Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to configure multiple subdomain with SSL in Apache?

Tags:

https

ssl

apache

wildcard

virtualhost

Configuration:

  • Debian
  • Apache2
  • Wildcard SSL for: *.example.com
  • subdomain: a.example.com, b.example.com.
  • 1 dedicated server
  • Websites are in NodeJS (ProxyPass...)

For now, i'm able to get a.example.com to work. But how i can make a.example.com AND b.example.com working on the same server ?

/etc/apache2/site-enable/a.example.com.conf
<VirtualHost  *:80>
  ServerName a.example.com
  Redirect permanent / https://a.example.com
</VirtualHost>
<VirtualHost  *:80>
  ServerName www.a.example.com
  Redirect permanent / https://a.example.com
</VirtualHost>
Listen 443

<VirtualHost *:443>
 ServerName a.example.com
 ServerAlias www.a.example.com

 ProxyRequests off
 LimitRequestLine  150000
 LimitRequestFieldSize 150000
 <Proxy *>
  Order deny,allow
  Allow from all
 </Proxy>

 <Location />
  ProxyPass http://localhost:4949/
  ProxyPassReverse http://localhost:4949/
 </Location>

 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

 SSLCertificateFile   /etc/ssl/2__.example.fr.crt
 SSLCertificateKeyFile  /root/XXXXXX.key
 SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 
</VirtualHost>

UPDATE --- If i try this:

/etc/apache2/site-enable/b.example.com.conf
<VirtualHost  *:80>
ServerName b.example.com
Redirect permanent / https://b.example.com
</VirtualHost>
<VirtualHost  *:80>
ServerName www.b.example.com
Redirect permanent / https://b.example.com
/VirtualHost>

Listen 443

<VirtualHost *:443>
 ServerName b.example.com
 ServerAlias www.b.example.com

 ProxyRequests off
 LimitRequestLine  150000
 LimitRequestFieldSize 150000
 <Proxy *>
  Order deny,allow
  Allow from all
 </Proxy>

 <Location />
  ProxyPass http://localhost:6949/
  ProxyPassReverse http://localhost:6949/
 </Location>

 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

 SSLCertificateFile   /etc/ssl/2__.example.fr.crt
 SSLCertificateKeyFile  /root/XXXXXX.key
 SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 
</VirtualHost>

I'm getting this

[....] Restarting web server: apache2[Thu Jul 21 14:58:01 2016] [warn] module passenger_module is already loaded, skipping
[Thu Jul 21 14:58:01 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Thu Jul 21 14:58:01 2016] [warn] NameVirtualHost *:80 has no VirtualHosts
 ... waiting [Thu Jul 21 14:58:02 2016] [warn] module passenger_module is already loaded, skipping
[Thu Jul 21 14:58:02 2016] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
[Thu Jul 21 14:58:02 2016] [warn] NameVirtualHost *:80 has no VirtualHosts
(98)Address already in use: make_sock: could not bind to address [::]:443

--- UPDATE

I removed Listen 443 on b.exemple.com.conf

But now, i have this:

a.example.com ---> b.example.com
b.example.com ---> b.example.com

The problem is that when i try to access to a, i'm redirected to b

What i'm doing wrong ?

/etc/apache2/site-enable/b.example.com.conf
<VirtualHost  *:80>
ServerName b.example.com
Redirect permanent / https://b.example.com
</VirtualHost>
<VirtualHost  *:80>
ServerName www.b.example.com
Redirect permanent / https://b.example.com
/VirtualHost>

<VirtualHost *:443>
 ServerName b.example.com
 ServerAlias www.b.example.com

 ProxyRequests off
 LimitRequestLine  150000
 LimitRequestFieldSize 150000
 <Proxy *>
  Order deny,allow
  Allow from all
 </Proxy>

 <Location />
  ProxyPass http://localhost:6949/
  ProxyPassReverse http://localhost:6949/
 </Location>

 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
 SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

 SSLCertificateFile   /etc/ssl/2__.example.fr.crt
 SSLCertificateKeyFile  /root/XXXXXX.key
 SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 
</VirtualHost>

-- UPDATE FOUND A SOLUTION : )

I finally found a solution for my problem, thank you for your help !

