# Apache2, HTTPS, and IP-based virtual hosts

## adamtheo

Hello, all. I'm trying to configure a domain name with Apache2 to have http+ssl ability. This domain name will be an IP-based virtual host, so that I can host multiple domains in the future, each with their own SSL abilities. I'm running into problems, and this is the closest I've gotten: I can connect on https (ssl), and have the SSL cert exchange and receive the web pages correctly. SSL works with the following configs, but regular HTTP does not. I do not receive any errors, just a blank web page with only the basic HTML (no title and empty body).

Here's the Virtual Host section (in two, one for HTTP, another for HTTPS) in commonapache2.conf:

```

### Theoretic's HTTP Virtual Host

<VirtualHost 66.45.74.31:80>

        ServerAdmin root@theoretic.com

        DocumentRoot /var/www/theoretic

        ServerName www.theoretic.com

        ServerAlias theoretic.com *.theoretic.com

<IfModule mod_dir.c>

        DirectoryIndex Home.html index.html index.php

</IfModule>

<IfModule mod_ssl.c>

        SSLEngine on

        SSLCertificateFile /usr/share/openssl/theoretic/public.pem

        SSLCertificateKeyFile /usr/share/openssl/theoretic/http.pem

</IfModule>

#<IfModule mod_log_config.c>

#       LogFormat

#</IfModule>

<IfModule mod_alias.c>

        Alias / "/var/www/theoretic/"

        Alias /icons/ /var/www/localhost/icons/

        Alias /doc /usr/share/doc

        ScriptAlias /bin/ "/var/www/theoretic/bin/"

</IfModule>

<Location /status>

        SetHandler server-status

</Location>

<Directory /var/www/theoretic>

        Options FollowSymLinks +Includes

        AllowOverride None

        Allow from all

</Directory>

<Directory "/var/www/theoretic/bin">

        Options +ExecCGI

        SetHandler cgi-script

        Allow from all

        AllowOverride All

</Directory>

<Directory "/var/twiki/theoretic">

        Deny from all

</Directory>

<Directory "/usr/share/twiki/templates">

        Deny from all

</Directory>

</VirtualHost>

### Theoretic's HTTPS Virtual Host.

<IfModule mod_ssl.c>

<VirtualHost 66.45.74.31:443>

       ServerAdmin root@theoretic.com

       DocumentRoot /var/www/theoretic

       ServerName theoretic.com

       ServerAlias theoretic.com *.theoretic.com

       SSLEngine on

       SSLCertificateFile /usr/share/openssl/theoretic/public.pem

       SSLCertificateKeyFile /usr/share/openssl/theoretic/http.pem

<IfModule mod_dir.c>

       DirectoryIndex Home.html index.html index.php

</IfModule>

<IfModule mod_alias.c>

       Alias / "/var/www/theoretic/"

       Alias /icons/ /var/www/localhost/icons/

       Alias /doc /usr/share/doc

       ScriptAlias /bin/ "/var/www/theoretic/bin/"

</IfModule>

<Location /status>

       SetHandler server-status

</Location>

<Directory /var/www/theoretic>

       Options FollowSymLinks +Includes

       AllowOverride None

       Allow from all

</Directory>

<Directory "/var/www/theoretic/bin">

       Options +ExecCGI

       SSLOptions +StdEnvVars

       SetHandler cgi-script

       Allow from all

       AllowOverride All

</Directory>

<Directory "/var/twiki/theoretic">

       Deny from all

</Directory>

<Directory "/usr/share/twiki/templates">

       Deny from all

</Directory>

</VirtualHost>

</IfModule>

```

And here is my modules.d/40_mod_ssl.conf

```

<IfDefine SSL>

  <IfModule !mod_ssl.c>

    LoadModule ssl_module    extramodules/mod_ssl.so

  </IfModule>

</IfDefine>

<IfModule mod_ssl.c>

Listen 443

<IfModule mod_mime.c>

AddType application/x-x509-ca-cert .crt

AddType application/x-pkcs7-crl    .crl

</IfModule>

SSLPassPhraseDialog  builtin

SSLSessionCache         shm:logs/ssl_scache(128000)

SSLSessionCacheTimeout  300

SSLMutex  file:logs/ssl_mutex

SSLRandomSeed startup builtin

SSLRandomSeed connect builtin

</IfModule>

