My webserver hosts several subdomains (vhosts) of a website, say sub1.example.com and sub2.example.com. The only difference between these vhosts is the documentroot. Everything else is shared across vhosts.
Now I would like to do the same for HTTPS, but of course ssl + virtualhost is tricky. The good thing is that my SSL certificate is valid for my complete domain. Hence I don't need to specify per-vhosts certificate. The only thing that I want to specify per vhost is the document root.
The FAQ says:
Name-Based Virtual Hosting is a very popular method of identifying
different virtual hosts. It allows you to use the same IP address and
the same port number for many different sites. When people move on to
SSL, it seems natural to assume that the same method can be used to
have lots of different SSL virtual hosts on the same server.
It is possible, but only if using a 2.2.12 or later web server, built
with 0.9.8j or later OpenSSL. This is because it requires a feature
that only the most recent revisions of the SSL specification added,
called Server Name Indication (SNI).
I am using Ubuntu 11.10 which ships with Apache 2.2.20 and openssl 1.0.0e so I think I should be good. However, I can't get it to work. I already have default and default-ssl sites enabled. If I add a virtualhost like I would do for HTTP:
ServerName sub1.example.com
DocumentRoot /var/www/sub1
And then try to restart Apache, I get:
[Thu Mar 01 23:55:15 2012] [warn] default VirtualHost overlap on
port 443, the first has precedence Action 'start' failed.
Answer
What you probably need is three things:
- A
NameVirtualHost *:80directive. If you want to follow the Ubuntu conventions, put this inports.conf. - Fix the host specification on the default SSL vhost. It's set to
NameVirtualHostdirective. - You also need to specify the SSL-related settings in your new vhost.
SSLEngine Onand your certificate settings are needed.
..and if this isn't the case, then please provide your existing config and the output of apache2ctl -S.
No comments:
Post a Comment