MAMP 2 Multiple VirtualHosts with SSL

Question

I'm currently running into trouble configuring MAMP 2 to use SSL with multiple virtual hosts (it is working fine with one). In my case, it will only provide an SSL connection for the first vhost listed in the https-ssl.conf file.

In my httpd-vhosts.conf file, I have several vhosts setup like:

<VirtualHost *:80> 
    DocumentRoot "/Users/me/sites/something/" 
    ServerName something.local 
</VirtualHost>
<VirtualHost *:80> 
    DocumentRoot "/Users/me/sites/else/" 
    ServerName else.local 
</VirtualHost>

In my https-ssl.conf file, I have several vhosts setup like:

<VirtualHost *:443>
    DocumentRoot "/Users/me/sites/something"
    ServerName something.local:443
    ServerAdmin you@example.com
    ErrorLog "/Applications/MAMP/Library/logs/error_log"
    TransferLog "/Applications/MAMP/Library/logs/access_log"

    SSLEngine on

    #   SSL Cipher Suite:
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    #   Server Certificate:
    SSLCertificateFile "/Applications/MAMP/conf/apache/server.crt"
    #SSLCertificateFile "/Applications/MAMP/conf/apache/server-dsa.crt"

    #   Server Private Key:
    SSLCertificateKeyFile "/Applications/MAMP/conf/apache/server.key"
    #SSLCertificateKeyFile "/Applications/MAMP/conf/apache/server-dsa.key"

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "/Applications/MAMP/Library/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    #   SSL Protocol Adjustments:
    BrowserMatch ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0

    #   Per-Server Logging:
    CustomLog "/Applications/MAMP/Library/logs/ssl_request_log" \
                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>  
<VirtualHost *:443>
    DocumentRoot "/Users/me/sites/else"
    ServerName else.local:443
    ServerAdmin you@example.com
    ErrorLog "/Applications/MAMP/Library/logs/error_log"
    TransferLog "/Applications/MAMP/Library/logs/access_log"


    ........add'l config deleted......
</VirtualHost>

It always works that first vhost listed in https-ssl.conf is provided SSL support, but not any listed after it (https://something.local would work, but not https://else.local)

Any help would be appreciated!

score 5 · Accepted Answer · answered Jun 26 '12 at 23:52

5

You can only have one HTTPS host per IP - this a limit of HTTPS. Try <VirtualHost ip.ad.dr.es:443> for the different IPs to get a HTTPS host on each.

answered Jun 26 '12 at 23:52

Eugen Rieck

64,175
10
70
92

Ahh, gotcha. Is there any recourse for this when developing in a local environment? I looked around a bit for how to setup multiple IPs for localhost on OSX (10.6) but couldn't find any documentation. – user1086746 Jun 27 '12 at 15:27
I am not an OSX guy, but I think it is System Settings -> Nettwork -> Add Interface -> Ethernet -> then static IP address – Eugen Rieck Jun 27 '12 at 15:33
@EugenRieck TLS SNI, SAN certificates, and wildcard certificates are at least worth a mention, no? – Shane Madden Jun 28 '12 at 15:28
@ShaneMadden The use of MAMP and the URL https://something.local made me believe, this is for a test setup, where adding a second IP would be the by far quickest resolution. Feel free to post a more through answer, I will certainly upvote it! – Eugen Rieck Jun 28 '12 at 16:00

score 2 · Answer 2 · answered Jul 11 '17 at 20:35

The .conf file in the original question was close but not quite there...

In order for Apache to recognize different virual hosts over SSL you need to use NameVirtualHost and turn off "Strict SNI". Essentially, you need the following at the top of your httpd-ssl.conf file:

# Ensure that Apache listens on port 443
Listen 443

# Listen for virtual host requests on all IP addresses
NameVirtualHost *:443

# Go ahead and accept connections for these vhosts
# from non-SNI clients
SSLStrictSNIVHostCheck off

and then make sure each of your vhost nodes are declared with the following tag:

<VirtualHost *:443>

Note : The browser you're using also needs to support SNI.

All of this was taken from this page in the Apache docs: https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

Thanks! this did the trick for me. Funny that `SSLStrictSNIVHostCheck` isn't provided (or documented) in the default `httpd-ssl.conf` file. — jenlampton, Nov 18 '18 at 22:54

score 1 · Answer 3 · answered Jul 29 '14 at 15:44

1

Try this either on httpd-vhost.conf if it is included or on httpd.conf

NameVirtualHost *:80
NameVirtualHost *:443

Thanks

answered Jul 29 '14 at 15:44

MAMP 2 Multiple VirtualHosts with SSL

3 Answers3