Ping a Specific Port

Question

HoverHell

Asked: 2011-04-07 00:25:23 +0800 CST2011-04-07 00:25:23 +0800 CST 2011-04-07 00:25:23 +0800 CST

Same set of virtualhosts over https and http (with apache2 or nginx)

772

How can I set up apache2 (or nginx, possibly) to serve the same set of virtual hosts over both HTTP and HTTPS?

The certificate part is not the problem — all virtual hosts are inside one subdomain and I use a wildcard certificate for it.

I'm thinking of using proxypass for it, but, first, it seems slightly ineffective and, second, I'm not sure whether it would be secure (i.e. so that server cannot be asked over HTTPS for some irrelevant host); and I don't (yet) see how this can be set up in apache anyway.

EDIT: Duplication of configuration parts is undesirable, i.e. it is still a last-resort solution.

4 Answers

Voted

chrishiestand · Answer 1 · 2011-04-07T02:35:11+08:00

chrishiestand

2011-04-07T02:35:11+08:002011-04-07T02:35:11+08:00

First configure apache to listen to both http and http ports using the Listen directive.

Then, set your NameVirtualHost directive(s) and Virtual Hosts. Apache Docs on Virtual Host setup

Probably what you will do is duplicate your VirtualHost sections like so:

<VirtualHost *:80>
ServerName www.domain.tld
ServerAlias domain.tld *.domain.tld
DocumentRoot /www/domain
</VirtualHost>

<VirtualHost *:443>
ServerName www.domain.tld
ServerAlias domain.tld *.domain.tld
DocumentRoot /www/domain
</VirtualHost>

0

HampusLi · Answer 2 · 2011-04-07T04:38:11+08:00

HampusLi

2011-04-07T04:38:11+08:002011-04-07T04:38:11+08:00

Stick the Vhost config in an .inc file. and have

$ cat mysite.inc
ServerName www.domain.tld
DocumentRoot /www/domain
.....

$ cat mysite.conf
<VirtualHost *:80>
 Include conf/mysite.inc
</VirtualHost>

<VirtualHost *:443>
 SSLEngine on
 SSLCertificateFile bla
 SSLCertificateKeyFile bla
 SSLCertificateChainFile bla
 Include conf/mysite.inc
</VirtualHost>

Note that you can't have server aliases with SSL, at least not very easily. You can work around this with wildcard certificates and/or multiple CN's

0

mdorman · Answer 3 · 2011-04-07T04:54:53+08:00

mdorman

2011-04-07T04:54:53+08:002011-04-07T04:54:53+08:00

<VirtualHost *:80 *:443> will work syntactically (as would <VirtualHost *:*>).

I'm assuming from your comment about having a wild-card cert and everything you're serving being in subdomains that you know that SSL and name-based virtual hosts don't always mix well.

0

HoverHell · Answer 4 · 2011-04-08T05:03:52+08:00

Best Answer

HoverHell

2011-04-08T05:03:52+08:002011-04-08T05:03:52+08:00

After all, I've configured it on nginx with

server {
    include common_listen.conf;

in each virtual host and common_listen.conf:

listen [::]:80;
listen [::]:443 ssl;

(which seems to require nginx 0.8.x) and ssl_certificate in base config.

Using listen 443 default ssl; multiple times seems to be incorrect in nginx.

Somewhat related questions are: nginx HTTPS serving with same config as HTTP, Does Nginx need a unique ip address for every site served over HTTPS like Apache? (though in my case SNI is unnecessary).

0

Same set of virtualhosts over https and http (with apache2 or nginx)

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?