Virtual Hosting in SSL with VirtualDocumentRoot

Question

I do my dev work on an ubuntu 16.04 VM

As I work on a number of projects, to make my life easier I use VirtualDocumentRoot and the hosts file to server sites from my home folder using *.dev domains:

In 000-default.conf I have:

<VirtualHost *:80>
  VirtualDocumentRoot  /home/steve/websites/%-2/%-2/public_html
  ServerAlias *.dev
</VirtualHost>

then in hosts I have the various sites I'm working on:

127.0.0.1   somesite.dev
127.0.0.1   another.dev
127.0.0.1   athirdone.dev
127.0.0.1   blog.athirdone.dev

That way, when I add a new project I just need to create the correct folder structure in the websites directory and add a line to hosts, eg if I want to work on a new project somecoolproject.dev, I just add a folder:

/home/steve/websites/somecoolproject/somecoolproject/public_html

and a line in hosts:

127.0.0.1    somecoolproject.dev

And I'm good to go.

Anyway, pretty much everything I work on now runs over https, and many of the projects have code to enforce this, either in the source code or htaccess etc, making it a pain to work on dev copies.

I would like to create a self-signed cert on my dev machine, and ideally in a way that i dont need to generate a new one for every project, so some kind of wildcard *.dev would be great.

But even if I do need to create a new one for each project, I still can't work out how to install it with my setup - everything I find presumes a fixed document and hardcoded servername.

Answer 1

If I understand the requirements correctly, you want to know:

• how to generate an wildcard SSL cert for *.dev
• how to configure apache locally with a configuration that would allow server any *.dev domain over SSL/TLS w/o changing the configuration as new *.dev domains are created.

If I understood this correctly, this is certainly doable.

How will it work: SNI - server name indication, a TLS protocol extension, in which, the hostname is passed when establishing the TLS connection, BEFORE HTTP data (like the host header) is available. All the popular web browsers, curl, all of the popular webservers support it.

Steps:

First. Generate the cert:

mindaugas@mindaugas-ubuntu-14:/usr/local/apache2/conf$ sudo openssl req        -newkey rsa:2048 -nodes -keyout domain.key -x509 -days 365 -out domain.crt
Generating a 2048 bit RSA private key
.............+++
..................+++
writing new private key to 'domain.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:*.dev
Email Address []:

The key part is:

Common Name (e.g. server FQDN or YOUR name) []:*.dev

Second.

Server configuration:

Listen 443

<VirtualHost *:443>
  SSLEngine on
  SSLCertificateFile "/usr/local/apache2/conf/domain.crt"
  SSLCertificateKeyFile "/usr/local/apache2/conf/domain.key"

  VirtualDocumentRoot /home/mindaugas/websites/%-2/pubic/
  ServerAlias *.dev
  <Directory "/">
      Options Indexes FollowSymLinks MultiViews
      AllowOverride All
      Allow from All
      Require all granted
  </Directory>
</VirtualHost>

Enable ssl and restart apache:

sudo a2enmod ssl
sudo service apache2 restart

You can test this by:

• creating two document file structures;
• populating them w/ a simple HTML page;
• issuing requests by providing the domain - ip mapping in the hosts file OR, as I did it, w/ "Modify headers" plugin, by issuing different hosts headers when needed: