brettbrewer.com

Programming + Design

Home
Multiple SSL Vhosts under a single IP address with Apache2 on Fedora Core 6 PDF Print E-mail
Written by Brett Brewer   
Tuesday, 26 August 2008

If you've ever seen the following warning when starting Apache, you no doubt had trouble figuring out the proper fix:

 _default_ VirtualHost overlap on port 443, the first has precedence

If you're anything like me, you probably diligently followed the Apache documentation and ended up creating multiple IP addresses simply to serve multiple web sites via SSL. Well, contrary to popular opinion and the official Apache docs (which are confusing or misleading on this topic), you CAN in fact use name-based hosting with SSL. You probably already have your main httpd.conf file set up properly, but need to tweak your SSL configuration. The problem is this: you are trying to use name based virtual hosting, but failed to specify name based vhosts for your SSL config. Basically, you need to add the following line somewhere immediately BEFORE the first vhost entry in you SSL config:

NameVirtualHost *:443

On Fedora Core 6 running Apache 2 you will find your config files in the following locations:

/etc/httpd/conf/httpd.conf

/etc/httpd/conf.d/ssl.conf

Basically, Apache2 on Fedora Core 6 puts all your non-standard config options in the "conf.d" subfolder so they are easier to organize...which I happen to love compared to the old way of cramming everything into the httpd.conf file. Anyway, if you are using named based hosting, you should have the following line somewhere in your httpd.conf file before the applicable vhost entries:

NameVirtualHost *:80

This will work if you are just using wildcards for the IP addresses for all your vhosts, otherwise make sure you have the specific ip address specified. Basically the "NameVirtualHost" address must exactly match the address specified in the individual vhost entries and it must come before them.

The trick to getting SSL working with multiple vhosts it to open your /etc/httpd/conf.d/ssl.conf file and find the opening tag of the default vhost entry. Before it just add the same NameVirtualHost you have in your main httpd.conf file, but change the port to your SSL port, which is usually 443:

 NameVirtualHost *:443

Be sure to put this directive BEFORE the first <virtualHost> container tag in your ssl.conf file or you will get errors. Also, if your ssl host entry looks like this:

<VirtualHost __default__:443>

you might want to change it to this

<VirtualHost *:443>

but only if the __default__:443 doesn't work. I don't know if it matters, but I've got mine set up with * instead of __default__. 

 Once you've added the NameVirtualHost directive you should be able to add <virtualHost> entries on port 443 to your ssl.conf file that correspond to the entries in your httpd.conf file and then your sites will work over both http and https and Apache will stop complaining about the hosts overlapping. Well, maybe not completely...I was scanning my apache logs and noticed some continued complaining by Apache, but the erros don't show up when starting Apache and the sites all seem to work, so YAY! I don't know why this isn't listed somewhere in the Apache docs because it seems like everyone setting up their own testing/development server eventually runs into this problem. Perhaps it's not the best way to do it for a live site, but it seems to work fine in my local test environment. I hope this info saves you the hours it took me to figure out. 

Last Updated ( Thursday, 28 August 2008 )
 
< Prev   Next >

Search

Who's Online

We have 22 guests online

© 2017 www.brettbrewer.com
Joomla! is Free Software released under the GNU/GPL License.