# Apache 2.0 to 2.2 pb with vhosts

## ZeLegolas

Hi,

I migratred from apache 2.0 to apache 2.2.

Now with the vhost scripts : All request are handled through the first virtual host, and I can't access the following virtual hosts. With apache 2.0 those scripts worked perfectly.

Example  of configuration :

First site /etc/apache2/vhosts.d/01_site1.conf

```
<VirtualHost *:80>

 ServerName FirstSite.com

 DocumentRoot "/var/www/firstsite"

 RewriteEngine On

 RewriteCond %{HTTPS} !=on

 RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

</VirtualHost>

<VirtualHost *:443>

 ServerName firstSite.com

 DocumentRoot "/var/www/firstsite"

 <IfModule ssl_module>

  CustomLog /var/log/apache2/firstsite.com.ssl.log combined

  SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

  SSLEngine on

  SSLCertificateFile /etc/apache2/ssl/server.crt

  SSLCertificateKeyFile /etc/apache2/ssl/server.pem

 </IfModule>

 <IfModule itk.c>   

   MaxClientsVHost 50

 </IfModule>

 Alias "/alias1" "/var/www/alias1"

 <Directory "/var/www/alias1">

    AllowOverride None

    Order allow,deny

    Allow from all

    AuthType Basic

    AuthName "Application 1"

    AuthUserFile /var/pass/alias1.pass

    Require valid-user

 </Directory>

</VirtualHost>

```

Second site /etc/apache2/vhosts.d/02_site2.conf

```
 <VirtualHost *:80>

 ServerName SecondSite.com

 DocumentRoot "/var/www/secondsite"

 RewriteEngine On

 RewriteCond %{HTTPS} !=on

 RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

</VirtualHost>

<VirtualHost *:443>

 ServerName SecondSite.com

 DocumentRoot "/var/www/secondsite"

 <IfModule ssl_module>

  CustomLog /var/log/apache2/secondsite.com.ssl.log combined

  SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP

  SSLEngine on

  SSLCertificateFile /etc/apache2/ssl/server.crt

  SSLCertificateKeyFile /etc/apache2/ssl/server.pem

 </IfModule>

 <IfModule itk.c>   

   MaxClientsVHost 50

 </IfModule>

 Alias "/alias2" "/var/www/alias2"

 <Directory "/var/www/alias2">

    AllowOverride None

    Order allow,deny

    Allow from all

    AuthType Basic

    AuthName "Application 2"

    AuthUserFile /var/pass/alias2.pass

    Require valid-user

 </Directory>

</VirtualHost>
```

Any idea?Last edited by ZeLegolas on Fri Jul 06, 2007 4:32 am; edited 1 time in total

----------

## elgato319

Is

 *Quote:*   

> Include /etc/apache2/vhosts.d/*.conf

 

set in httpd.conf?

----------

## pdr

Check /etc/conf.d/apache2; in particular I think that APACHE2_OPTS has "-D DEFAULT_VHOST" by default..

----------

## ZeLegolas

 *elgato319 wrote:*   

> Is
> 
>  *Quote:*   Include /etc/apache2/vhosts.d/*.conf 
> 
> set in httpd.conf?

 

Yes it's set.

----------

## ZeLegolas

 *pdr wrote:*   

> Check /etc/conf.d/apache2; in particular I think that APACHE2_OPTS has "-D DEFAULT_VHOST" by default..

 

If I actived "-D DEFAULT_VHOST" I lost access to my vhosts. 

And without DEFAULT_VHOST I must to add those lines in /etc/apache2/httpd.conf :

```
...

Listen 80

Listen 443

...