```

Here is my apache2.conf:

```

### /etc/apache2/conf/apache2.conf

### $Id: apache2.conf,v 1.3 2003/09/25 02:20:48 woodchip Exp $

###

### Main Configuration Section

### You really shouldn't change these settings unless you're a guru

###

ServerRoot /etc/apache2

#ServerName localhost

#LockFile /etc/apache2/apache2.lock

#PidFile /var/run/apache2.pid

ErrorLog syslog

LogLevel debug

DocumentRoot /var/www/theoretic

### Dynamic Shared Object (DSO) Support

###

### You should always leave these three, as they are needed for normal use.

### mod_access (Order, Allow, etc..)

### mod_log_config (Transferlog, etc..)

### mod_mime (AddType, etc...)

###

LoadModule access_module                 modules/mod_access.so

LoadModule auth_module                   modules/mod_auth.so

LoadModule auth_anon_module              modules/mod_auth_anon.so

LoadModule auth_dbm_module               modules/mod_auth_dbm.so

LoadModule auth_digest_module            modules/mod_auth_digest.so

LoadModule include_module                modules/mod_include.so

LoadModule log_config_module             modules/mod_log_config.so

LoadModule env_module                    modules/mod_env.so

LoadModule mime_magic_module             modules/mod_mime_magic.so

LoadModule cern_meta_module              modules/mod_cern_meta.so

LoadModule expires_module                modules/mod_expires.so

LoadModule headers_module                modules/mod_headers.so

LoadModule usertrack_module              modules/mod_usertrack.so

LoadModule unique_id_module              modules/mod_unique_id.so

LoadModule setenvif_module               modules/mod_setenvif.so

LoadModule proxy_module                  modules/mod_proxy.so

LoadModule proxy_connect_module          modules/mod_proxy_connect.so

LoadModule proxy_ftp_module              modules/mod_proxy_ftp.so

LoadModule proxy_http_module             modules/mod_proxy_http.so

LoadModule mime_module                   modules/mod_mime.so

LoadModule status_module                 modules/mod_status.so

LoadModule autoindex_module              modules/mod_autoindex.so

LoadModule asis_module                   modules/mod_asis.so

LoadModule info_module                   modules/mod_info.so

LoadModule cgi_module                    modules/mod_cgi.so

LoadModule cgid_module                   modules/mod_cgid.so

LoadModule vhost_alias_module            modules/mod_vhost_alias.so

LoadModule negotiation_module            modules/mod_negotiation.so

LoadModule dir_module                    modules/mod_dir.so

LoadModule imap_module                   modules/mod_imap.so

LoadModule actions_module                modules/mod_actions.so

LoadModule speling_module                modules/mod_speling.so

LoadModule userdir_module                modules/mod_userdir.so

LoadModule alias_module                  modules/mod_alias.so

LoadModule rewrite_module                modules/mod_rewrite.so

###

### New Modules for 2.0 (some are experimental)

###

LoadModule file_cache_module             modules/mod_file_cache.so

LoadModule echo_module                   modules/mod_echo.so

LoadModule charset_lite_module           modules/mod_charset_lite.so

LoadModule cache_module                  modules/mod_cache.so

LoadModule disk_cache_module             modules/mod_disk_cache.so

LoadModule mem_cache_module              modules/mod_mem_cache.so

LoadModule ext_filter_module             modules/mod_ext_filter.so

LoadModule case_filter_module            modules/mod_case_filter.so

LoadModule case_filter_in_module         modules/mod_case_filter_in.so

LoadModule deflate_module                modules/mod_deflate.so

#LoadModule optional_hook_export_module   modules/mod_optional_hook_export.so

#LoadModule optional_hook_import_module   modules/mod_optional_hook_import.so

#LoadModule optional_fn_import_module     modules/mod_optional_fn_import.so

#LoadModule optional_fn_export_module     modules/mod_optional_fn_export.so

#LoadModule bucketeer_module              modules/mod_bucketeer.so

LoadModule logio_module                  modules/mod_logio.so

```

I have daemontools starting apache2 with "-D PHP -D SSL -D NO_DETATCH"

And here are the last few lines of my apache log:

 *Quote:*   

> 
> 
> Jan 31 07:44:27 mathaw apache2[16583]: [info] Init: Initializing OpenSSL library
> 
> Jan 31 07:44:27 mathaw apache2[16583]: [info] Init: Seeding PRNG with 136 bytes of entropy
> ...

 

Any help would be great, thanks.

----------

## bcressey

 *Quote:*   

> 
> 
> Trying [IP address]...
> 
> Connected to [IP address].
> ...

 

Results of telnetting to your host on port 80. 

You need to remove the following chunk from your non-SSL vhost:

 *Quote:*   

> 
> 
> <IfModule mod_ssl.c> 
> 
>         SSLEngine on 
> ...

 

This is so you don't turn on SSL for non-SSL connections.

(Edited to remove the references to your hostname in your config section.)

----------

## adamtheo

Thanks, bcressey! That was the solution. I forgot all about that section, thinking I had commented it out already.

----------

## adamtheo

Here's my final result for those having the same problem:

Instead of using the vhost.conf file, I have put each virtual host in a seperate file, for easy maintainability (you could easily lump all the virt hosts in the same file as default Gentoo does, though).

 *Quote:*   

> 
> 
> /etc/apache2/conf/theoretic.conf
> 
> <VirtualHost 66.45.74.31:80>
> ...

 

 *Quote:*   

> 
> 
> /etc/apache2/conf/theoretic.ssl.conf
> 
> <VirtualHost 66.45.74.31:443>
> ...

 

----------

## smukec

I've got a similar problem and solved somehow.

But now I don't get local characters correctly. Well, I get them if I connect https, but not for http.

I have a fixed IP on the router and then port 80 and 443 natstatic to internal ip. Currently I test it internally.

----------

