Home / server / Questions / 545936
In Process
pbies
Asked: 2013-10-15 11:26:58 +0800 CST

Setting two https on one IP, two domains also

  • 772

I have two domains and one IP. Both domains listen on port 80. Also on port 443 listen one of the domains (from these two). But there is also possibility to access one of the domains only by IP. I blocked the IP on port 80 and this is fine. Problem now is, that using https (port 443) and IP anyone can access page from one of the domains. How can I separate two domains from IP access?

domain1 listens on 80 only - this is ok
domain2 listens on 80 and 443 - this is ok
IP listens on 80 and 443 but must be blocked - don't know how to set it

There is set one VirtualHost for 443, but trying the second is not accepted by apache. Everything is set on apache2 working on Raspberry Pi (Raspbian).

EDIT

What I have is:

ports.conf file:

ServerName localhost
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
    NameVirtualHost *:443
    ServerName 1st_domain.pl
    Listen 443
</IfModule>

ip.addr.file:

<VirtualHost *:80>
    ServerName my.ip.address.here
    ServerAlias my.ip.address.here
    <Directory /*>
        Deny from all
    </Directory>
</VirtualHost>

1st_domain file:

<VirtualHost *:80>
    ServerName 1st_domain.pl
    ServerAlias www.1st_domain.pl
    ...
</VirtualHost>
<VirtualHost *:443>
    ServerName 1st_domain.pl
    ServerAlias www.1st_domain.pl
    ...
    SSLEngine on
    SSLCertificateFile ...crt
    SSLCertificateKeyFile ...key
</VirtualHost>

2nd_domain file:

<VirtualHost *:80>
    ServerName 2nd_domain.pl
    ServerAlias www.2nd_domain.pl
    ...
</VirtualHost>
apache-2.2

2 Answers

  1. If you want only one domain accessible via HTTPS, configure the virtual host listening on port 443 to only handle that domain.

    The virtualhosts I would use are:

    • domain 1 on port 80: accessible by name or IP address (also handles all invalid domains)
    • domain 2 on port 80: accessible only by name
    • domain 2 on port 443: responds to all HTTPS requests

    You can use a default domain on port 443 using the ssl keys for the domain you are serving to catch requests for other domains. (If you want to host multiple HTTPS domains on one IP you can use aliases on the certificate. I haven't managed to get certificate negotiation to work.)

    If you don't want to serve responses to requests without a Host header, create a default virtualhost and have it fail all requests. This can be done with modRewrite, or by basing the domain in a directory the server can't read.

    • 1

  2. hard to explain without seeing your exact configs, but;

    have a look at http://httpd.apache.org/docs/2.2/vhosts/examples.html which explains quite well.

    # Ensure that Apache listens on port 80
Listen 80
Listen 443

<VirtualHost *:443>
DocumentRoot /www/example1
ServerName www.example.com

# Other directives here

</VirtualHost>

<VirtualHost *:80>
DocumentRoot /www/example1
ServerName www.example.com

# Other directives here

</VirtualHost>

<VirtualHost *:80>
DocumentRoot /www/example2
ServerName www.example.org

# Other directives here

</VirtualHost>
    • 0