How to set up SSL for one domain of several virtualhosts

Question

I have an Apache2 server with multiple Virtual Hosts. One of the domains now wants SSL so they can do payment work with Stripe.

I have a separate IP for that domain (domain1) than is the main IP for server. (main server 99.99.99.88, separate IP 99.99.99.99)

Before I cut everything over I am trying to get it to work on port 80 (non-SSL) so that I know my virts are working.

When I go to the IP (99.99.99.99) it resolves to domain2 which is the default domain for the server, not domain1.

The Listen command in httpd.conf is Listen 80

Here's the relevant code for my vhosts.conf

NameVirtualHost *:80

NameVirtualHost 99.99.99.99:80

<VirtualHost 99.99.99.99:80>
    ServerName domain1.com
    DocumentRoot /var/www/vhosts/domain1.com/httpdocs
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot /var/www/vhosts/domain2.com/html
    ServerName www.domain2.com
</VirtualHost>

<VirtualHost *:80>
    ServerName portal.domain2.com
    DocumentRoot /var/www/vhosts/domain2.com/portal/public
</VirtualHost>

<VirtualHost *:80>
    ServerName demo.domain2.com
    DocumentRoot /var/www/vhosts/domain2.com/demo/public
</VirtualHost>

<VirtualHost *:80>
    ServerName domain3.info
    DocumentRoot /var/www/vhosts/domain3.info/html
</VirtualHost>

<VirtualHost *:80>
    ServerName domain1.com
    DocumentRoot /var/www/vhosts/domain1.com/httpdocs
</VirtualHost>

What do I need to do so that I can have domain1 be accessed when I hit the server using 99.99.99.99?

Peter Grace · Accepted Answer · 2014-06-20T19:59:17.610

2

The first *:80 record that httpd sees a VirtualHost for will become the default site for *:80. Because of this, if you enter any hostname that is not a valid ServerName entry, it will fall-through to your domain2 entry.

You can help stop this behavior by specifying your "true" base website as the very first *:80 virtualhost in your config.

It is good practice to target websites with a specific ip address individually, e.g.:

NameVirtualHost 99.99.99.99:80
<VirualHost 99.99.99.99:80>
  ServerName domain2.com
  ...
</VirtualHost>

Doing the above should guarantee that sites with a specific ip address are served from the explicit entry for said ip, rather than the default due to "most-specific-configuration-wins."

Reference Here:

ServerName inheritance It is best to always explicitly list a ServerName in every name-based virtual host. If a VirtualHost doesn't specify a ServerName, a server name will be inherited from the base server configuration. If no server name was specified globally, one is detected at startup through reverse DNS resolution of the first listening address. In either case, this inherited server name will influenced name-based virtual host resolution, so it is best to always explicitly list a ServerName in every name-based virtual host.

For example, suppose that you are serving the domain www.example.com and you wish to add the virtual host other.example.com, which points at the same IP address. Then you simply add the following to httpd.conf:

<VirtualHost *:80>
    # This first-listed virtual host is also the default for *:80
    ServerName www.example.com
    ServerAlias example.com 
    DocumentRoot /www/domain
</VirtualHost>

<VirtualHost *:80>
    ServerName other.example.com
    DocumentRoot /www/otherdomain
</VirtualHost>

edited Jun 20 '14 at 19:59

answered Jun 19 '14 at 13:22

Peter Grace

3,456
1
27
43

I prefer to use the Apache test page as the default virtual host, rather than any live web site. – Michael Hampton Jun 19 '14 at 14:37
@MichaelHampton I used to do this as well, but Internet Bad Guys can use that to scope down their attack on your server. Security/Safety is a totally different topic, but you should definitely turn off any indication your server is apache to the outside world, if for no other reason than to slow down someone trying to compromise you. – Peter Grace Jun 19 '14 at 14:54
1

Oh, I serve the Apache test page...from Nginx! – Michael Hampton Jun 19 '14 at 14:57
I had the VirtualHosts working when all I had was *:80. How can I access domain1 on 99:99:99:99 rather than domain2? I need to treat calls to the server differently based on the IP. – Doug Johnson-Cookloose Jun 19 '14 at 16:06
@DougJohnson-Cookloose - you could add a NameVirtualHost for 99.99.99.99:80 and then a stanza. In that case, most exact entry would win (i.e., if the traffic actually came into 99.99.99.99 it would hit the entry for 99.99.99.99 before *:80. – Peter Grace Jun 19 '14 at 18:20
@PeterGrace That's what I believed also. You'll see that is what I did in the example, but it didn't work as I expected. I'll check to see if something else is wrong. Is there a way to determine that the IP that is reaching the box is what I expect? – Doug Johnson-Cookloose Jun 20 '14 at 00:16
@DougJohnson-Cookloose maybe I am misunderstanding something, but your entry above has domain1.com for 99.99.99.99. Don't you mean that to be domain2.com? – Peter Grace Jun 20 '14 at 13:52
@PeterGrace domain1=99.99.99.99 domain2=99.99.99.88 also is default (original) for server. Your answer (and the way I did it) is correct. It turned out to be a missed setup by the hosting people. If you want to edit your answer to do the name virtual host as in your comment, I'll accept it. – Doug Johnson-Cookloose Jun 20 '14 at 19:51

How to set up SSL for one domain of several virtualhosts

1 Answers1