<IfModule mod_ssl.c>
    Listen 443
    NameVirtualHost *:443    
</IfModule>
<VirtualHost *:443>
  ServerName www.example.fr
  DocumentRoot "/var/www/html/404"

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

  SSLCertificateFile   /etc/ssl/2__.example.fr.crt
  SSLCertificateKeyFile  /root/XXXXX.key
  SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 
</VirtualHost>
<VirtualHost  *:80>
    ServerName www.example.fr
    Redirect permanent / https://a.example.fr
</VirtualHost>


<VirtualHost  *:80>
    ServerName a.example.fr
    Redirect permanent / https://a.example.fr
</VirtualHost>
<VirtualHost *:443>
  ServerAdmin [email protected]
  ServerName a.example.fr

  ProxyRequests off
  LimitRequestLine  150000
  LimitRequestFieldSize 150000
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  <Location />
    ProxyPass http://localhost:4949/
    ProxyPassReverse http://localhost:4949/
  </Location>

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

  SSLCertificateFile   /etc/ssl/2__.example.fr.crt
  SSLCertificateKeyFile  /root/serveurA.key
  SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 

</VirtualHost>





<VirtualHost  *:80>
    ServerName b.example.fr
    Redirect permanent / https://b.example.fr
</VirtualHost>
<VirtualHost *:443>
  ServerAdmin [email protected]
  ServerName b.example.fr

  ProxyRequests off
  LimitRequestLine  150000
  LimitRequestFieldSize 150000
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  <Location />
    ProxyPass http://localhost:6949/
    ProxyPassReverse http://localhost:6949/
  </Location>

  SSLEngine on
  SSLProtocol all -SSLv2 -SSLv3
  SSLCipherSuite ALL:!DH:!EXPORT:!RC4:+HIGH:+MEDIUM:!LOW:!aNULL:!eNULL

  SSLCertificateFile   /etc/ssl/2__.example.fr.crt
  SSLCertificateKeyFile  /root/serveurA.key
  SSLCertificateChainFile    /etc/ssl/1_root_bundle.crt 

</VirtualHost>
like image 661
Théophile Hemachandra Avatar asked Jul 21 '16 12:07

Théophile Hemachandra

People also ask

How to enable SSL and virtual host for a subdomain?

Let’s enable a virtual host and SSL for this subdomain. If you are using namecheap.com, go to Domain List > Advanced DNS and add a new record. It may take 24–48 hours.

How to run multiple websites on a single server using Apache?

Apache’s virtual hosts can run multiple websites on a single server. In this article, you will learn how to host multiple websites including sub-domains. My Ubuntu 20.04 server has some files in the /etc/apache2/sites-available directory. We will create more files in this directory to create multiple virtual hosts.

How do I connect multiple websites with the same SSL certificate?

If you have a Wildcard or Multi-Domain SSL Certificate all of the websites using the same certificate need to reference the same IP address in the VirtualHost IP address:443 section like in the example below: Now restart Apache and access the https site from a browser that supports SNI.

Can you have multiple subdomains on the same machine?

We’re going to use Virtual Hosts, thanks to which you can have multiple subdomains and top-level domains on the same machine, i.e. on one IP. The term Virtual Host refers to the practice of running more than one web site (such as company1.example.com and company2.example.com) on a single machine. — Apache documentation

1 Answers

Change your virtualhost code for wildcard (*.example.com) for all sub-domain, to implement this feature your SSL certificate should be a wildcard which supports for multiple sub-domains

Change / add two lines in <virtualhost> code of apache httpd.conf or ssl.conf file

 ServerName www.example.com
 ServerAlias *.example.com

Examples :

a.example.com
b.example.com
WHATEVER_SUB-DOMAIN_TEXT.example.com
like image 50
Nitin Dhomse Avatar answered Oct 06 '22 11:10

Nitin Dhomse
Sign in to Comment

Related questions

Apache proxypass IP addresses cached
Getting existing mapreduce job from cluster (the job could be running or completed)
NodeJS HTTP - listen on other port than 80
Django/Mod_WSGI 'client denied by server configuration'
What's a good Flask/Python/WSGI analog to the PHP Apache shared memory stores like apc_store/apc_fetch?
Apache Config - Exclude Location from Authentication
Laravel htaccess issue
apache httpclient logs passwords in cleartext when debug logging is turned on
How to parse a none standard HTTP response?
How to check for incomplete POST request in PHP
Where can I download php5apache2_2.dll? [closed]
Streaming mp4 in Chrome with rails, nginx and send_file
Ambiguous compilation error with Maven and apache utils
Invalid token issuer when running keycloak behind proxy
Apache 2 mod_rewrite and PHP. Modify $_SERVER['REQUEST_URI'] value from htaccess?
Apache: Using reverse proxy and run local website
Webview Localhost Connection refused using 10.0.2.2 address
nginx/apache redirection for output port on docker container on vps
PHP 7 - Unsupported declare 'strict_types'
How to host multiple domains and subdomains on single AWS EC2 instance

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!