Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Need Help Setting up NameVirtualHost with 2 IP and Wildcard SSL on Apache

Posted on 2011-05-02
6
Medium Priority
?
673 Views
Last Modified: 2012-06-22
Hi all,
I have the following setup (see code snippet) but need help adding SSL to it.
I have a second IP address to use.

Site 1 host only 1 domain, unlimited subdomains (sub1.site1.com, sub2.site1.com,etc) pointing to same code, and needs the Wildcard SSL.

Site 2 hosts unlimited domains, no SSL, and all domains point to same code.

Can someone point me in the right direction for this? Its boggling my mind!
NameVirtualHost *:80

 
<VirtualHost *:80>
    ServerAdmin webmaster@site1.com
    DocumentRoot /..../site1.com/public/
    ServerName site1.com
    ServerAlias *.site1.com
 
    ErrorLog /....
    CustomLog /...

   <Directory "/..../churchbackend.com/public/">
 	Options Indexes FollowSymLinks
        AllowOverride All
        Allow from All
    </Directory>
</VirtualHost>

<VirtualHost *:80>

    ServerName default
    ServerAlias *
    ServerAlias site2.com

    DocumentRoot /home/gospellabs/public_html/site2.com/public/

    ErrorLog /....
    CustomLog /...

    <Directory "/.../site2.com/public/">
 	Options Indexes FollowSymLinks
        AllowOverride All
 	Allow from All
    </Directory>

</VirtualHost>

Open in new window

0
Comment
Question by:glabs
  • 3
  • 2
6 Comments
 
LVL 2

Expert Comment

by:gcitron
ID: 35510452
In Apache you can use NameVirtualHost with secures sites, if you are using the same "listener" - same IP and port. So you can use one IP for virtualhosts *.site1.com and one for site2.com. you have to add NameVirtualHost *:443 and to change <VirtualHost *:80> to <VirtualHost CORRESPONDING_IP:443> (one for each virtualhost, first is default). Also you have to add specific SSl settings to virtualhosts (certificates, key etc).



0
 

Author Comment

by:glabs
ID: 35512745
Do you need to do a default for the 443 too or just 80
0
 
LVL 29

Accepted Solution

by:
Michael Worsham earned 2000 total points
ID: 35512809
Site 1 configuration should be as follows (see code snippet). The HTTPS (port 443) IP address also needs to be changed as per "NameVirtualHost" entry.

The Site 2 Apache 'catch-all' for HTTP traffic (port 80) follows as well. The IP address also needs to be changed as per "NameVirtualHost" entry.

References:
http://wiki.apache.org/httpd/NameBasedSSLVHosts
http://www.lampjunkie.com/2008/05/how-to-set-up-a-wildcard-catch-all-virtual-host-in-apache/

NameVirtualHost 192.168.1.200:80
NameVirtualHost 192.168.1.200:443

<VirtualHost 192.168.1.200:443>
  SSLEngine On
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
  SSLCertificateFile /path/to/thecert.crt
  SSLCertificateKeyFile /path/to/thecert.key

  ServerName site1.com
  ServerAlias www.site1.com
  ServerAlias *.site1.com
  ServerAdmin webmaster@site1.com

  DocumentRoot /path/to/site1.com/public/

  ErrorLog /....
  CustomLog /...

  <Directory "/path/to/site1.com/public/">
 	Options Indexes FollowSymLinks
        AllowOverride All
        Allow from All
  </Directory>
</VirtualHost>

#
# MUST REMAIN LAST IN LIST!!!!
#
<VirtualHost 192.168.1.200:80>
    ServerName default
    ServerAlias *
    ServerAlias www.site2.com
    ServerAlias *.site2.com

    DocumentRoot /path/to/site2.com/public/

    ErrorLog /....
    CustomLog /...

    <Directory "/path/to/site2.com/public/">
 	Options Indexes FollowSymLinks
        AllowOverride All
 	Allow from All
    </Directory>
</VirtualHost>

Open in new window

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:glabs
ID: 35513278
Thanks for your help!
2 questions:

1. do you use the internal IP address or the external.
2. Do you put a separate IP for the 443?
0
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 35514058
1) If the Apache web server is externally facing (accessible) or located in a DMZ, then you would use the external IP address. If the Apache server is behind a firewall and the port numbers are being forwarded to the internal server, then use the internal IP address.

2) It's optional, but considered a recommended practice. If you are running Apache on a Linux server and only have one NIC on the server, then you can do what is called IP Aliasing.

Linux -- Creating or Adding New Network Alias To a Network Card (NIC)
http://www.cyberciti.biz/faq/linux-creating-or-adding-new-network-alias-to-a-network-card-nic/
0
 

Author Comment

by:glabs
ID: 35514087
Excellent, Thanks.

I am now having problems with the cert but I will post that as a different question!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We've all had that page pop up telling us there is a problem with the certificate and some of us continue on anyways and others run away to a safer competing site.  But what to do when you get the error - is it your problem or theirs?  What can you …
Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question