Thursday, April 23, 2015

ssl - Apache NameVirtualHost on port 443 ignores ServerAlias



I've got a name-based virtual host setup on port 443 such that requests on host 'apple.fruitdomain' are proxied to the apple-app and requests on host 'orange.fruitdomain' are proxied to orange-app. This is working, but I'd like to add a ServerAlias for each such that requests on host 'apple' are proxied to apple-app and requests on host 'orange' are proxied to the orange-app. If I simply add a ServerAlias directive to the virtual host it doesn't work. ssl.conf below:




Listen 443
NameVirtualHost *:443

ServerName apple.fruitdomain
ServerAlias apple
SSLProxyEngine on
ProxyPass /apple-app https://localhost:8181/apple-app
ProxyPassReverse /apple-app https://localhost:8181/apple-app
...



ServerName orange.fruitdomain
ServerAlias orange
SSLProxyEngine on
ProxyPass /orange-app https://localhost:8181/orange-app
ProxyPassReverse /orange-app https://localhost:8181/orange-app
...




Interestingly if I do a similar setup but with port 80 then the ServerAlias works...


Answer



Well, from my testing it appears that the ServerAlias directive is ignored when using name-based virtual hosting on port 443 with Apache 2.2.15. This is probably due to the special SNI protocol requirement (SNI - Wikipedia; SNI - Apache Wiki). The work around is to create two separate virtual hosts; from my example one would have ServerName orange.fruitdomain and the other would have ServerName orange.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...