```

For information :

Version of Apache :

```
# emerge -pv apache

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   R   ] net-www/apache-2.2.4-r7  USE="doc ldap ssl -debug -mpm-event -mpm-itk -mpm-peruser -mpm-prefork -mpm-worker -no-suexec (-selinux) -static-modules -threads" 0 kB

Total: 1 package (1 reinstall), Size of downloads: 0 kB

```

In /etc/apache2/httpd.conf :

```

...

# Supplemental configuration

#

# The configuration files in the /etc/apache2/modules.d/ directory can be

# turned on using APACHE2_OPTS in /etc/conf.d/apache2 to add extra features

# or to modify the default configuration of the server.

# To know which flag to add to APACHE2_OPTS, look at the first line of the

# the file, which will usually be an <IfDefine OPTION> where OPTIONS is the

# flag to use.

Include /etc/apache2/modules.d/*.conf

# Virtual-host support

#

# Gentoo has made using virtual-hosts easy. In the vhosts.d we include

# a default vhost (enabled by adding -D DEFAULT_VHOST to

# APACHE2_OPTS in /etc/conf.d/apache2), and an example virtual host

# to use as a template for creating your own virtual host.

Include /etc/apache2/vhosts.d/*.conf

# vim: ts=4 filetype=apache

```

Files under /etc/apache2

```
# ls -l /etc/apache2

total 33K

-rw-r--r-- 1 root root 2.6K Jul  2 07:01 apache2-builtin-mods

-rw-r--r-- 1 root root 8.5K Jul  6 00:24 httpd.conf

-rw-r--r-- 1 root root  13K Jul  2 07:01 magic

drwxr-xr-x 3 root root  800 Jul  6 00:14 modules.d

drwxr-xr-x 3 root root  240 Jul  4 01:00 ssl

drwxr-xr-x 3 root root  360 Jul  6 00:21 vhosts.d

```

Files under /etc/apache2/modules.d

```
# ls -l /etc/apache2/modules.d

total 84K

-rw-r--r-- 1 root root  895 Jul  2 07:01 00_apache_manual.conf

-rw-r--r-- 1 root root 2.8K Jul  2 07:01 00_autoindex.conf

-rw-r--r-- 1 root root 2.7K Jul  2 07:01 00_default_settings.conf

-rw-r--r-- 1 root root 2.6K Jul  2 07:01 00_error_documents.conf

-rw-r--r-- 1 root root 5.0K Jul  2 07:01 00_languages.conf

-rw-r--r-- 1 root root 1.2K Jul  2 07:01 00_mod_info.conf

-rw-r--r-- 1 root root 2.0K Jul  2 07:01 00_mod_log_config.conf

-rw-r--r-- 1 root root 2.3K Jul  2 07:01 00_mod_mime.conf

-rw-r--r-- 1 root root 1.1K Jul  2 07:01 00_mod_userdir.conf

-rw-r--r-- 1 root root 2.8K Jul  2 07:01 00_mpm.conf

-rw-r--r-- 1 root root 1.1K May 12 17:21 16_mod_python.conf

-rw-r--r-- 1 root root 2.6K Jul  4 07:03 40_mod_ssl.conf

-rw-r--r-- 1 root root 8.1K Jul  4 01:15 41_mod_ssl.default-vhost.conf

-rw-r--r-- 1 root root 1.5K Jul  2 07:01 45_mod_dav.conf

-rw-r--r-- 1 root root  664 Jul  2 07:01 46_mod_ldap.conf

-rw-r--r-- 1 root root 1.5K Jul  2 10:49 47_mod_dav_svn.conf

-rw-r--r-- 1 root root  485 Jan  4 22:48 70_mod_php.conf

-rw-r--r-- 1 root root  493 Jul  2 07:26 70_mod_php5.conf

```

Files under /etc/apache2/vhosts.d

```

# ls -l /etc/apache2/vhosts.d

total 32K

-rw-r--r-- 1 root root 7.6K Jul  6 00:15 00_default_ssl_vhost.conf

-rw-r--r-- 1 root root 1.5K Jul  2 20:45 00_default_vhost.conf

-rw-r--r-- 1 root root 9.4K Jul  4 07:07 01_site1.conf

-rw-r--r-- 1 root root 2.0K Jul  4 07:08 02_site2.conf

-rw-r--r-- 1 root root 3.2K Jul  2 19:39 default_vhost.include

