate you should be OK. However, calls to https://domain.com and https://sub1.domain.com will generate browser warnings that the certificates don't match, since your certificate is (presumably) for sub2.domain.com. – Mike Scott Jan 21 '14 at 20:58
  • Thanks again. I tried your solution and it actually does not work; it appears each `VirtualHost` must have a unique `ServerName`, so I can't just add a new `` with a `ServerName domain.com` and the mod_rewrite. When I do, even normal port 80 `http` requests use that VirtualHost instead of the default one, and the whole site is inaccessible. – Leng Jan 21 '14 at 21:01
  • It turns out this is impossible for a totally different reason (unrelated to `ServerName` uniqueness). I've made a new question regarding that issue [here](http://serverfault.com/questions/568897/apache-serving-wrong-document-root). – Leng Jan 21 '14 at 22:36