MAMP 2 Multiple VirtualHosts with SSL

Question

I'm currently running into trouble configuring MAMP 2 to use SSL with multiple virtual hosts (it is working fine with one). In my case, it will only provide an SSL connection for the first vhost listed in the https-ssl.conf file.

In my httpd-vhosts.conf file, I have several vhosts setup like:

<VirtualHost *:80> 
    DocumentRoot "/Users/me/sites/something/" 
    ServerName something.local 
</VirtualHost>
<VirtualHost *:80> 
    DocumentRoot "/Users/me/sites/else/" 
    ServerName else.local 
</VirtualHost>

In my https-ssl.conf file, I have several vhosts setup like:

<VirtualHost *:443>
    DocumentRoot "/Users/me/sites/something"
    ServerName something.local:443
    ServerAdmin [email protected]
    ErrorLog "/Applications/MAMP/Library/logs/error_log"
    TransferLog "/Applications/MAMP/Library/logs/access_log"

    SSLEngine on

    #   SSL Cipher Suite:
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

    #   Server Certificate:
    SSLCertificateFile "/Applications/MAMP/conf/apache/server.crt"
    #SSLCertificateFile "/Applications/MAMP/conf/apache/server-dsa.crt"

    #   Server Private Key:
    SSLCertificateKeyFile "/Applications/MAMP/conf/apache/server.key"
    #SSLCertificateKeyFile "/Applications/MAMP/conf/apache/server-dsa.key"

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory "/Applications/MAMP/Library/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    #   SSL Protocol Adjustments:
    BrowserMatch ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0

    #   Per-Server Logging:
    CustomLog "/Applications/MAMP/Library/logs/ssl_request_log" \
                  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>  
<VirtualHost *:443>
    DocumentRoot "/Users/me/sites/else"
    ServerName else.local:443
    ServerAdmin [email protected]
    ErrorLog "/Applications/MAMP/Library/logs/error_log"
    TransferLog "/Applications/MAMP/Library/logs/access_log"


    ........add'l config deleted......
</VirtualHost>  

It always works that first vhost listed in https-ssl.conf is provided SSL support, but not any listed after it (https://something.local would work, but not https://else.local)

Any help would be appreciated!

Answer 1

You can only have one HTTPS host per IP - this a limit of HTTPS. Try <VirtualHost ip.ad.dr.es:443> for the different IPs to get a HTTPS host on each.

Answer 2

The .conf file in the original question was close but not quite there...

In order for Apache to recognize different virual hosts over SSL you need to use NameVirtualHost and turn off "Strict SNI". Essentially, you need the following at the top of your httpd-ssl.conf file:

# Ensure that Apache listens on port 443
Listen 443

# Listen for virtual host requests on all IP addresses
NameVirtualHost *:443

# Go ahead and accept connections for these vhosts
# from non-SNI clients
SSLStrictSNIVHostCheck off

and then make sure each of your vhost nodes are declared with the following tag:

<VirtualHost *:443>

Note : The browser you're using also needs to support SNI.

All of this was taken from this page in the Apache docs: https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI