How to configure multiple subdomain with SSL in Apache?
Configuration:
- Debian
- Apache2
- Wildcard SSL for: *.example.com
- subdomain: a.example.com, b.example.com.
- 1 dedicated server
- Websites are in NodeJS (ProxyPass...)
For now, i'm able to get a.example.com to work. But how i can make a.example.com AND b.example.com working on the same server ?
/etc/apache2/site-enable/a.example.com.conf
<VirtualHost *:80>
ServerName a.example.com
Redirect permanent / https://a.example.com
</VirtualHost>
<VirtualHost *:80>
ServerName www.a.example.com
Redirect permanent / https://a.example.com
</VirtualHost>
Listen 443
<VirtualHost *:443>
ServerName a.example.com
ServerAlias www.a.example.com
ProxyRequests off
LimitRequestLine 150000
LimitRequestFieldSize 150000
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
ProxyPass http://localhost:4949/
ProxyPassReverse http://localhost:4949/
</Location>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL
SSLCertificateFile /etc/ssl/2__.example.fr.crt
SSLCertificateKeyFile /root/XXXXXX.key
SSLCertificateChainFile /etc/ssl/1_root_bundle.crt
</VirtualHost>
UPDATE --- If i try this:
/etc/apache2/site-enable/b.example.com.conf
<VirtualHost *:80>
ServerName b.example.com
Redirect permanent / https://b.example.com
</VirtualHost>
<VirtualHost *:80>
ServerName www.b.example.com
Redirect permanent / https://b.example.com
/VirtualHost>
Listen 443
<VirtualHost *:443>
ServerName b.example.com
ServerAlias www.b.example.com
ProxyRequests off
LimitRequestLine 150000
LimitRequestFieldSize 150000
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
ProxyPass http://localhost:6949/
ProxyPassReverse http://localhost:6949/
</Location>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL
SSLCertificateFile /etc/ssl/2__.example.fr.crt
SSLCertificateKeyFile /root/XXXXXX.key
SSLCertificateChainFile /etc/ssl/1_root_bundle.crt
</VirtualHost>
I'm getting this
[....] Restarting web server: apache2[Thu Jul 21 14:58:01 2016] [warn] module passenger_module is already loaded, skipping
[Thu Jul 21 14:58:01 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Thu Jul 21 14:58:01 2016] [warn] NameVirtualHost *:80 has no VirtualHosts
... waiting [Thu Jul 21 14:58:02 2016] [warn] module passenger_module is already loaded, skipping
[Thu Jul 21 14:58:02 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Thu Jul 21 14:58:02 2016] [warn] NameVirtualHost *:80 has no VirtualHosts
(98)Address already in use: make_sock: could not bind to address [::]:443
--- UPDATE
I removed Listen 443 on b.exemple.com.conf
But now, i have this:
a.example.com ---> b.example.com
b.example.com ---> b.example.com
The problem is that when i try to access to a, i'm redirected to b
What i'm doing wrong ?
/etc/apache2/site-enable/b.example.com.conf
<VirtualHost *:80>
ServerName b.example.com
Redirect permanent / https://b.example.com
</VirtualHost>
<VirtualHost *:80>
ServerName www.b.example.com
Redirect permanent / https://b.example.com
/VirtualHost>
<VirtualHost *:443>
ServerName b.example.com
ServerAlias www.b.example.com
ProxyRequests off
LimitRequestLine 150000
LimitRequestFieldSize 150000
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
ProxyPass http://localhost:6949/
ProxyPassReverse http://localhost:6949/
</Location>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL
SSLCertificateFile /etc/ssl/2__.example.fr.crt
SSLCertificateKeyFile /root/XXXXXX.key
SSLCertificateChainFile /etc/ssl/1_root_bundle.crt
</VirtualHost>
-- UPDATE FOUND A SOLUTION : )
I finally found a solution for my problem, thank you for your help !
<IfModule mod_ssl.c>
Listen 443
NameVirtualHost *:443
</IfModule>
<VirtualHost *:443>
ServerName www.example.fr
DocumentRoot "/var/www/html/404"
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL
SSLCertificateFile /etc/ssl/2__.example.fr.crt
SSLCertificateKeyFile /root/XXXXX.key
SSLCertificateChainFile /etc/ssl/1_root_bundle.crt
</VirtualHost>
<VirtualHost *:80>
ServerName www.example.fr
Redirect permanent / https://a.example.fr
</VirtualHost>
<VirtualHost *:80>
ServerName a.example.fr
Redirect permanent / https://a.example.fr
</VirtualHost>
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName a.example.fr
ProxyRequests off
LimitRequestLine 150000
LimitRequestFieldSize 150000
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
ProxyPass http://localhost:4949/
ProxyPassReverse http://localhost:4949/
</Location>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL
SSLCertificateFile /etc/ssl/2__.example.fr.crt
SSLCertificateKeyFile /root/serveurA.key
SSLCertificateChainFile /etc/ssl/1_root_bundle.crt
</VirtualHost>
<VirtualHost *:80>
ServerName b.example.fr
Redirect permanent / https://b.example.fr
</VirtualHost>
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName b.example.fr
ProxyRequests off
LimitRequestLine 150000
LimitRequestFieldSize 150000
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
ProxyPass http://localhost:6949/
ProxyPassReverse http://localhost:6949/
</Location>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL
SSLCertificateFile /etc/ssl/2__.example.fr.crt
SSLCertificateKeyFile /root/serveurA.key
SSLCertificateChainFile /etc/ssl/1_root_bundle.crt
</VirtualHost>
Answer
Change your virtualhost code for wildcard (*.example.com) for all sub-domain, to implement this feature your SSL certificate should be a wildcard which supports for multiple sub-domains
Change / add two lines in <virtualhost> code of apache httpd.conf or ssl.conf file
ServerName www.example.com
ServerAlias *.example.com
Examples :
a.example.com
b.example.com
WHATEVER_SUB-DOMAIN_TEXT.example.com