20

I've got two websites being served from a CentOS instance. One of those has SSL enabled, the other is just served on port 80.

So, http://siteone.com and https://siteone.com both work fine, as does http://sitetwo.com.

The issue is that https://sitetwo.com displays https://siteone.com.

I have one public IP address available.

I think it's the case that I can't serve two https sites from one IP, but is there at least a way to redirect https to port 80 for https://sitetwo.com instead of serving the wrong site?

sudo apachectl -S
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using xxx.xxx.xxx.xxx. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:

▽
xxx.xxx.xxx.xxx:443     siteone.com (/etc/httpd/sites-enabled/ssl-siteone.conf:1)
*:80                   is a NameVirtualHost
         default server beta-siteone (/etc/httpd/sites-enabled/beta-siteone.conf:1)
         port 80 namevhost beta-ilegis (/etc/httpd/sites-enabled/beta-siteone.conf:1)
                 alias beta.siteone.com
         port 80 namevhost siteone.com (/etc/httpd/sites-enabled/siteone.conf:1)
                 alias www.siteone.com
         port 80 namevhost sitetwo.com (/etc/httpd/sites-enabled/sitetwo.com.conf:1)
                 alias www.sitetwo.com
*:443                  is a NameVirtualHost
         default server xxx.xxx.xxx.xxx (/etc/httpd/conf.d/ssl.conf:56)
         port 443 namevhost xxx.xxx.xxx.xxx (/etc/httpd/conf.d/ssl.conf:56)
         port 443 namevhost xxx.xxx.xxx.xxx (/etc/httpd/sites-enabled/ssl-sitetwo.com.conf:1)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48
gtcaz
  • 303
  • 1
  • 2
  • 4

3 Answers3

30

Two https can be served in one IP. You just need to verify that the virtual host configuration works.

Are you sure that your virtualhost works? You can use this config in site-available. 

<VirtualHost *:80>
    ServerName www.example.com
    ServerAlias example.com
    DocumentRoot /var/www/example.com/public_html
    ErrorLog /var/www/example.com/error.log
    CustomLog /var/www/example.com/requests.log combined
</VirtualHost>

<VirtualHost *:80>
    ServerName www.example2.com
    DocumentRoot /var/www/example2.com/public_html
    ServerAlias example2.com
    ErrorLog /var/www/example2.com/error.log
    CustomLog /var/www/example2.com/requests.log combined
</VirtualHost>

Follow the tutorial here

If you are sure about your virtual host configuration, then you can change the configuration like this:

<VirtualHost *:443>
    ServerName www.example.com
    ServerAlias example.com
    DocumentRoot /var/www/example.com/public_html
    ErrorLog /var/www/example.com/error.log
    CustomLog /var/www/example.com/requests.log combined
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/example/apache.crt
    SSLCertificateKeyFile /etc/apache2/ssl/example/apache.key
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example2.com
    DocumentRoot /var/www/example2.com/public_html
    ServerAlias example2.com
    ErrorLog /var/www/example2.com/error.log
    CustomLog /var/www/example2.com/requests.log combined
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/example2/apache.crt
    SSLCertificateKeyFile /etc/apache2/ssl/example2/apache.key
</VirtualHost>

Maybe you can refer to this for the ssl tutorial.

And finally you can access your web like this
https://example.com
https://example2.com

RazerM
  • 127
  • 6
akhfa
  • 536
  • 4
  • 4
  • Thanks! I ended up migrating the two sites to different VPSs to avoid the problem. I'll give this a try the next time I'm working on this with virtual hosts. – gtcaz Dec 27 '15 at 00:58
  • @akhfa, does one need to port forward 443 for this to work? – Oliver Angelil Jan 24 '22 at 16:08
  • This seems contrary to [NameBasedSSLVHosts - Apache Foundation](https://cwiki.apache.org/confluence/display/httpd/namebasedsslvhosts) – David C. Rankin Nov 08 '22 at 07:01
1

You can try this also

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com/public
    <Directory /var/www/example.com>
    Options +FollowSymlinks
    AllowOverride All
    Require all granted
    </Directory>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com [OR]
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Thilina Dharmasena
  • 111
  • 3
0

The problem here is not the IP address but that Apache falls back to the first defined vHost as a default if none matches the current hostname, and that this goes by port. As soon as you have it listening on port 443 because you serve any sites via HTTPS, that port will be open for all domains pointing to that server, and if there's no matching vHost with a port of 443, Apache will serve the fallback. To accomodate for that, you will have to define a port 443 vHost for every domain, and if you don't want it to support HTTPs, place a message or redirect there.

Bachsau
  • 101
  • 5