• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 687
  • Last Modified:

Need Help Setting up NameVirtualHost with 2 IP and Wildcard SSL on Apache

Hi all,
I have the following setup (see code snippet) but need help adding SSL to it.
I have a second IP address to use.

Site 1 host only 1 domain, unlimited subdomains (sub1.site1.com, sub2.site1.com,etc) pointing to same code, and needs the Wildcard SSL.

Site 2 hosts unlimited domains, no SSL, and all domains point to same code.

Can someone point me in the right direction for this? Its boggling my mind!
NameVirtualHost *:80

 
<VirtualHost *:80>
    ServerAdmin webmaster@site1.com
    DocumentRoot /..../site1.com/public/
    ServerName site1.com
    ServerAlias *.site1.com
 
    ErrorLog /....
    CustomLog /...

   <Directory "/..../churchbackend.com/public/">
 	Options Indexes FollowSymLinks
        AllowOverride All
        Allow from All
    </Directory>
</VirtualHost>

<VirtualHost *:80>

    ServerName default
    ServerAlias *
    ServerAlias site2.com

    DocumentRoot /home/gospellabs/public_html/site2.com/public/

    ErrorLog /....
    CustomLog /...

    <Directory "/.../site2.com/public/">
 	Options Indexes FollowSymLinks
        AllowOverride All
 	Allow from All
    </Directory>

</VirtualHost>

Open in new window

0
glabs
Asked:
glabs
  • 3
  • 2
1 Solution
 
gcitronCommented:
In Apache you can use NameVirtualHost with secures sites, if you are using the same "listener" - same IP and port. So you can use one IP for virtualhosts *.site1.com and one for site2.com. you have to add NameVirtualHost *:443 and to change <VirtualHost *:80> to <VirtualHost CORRESPONDING_IP:443> (one for each virtualhost, first is default). Also you have to add specific SSl settings to virtualhosts (certificates, key etc).



0
 
glabsAuthor Commented:
Do you need to do a default for the 443 too or just 80
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
Site 1 configuration should be as follows (see code snippet). The HTTPS (port 443) IP address also needs to be changed as per "NameVirtualHost" entry.

The Site 2 Apache 'catch-all' for HTTP traffic (port 80) follows as well. The IP address also needs to be changed as per "NameVirtualHost" entry.

References:
http://wiki.apache.org/httpd/NameBasedSSLVHosts
http://www.lampjunkie.com/2008/05/how-to-set-up-a-wildcard-catch-all-virtual-host-in-apache/

NameVirtualHost 192.168.1.200:80
NameVirtualHost 192.168.1.200:443

<VirtualHost 192.168.1.200:443>
  SSLEngine On
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
  SSLCertificateFile /path/to/thecert.crt
  SSLCertificateKeyFile /path/to/thecert.key

  ServerName site1.com
  ServerAlias www.site1.com
  ServerAlias *.site1.com
  ServerAdmin webmaster@site1.com

  DocumentRoot /path/to/site1.com/public/

  ErrorLog /....
  CustomLog /...

  <Directory "/path/to/site1.com/public/">
 	Options Indexes FollowSymLinks
        AllowOverride All
        Allow from All
  </Directory>
</VirtualHost>

#
# MUST REMAIN LAST IN LIST!!!!
#
<VirtualHost 192.168.1.200:80>
    ServerName default
    ServerAlias *
    ServerAlias www.site2.com
    ServerAlias *.site2.com

    DocumentRoot /path/to/site2.com/public/

    ErrorLog /....
    CustomLog /...

    <Directory "/path/to/site2.com/public/">
 	Options Indexes FollowSymLinks
        AllowOverride All
 	Allow from All
    </Directory>
</VirtualHost>

Open in new window

0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
glabsAuthor Commented:
Thanks for your help!
2 questions:

1. do you use the internal IP address or the external.
2. Do you put a separate IP for the 443?
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
1) If the Apache web server is externally facing (accessible) or located in a DMZ, then you would use the external IP address. If the Apache server is behind a firewall and the port numbers are being forwarded to the internal server, then use the internal IP address.

2) It's optional, but considered a recommended practice. If you are running Apache on a Linux server and only have one NIC on the server, then you can do what is called IP Aliasing.

Linux -- Creating or Adding New Network Alias To a Network Card (NIC)
http://www.cyberciti.biz/faq/linux-creating-or-adding-new-network-alias-to-a-network-card-nic/
0
 
glabsAuthor Commented:
Excellent, Thanks.

I am now having problems with the cert but I will post that as a different question!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now