Apache2, vhosts and SSL

Question

My setup:
site1.com | Port 80
site2.com | Port 80
panel.site1.com | Rewrites port 80 traffic to 443

This works until someone tries https:// site[x].com and the server redirects them to my panel. I need this panel to be open to the ~100 people who will use it, but I don't want the wrong people stumbling across it.

I've tried adding:

<VirtualHost *:443>
    ServerAdmin me@email
    ServerName site1.com
    ServerAlias www.site1.com

    RewriteEngine On
    RewriteCond %{HTTPS} on
    RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

to the vhost of site1.com, but it still returns the control panel. I believe this is because the certs are checked before Apache vhost rules are applied, but I'm not really sure. Is there a fix for this or is it simply the limitations of Apache2+SSL?

Answer 1

Apache document states that.

If no matching ServerName or ServerAlias is found in the set of virtual hosts containing the most specific matching IP address and port combination, then the first listed virtual host that matches that will be used.

And so looks like you have kept the <VirtualHost> section of panel.site1.com on top of all other virtual host section. Because of this, requests for https://site[x].com will land in it, and so the issue is not related to SSL.

Update:

You can try below configuration and it should work.

<VirtualHost *:80>
    ServerName www.site1.com
    ServerAlias site1.com
    DocumentRoot /var/www/site1

    RewriteEngine on
    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP_HOST} ^panel.site1.com
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
</VirtualHost>

<VirtualHost *:80>
    ServerName www.site2.com
    ServerAlias site2.com
    DocumentRoot /var/www/site2
</VirtualHost>

<VirtualHost *:443>
    ServerName panel.site1.com
    DocumentRoot /var/www/panel
    SSLEngine on
    SSLOptions +StrictRequire
    SSLCertificateFile /opt/apache1/conf/server.crt
    SSLCertificateKeyFile /opt/apache1/conf/server.key
</VirtualHost>

How this works

1. When request are for http://site1.com the first VirtualHost section will be selected.
2. When request are for http://site2.com the second VirtualHost section will be selected.
3. If a request arrives for http://site[x].com then first VirtualHost section will be selected.
4. If a request arrives for http://panel.site1.com the request will be redirected to https://panel.site1.com and the third VirtualHost section will be selected.