```

----------

## ZeLegolas

When I check the configuration:

```
# apache2 -S

[Sat Jul 07 08:01:27 2007] [warn] The Alias directive in /etc/apache2/vhosts.d/02_site2.conf at line 49 will probably never match because it overlaps an earlier Alias.

[Sat Jul 07 08:01:27 2007] [warn] The Alias directive in /etc/apache2/vhosts.d/02_site2.conf at line 65 will probably never match because it overlaps an earlier Alias.

[Sat Jul 07 08:01:27 2007] [warn] _default_ VirtualHost overlap on port 443, the first has precedence

[Sat Jul 07 08:01:27 2007] [warn] _default_ VirtualHost overlap on port 80, the first has precedence

VirtualHost configuration:

wildcard NameVirtualHosts and _default_ servers:

*:80                   FirstSite.com (/etc/apache2/vhosts.d/01_site1.conf:1)

*:443                  FirstSite.com (/etc/apache2/vhosts.d/01_site1.conf:16)

*:80                   SecondSite.com (/etc/apache2/vhosts.d/02_site2.conf:1)

*:443                  SecondSite.com (/etc/apache2/vhosts.d/02_site2.conf:16)

Syntax OK

```

It's like ServerName is detect but ignore. 

May be something is missing...

Any Ideas? Suggestions? Anything?

----------

## ZeLegolas

I checked /var/log/apache2/error_log and I found

```
[Sat Jul 07 20:27:53 2007] [warn] Init: SSL server IP/port conflict: FirstSite.com:443 (/etc/apache2/vhosts.d/01_site1.conf:16) vs. SecondSite.com:443 (/etc/apache2/vhosts.d/02_site2.conf:16)

[Sat Jul 07 20:27:53 2007] [warn] Init: You should not use name-based virtual hosts in conjunction with SSL!!

```

Is it true? We can not use name-based virtual hosts in conjunction with SSL with Apache 2.2?!?!?!?

----------

## elgato319

I´m gonna update my apache 2.0 with vhosts/ssl today too.

Will report if anything goes wrong  :Smile: 

----------

## pdr

You cannot use vhosts with SSL.

The reason is that the headers in the request are also encrypted and vhosts work by apache using the "Host: abc.com" header to tell which virtual host to use. Since it is encrypted, apache would have to decrypt it first to tell which vhost to use - but if the SSL is in a vhost it cannot decrypt it until it knows which vhost to use.. So basically it becomes a "I cannot tell which vhost to use until I decrypt, but I cannot tell how to decrypt until I know which vhost to use.." kind of problem.

----------

## elgato319

Just finished updateing apache 2.0 to 2.2, everything seems to work instead ssl on vhosts

 *Quote:*   

> 
> 
> You cannot use vhosts with SSL. 

 

It DID work on apache 2.0.

www.domain.com - no ssl

mail.domain.com - webinterface for emails with ssl only

noc.domain.com - phpmyadmin, etc with and without ssl#

apache manual says:

 *Quote:*   

> 
> 
> http://httpd.apache.org/docs/2.2/en/vhosts/name-based.html
> 
> Name-based virtual hosting cannot be used with SSL secure servers because of the nature of the SSL protocol.
> ...

 

Maybe it was some strange bug in apache 2.0?

 *Quote:*   

> 
> 
> Why can't I use SSL with name-based/non-IP-based virtual hosts?
> 
> The reason is very technical, and a somewhat "chicken and egg" problem. The SSL protocol layer stays below the HTTP protocol layer and encapsulates HTTP. When an SSL connection (HTTPS) is established Apache/mod_ssl has to negotiate the SSL protocol parameters with the client. For this, mod_ssl has to consult the configuration of the virtual server (for instance it has to look for the cipher suite, the server certificate, etc.). But in order to go to the correct virtual server Apache has to know the Host HTTP header field. To do this, the HTTP request header has to be read. This cannot be done before the SSL handshake is finished, but the information is needed in order to complete the SSL handshake phase. Bingo!
> ...

 

----------

