How do you setup a single Apache2 config to host multiple HTTPS sites each on their own IP address? There will also be multiple HTTP sites on just a single IP address.
I do not want to use Server Name Indication (SNI) as described here, and I'm only concerned with the important top-level Apache directives. That is, I just need to know the skeleton of how my config should look.
The basic setup looks like this:
Hosted on 1.1.1.1:80 (HTTP)
- example.com
- example.net
- example.org
Hosted on 2.2.2.2:443 (HTTPS)
- secure.com
Hosted on 3.3.3.3:443 (HTTPS)
- secure.net
Hosted on 4.4.4.4:443 (HTTPS)
- secure.org
And here are the important config directives I have so far, which is the closest I've come to a working iteration, but still no dice. I know I'm close, just need a little push in the right direction.
Listen 1.1.1.1:80
Listen 2.2.2.2:443
Listen 3.3.3.3:443
Listen 4.4.4.4:443
NameVirtualHost 1.1.1.1:80
NameVirtualHost 2.2.2.2:443
NameVirtualHost 3.3.3.3:443
NameVirtualHost 4.4.4.4:443
# HTTP VIRTUAL HOSTS:
<VirtualHost 1.1.1.1:80>
ServerName example.com
DocumentRoot /home/foo/example.com
</VirtualHost>
<VirtualHost 1.1.1.1:80>
ServerName example.net
DocumentRoot /home/foo/example.net
</VirtualHost>
<VirtualHost 1.1.1.1:80>
ServerName example.org
DocumentRoot /home/foo/example.org
</VirtualHost>
# HTTPS VIRTUAL HOSTS:
<VirtualHost 2.2.2.2:443>
ServerName secure.com
DocumentRoot /home/foo/secure.com
SSLEngine on
SSLCertificateFile /home/foo/ssl/secure.com.crt
SSLCertificateKeyFile /home/foo/ssl/secure.com.key
SSLCACertificateFile /home/foo/ssl/ca.txt
</VirtualHost>
<VirtualHost 3.3.3.3:443>
ServerName secure.net
DocumentRoot /home/foo/secure.net
SSLEngine on
SSLCertificateFile /home/foo/ssl/secure.net.crt
SSLCertificateKeyFile /home/foo/ssl/secure.net.key
SSLCACertificateFile /home/foo/ssl/ca.txt
</VirtualHost>
<VirtualHost 4.4.4.4:443>
ServerName secure.org
DocumentRoot /home/foo/secure.org
SSLEngine on
SSLCertificateFile /home/foo/ssl/secure.org.crt
SSLCertificateKeyFile /home/foo/ssl/secure.org.key
SSLCACertificateFile /home/foo/ssl/ca.txt
</VirtualHost>
For what it's worth, I prefer to have each of my SSL sites on their own IP instead of including one of them on the primary VHOST IP. Any links which show a standard setup would be more than welcome!
Restart Apache, don't reload. Newly configured SSL certs aren't loaded in on a reload.
Drop the
NameVirtualHost ...:443
directives; you'd only want them if you were doing SNI.And yeah, keep the
NameVirtualHost 1.1.1.1:80
directive, your port 80 hosts need that for requests to be routed based on host header.