How to configure multiple subdomain with SSL in Apache?

Théophile Hemachandra picture Théophile Hemachandra · Jul 21, 2016 · Viewed 17.7k times · Source

Configuration:

  • Debian
  • Apache2
  • Wildcard SSL for: *.example.com
  • subdomain: a.example.com, b.example.com.
  • 1 dedicated server
  • Websites are in NodeJS (ProxyPass...)

For now, i'm able to get a.example.com to work. But how i can make a.example.com AND b.example.com working on the same server ?

/etc/apache2/site-enable/a.example.com.conf
<VirtualHost  *:80>
  ServerName a.example.com
  Redirect permanent / https://a.example.com
</VirtualHost>
<VirtualHost  *:80>
  ServerName www.a.example.com
  Redirect permanent / https://a.example.com
</VirtualHost>
Listen 443

<VirtualHost *:443>
 ServerName a.example.com
 ServerAlias www.a.example.com

 ProxyRequests off
 LimitRequestLine  150000
 LimitRequestFieldSize 150000
 <Proxy *>
  Order deny,allow
  Allow from all
 </Proxy>

 <Location />
  ProxyPass http://localhost:4949/
  ProxyPassReverse http://localhost:4949/
 </Location>

 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

 SSLCertificateFile   /etc/ssl/2__.example.fr.crt
 SSLCertificateKeyFile  /root/XXXXXX.key
 SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 
</VirtualHost>

UPDATE --- If i try this:

/etc/apache2/site-enable/b.example.com.conf
<VirtualHost  *:80>
ServerName b.example.com
Redirect permanent / https://b.example.com
</VirtualHost>
<VirtualHost  *:80>
ServerName www.b.example.com
Redirect permanent / https://b.example.com
/VirtualHost>

Listen 443

<VirtualHost *:443>
 ServerName b.example.com
 ServerAlias www.b.example.com

 ProxyRequests off
 LimitRequestLine  150000
 LimitRequestFieldSize 150000
 <Proxy *>
  Order deny,allow
  Allow from all
 </Proxy>

 <Location />
  ProxyPass http://localhost:6949/
  ProxyPassReverse http://localhost:6949/
 </Location>

 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

 SSLCertificateFile   /etc/ssl/2__.example.fr.crt
 SSLCertificateKeyFile  /root/XXXXXX.key
 SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 
</VirtualHost>

I'm getting this

[....] Restarting web server: apache2[Thu Jul 21 14:58:01 2016] [warn] module passenger_module is already loaded, skipping
[Thu Jul 21 14:58:01 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Thu Jul 21 14:58:01 2016] [warn] NameVirtualHost *:80 has no VirtualHosts
 ... waiting [Thu Jul 21 14:58:02 2016] [warn] module passenger_module is already loaded, skipping
[Thu Jul 21 14:58:02 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Thu Jul 21 14:58:02 2016] [warn] NameVirtualHost *:80 has no VirtualHosts
(98)Address already in use: make_sock: could not bind to address [::]:443

--- UPDATE

I removed Listen 443 on b.exemple.com.conf

But now, i have this:

a.example.com ---> b.example.com
b.example.com ---> b.example.com

The problem is that when i try to access to a, i'm redirected to b

What i'm doing wrong ?

/etc/apache2/site-enable/b.example.com.conf
<VirtualHost  *:80>
ServerName b.example.com
Redirect permanent / https://b.example.com
</VirtualHost>
<VirtualHost  *:80>
ServerName www.b.example.com
Redirect permanent / https://b.example.com
/VirtualHost>

<VirtualHost *:443>
 ServerName b.example.com
 ServerAlias www.b.example.com

 ProxyRequests off
 LimitRequestLine  150000
 LimitRequestFieldSize 150000
 <Proxy *>
  Order deny,allow
  Allow from all
 </Proxy>

 <Location />
  ProxyPass http://localhost:6949/
  ProxyPassReverse http://localhost:6949/
 </Location>

 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

 SSLCertificateFile   /etc/ssl/2__.example.fr.crt
 SSLCertificateKeyFile  /root/XXXXXX.key
 SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 
</VirtualHost>

-- UPDATE FOUND A SOLUTION : )

I finally found a solution for my problem, thank you for your help !

<IfModule mod_ssl.c>
    Listen 443
    NameVirtualHost *:443    
</IfModule>
<VirtualHost *:443>
  ServerName www.example.fr
  DocumentRoot "/var/www/html/404"

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

  SSLCertificateFile   /etc/ssl/2__.example.fr.crt
  SSLCertificateKeyFile  /root/XXXXX.key
  SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 
</VirtualHost>
<VirtualHost  *:80>
    ServerName www.example.fr
    Redirect permanent / https://a.example.fr
</VirtualHost>


<VirtualHost  *:80>
    ServerName a.example.fr
    Redirect permanent / https://a.example.fr
</VirtualHost>
<VirtualHost *:443>
  ServerAdmin [email protected]
  ServerName a.example.fr

  ProxyRequests off
  LimitRequestLine  150000
  LimitRequestFieldSize 150000
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  <Location />
    ProxyPass http://localhost:4949/
    ProxyPassReverse http://localhost:4949/
  </Location>

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

  SSLCertificateFile   /etc/ssl/2__.example.fr.crt
  SSLCertificateKeyFile  /root/serveurA.key
  SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 

</VirtualHost>





<VirtualHost  *:80>
    ServerName b.example.fr
    Redirect permanent / https://b.example.fr
</VirtualHost>
<VirtualHost *:443>
  ServerAdmin [email protected]
  ServerName b.example.fr

  ProxyRequests off
  LimitRequestLine  150000
  LimitRequestFieldSize 150000
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  <Location />
    ProxyPass http://localhost:6949/
    ProxyPassReverse http://localhost:6949/
  </Location>

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

  SSLCertificateFile   /etc/ssl/2__.example.fr.crt
  SSLCertificateKeyFile  /root/serveurA.key
  SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 

</VirtualHost>

Answer

Nitin Dhomse picture Nitin Dhomse · Jul 21, 2016

Change your virtualhost code for wildcard (*.example.com) for all sub-domain, to implement this feature your SSL certificate should be a wildcard which supports for multiple sub-domains

Change / add two lines in <virtualhost> code of apache httpd.conf or ssl.conf file

 ServerName www.example.com
 ServerAlias *.example.com

Examples :

a.example.com
b.example.com
WHATEVER_SUB-DOMAIN_TEXT.example.com