Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to configure multiple subdomain with SSL in Apache?

Configuration:

  • Debian
  • Apache2
  • Wildcard SSL for: *.example.com
  • subdomain: a.example.com, b.example.com.
  • 1 dedicated server
  • Websites are in NodeJS (ProxyPass...)

For now, i'm able to get a.example.com to work. But how i can make a.example.com AND b.example.com working on the same server ?

/etc/apache2/site-enable/a.example.com.conf
<VirtualHost  *:80>
  ServerName a.example.com
  Redirect permanent / https://a.example.com
</VirtualHost>
<VirtualHost  *:80>
  ServerName www.a.example.com
  Redirect permanent / https://a.example.com
</VirtualHost>
Listen 443

<VirtualHost *:443>
 ServerName a.example.com
 ServerAlias www.a.example.com

 ProxyRequests off
 LimitRequestLine  150000
 LimitRequestFieldSize 150000
 <Proxy *>
  Order deny,allow
  Allow from all
 </Proxy>

 <Location />
  ProxyPass http://localhost:4949/
  ProxyPassReverse http://localhost:4949/
 </Location>

 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

 SSLCertificateFile   /etc/ssl/2__.example.fr.crt
 SSLCertificateKeyFile  /root/XXXXXX.key
 SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 
</VirtualHost>

UPDATE --- If i try this:

/etc/apache2/site-enable/b.example.com.conf
<VirtualHost  *:80>
ServerName b.example.com
Redirect permanent / https://b.example.com
</VirtualHost>
<VirtualHost  *:80>
ServerName www.b.example.com
Redirect permanent / https://b.example.com
/VirtualHost>

Listen 443

<VirtualHost *:443>
 ServerName b.example.com
 ServerAlias www.b.example.com

 ProxyRequests off
 LimitRequestLine  150000
 LimitRequestFieldSize 150000
 <Proxy *>
  Order deny,allow
  Allow from all
 </Proxy>

 <Location />
  ProxyPass http://localhost:6949/
  ProxyPassReverse http://localhost:6949/
 </Location>

 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

 SSLCertificateFile   /etc/ssl/2__.example.fr.crt
 SSLCertificateKeyFile  /root/XXXXXX.key
 SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 
</VirtualHost>

I'm getting this

[....] Restarting web server: apache2[Thu Jul 21 14:58:01 2016] [warn] module passenger_module is already loaded, skipping
[Thu Jul 21 14:58:01 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Thu Jul 21 14:58:01 2016] [warn] NameVirtualHost *:80 has no VirtualHosts
 ... waiting [Thu Jul 21 14:58:02 2016] [warn] module passenger_module is already loaded, skipping
[Thu Jul 21 14:58:02 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Thu Jul 21 14:58:02 2016] [warn] NameVirtualHost *:80 has no VirtualHosts
(98)Address already in use: make_sock: could not bind to address [::]:443

--- UPDATE

I removed Listen 443 on b.exemple.com.conf

But now, i have this:

a.example.com ---> b.example.com
b.example.com ---> b.example.com

The problem is that when i try to access to a, i'm redirected to b

What i'm doing wrong ?

/etc/apache2/site-enable/b.example.com.conf
<VirtualHost  *:80>
ServerName b.example.com
Redirect permanent / https://b.example.com
</VirtualHost>
<VirtualHost  *:80>
ServerName www.b.example.com
Redirect permanent / https://b.example.com
/VirtualHost>

<VirtualHost *:443>
 ServerName b.example.com
 ServerAlias www.b.example.com

 ProxyRequests off
 LimitRequestLine  150000
 LimitRequestFieldSize 150000
 <Proxy *>
  Order deny,allow
  Allow from all
 </Proxy>

 <Location />
  ProxyPass http://localhost:6949/
  ProxyPassReverse http://localhost:6949/
 </Location>

 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

 SSLCertificateFile   /etc/ssl/2__.example.fr.crt
 SSLCertificateKeyFile  /root/XXXXXX.key
 SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 
</VirtualHost>

-- UPDATE FOUND A SOLUTION : )

I finally found a solution for my problem, thank you for your help !

<IfModule mod_ssl.c>
    Listen 443
    NameVirtualHost *:443    
</IfModule>
<VirtualHost *:443>
  ServerName www.example.fr
  DocumentRoot "/var/www/html/404"

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

  SSLCertificateFile   /etc/ssl/2__.example.fr.crt
  SSLCertificateKeyFile  /root/XXXXX.key
  SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 
</VirtualHost>
<VirtualHost  *:80>
    ServerName www.example.fr
    Redirect permanent / https://a.example.fr
</VirtualHost>


<VirtualHost  *:80>
    ServerName a.example.fr
    Redirect permanent / https://a.example.fr
</VirtualHost>
<VirtualHost *:443>
  ServerAdmin [email protected]
  ServerName a.example.fr

  ProxyRequests off
  LimitRequestLine  150000
  LimitRequestFieldSize 150000
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  <Location />
    ProxyPass http://localhost:4949/
    ProxyPassReverse http://localhost:4949/
  </Location>

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

  SSLCertificateFile   /etc/ssl/2__.example.fr.crt
  SSLCertificateKeyFile  /root/serveurA.key
  SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 

</VirtualHost>





<VirtualHost  *:80>
    ServerName b.example.fr
    Redirect permanent / https://b.example.fr
</VirtualHost>
<VirtualHost *:443>
  ServerAdmin [email protected]
  ServerName b.example.fr

  ProxyRequests off
  LimitRequestLine  150000
  LimitRequestFieldSize 150000
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  <Location />
    ProxyPass http://localhost:6949/
    ProxyPassReverse http://localhost:6949/
  </Location>

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

  SSLCertificateFile   /etc/ssl/2__.example.fr.crt
  SSLCertificateKeyFile  /root/serveurA.key
  SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 

</VirtualHost>
like image 661
Théophile Hemachandra Avatar asked Jul 21 '16 12:07

Théophile Hemachandra


People also ask

How to enable SSL and virtual host for a subdomain?

Let’s enable a virtual host and SSL for this subdomain. If you are using namecheap.com, go to Domain List > Advanced DNS and add a new record. It may take 24–48 hours.

How to run multiple websites on a single server using Apache?

Apache’s virtual hosts can run multiple websites on a single server. In this article, you will learn how to host multiple websites including sub-domains. My Ubuntu 20.04 server has some files in the /etc/apache2/sites-available directory. We will create more files in this directory to create multiple virtual hosts.

How do I connect multiple websites with the same SSL certificate?

If you have a Wildcard or Multi-Domain SSL Certificate all of the websites using the same certificate need to reference the same IP address in the VirtualHost IP address:443 section like in the example below: Now restart Apache and access the https site from a browser that supports SNI.

Can you have multiple subdomains on the same machine?

We’re going to use Virtual Hosts, thanks to which you can have multiple subdomains and top-level domains on the same machine, i.e. on one IP. The term Virtual Host refers to the practice of running more than one web site (such as company1.example.com and company2.example.com) on a single machine. — Apache documentation


1 Answers

Change your virtualhost code for wildcard (*.example.com) for all sub-domain, to implement this feature your SSL certificate should be a wildcard which supports for multiple sub-domains

Change / add two lines in <virtualhost> code of apache httpd.conf or ssl.conf file

 ServerName www.example.com
 ServerAlias *.example.com

Examples :

a.example.com
b.example.com
WHATEVER_SUB-DOMAIN_TEXT.example.com
like image 50
Nitin Dhomse Avatar answered Oct 06 '22 11:10

Nitin Dhomse