Reputation: 23
My setup:
site1.com | Port 80
site2.com | Port 80
panel.site1.com | Rewrites port 80 traffic to 443
This works until someone tries https:// site[x].com and the server redirects them to my panel. I need this panel to be open to the ~100 people who will use it, but I don't want the wrong people stumbling across it.
I've tried adding:
<VirtualHost *:443>
ServerAdmin me@email
ServerName site1.com
ServerAlias www.site1.com
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
to the vhost of site1.com, but it still returns the control panel. I believe this is because the certs are checked before Apache vhost rules are applied, but I'm not really sure. Is there a fix for this or is it simply the limitations of Apache2+SSL?
Upvotes: 0
Views: 255
Reputation: 1850
If no matching ServerName or ServerAlias is found in the set of virtual hosts containing the most specific matching IP address and port combination, then the first listed virtual host that matches that will be used.
And so looks like you have kept the <VirtualHost>
section of panel.site1.com
on top of all other virtual host section. Because of this, requests for https://site[x].com
will land in it, and so the issue is not related to SSL
.
Update:
You can try below configuration and it should work.
<VirtualHost *:80>
ServerName www.site1.com
ServerAlias site1.com
DocumentRoot /var/www/site1
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^panel.site1.com
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
</VirtualHost>
<VirtualHost *:80>
ServerName www.site2.com
ServerAlias site2.com
DocumentRoot /var/www/site2
</VirtualHost>
<VirtualHost *:443>
ServerName panel.site1.com
DocumentRoot /var/www/panel
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /opt/apache1/conf/server.crt
SSLCertificateKeyFile /opt/apache1/conf/server.key
</VirtualHost>
How this works
http://site1.com
the first VirtualHost
section will be selected.http://site2.com
the second VirtualHost
section will be selected.http://site[x].com
then first VirtualHost
section will be selected.http://panel.site1.com
the request will be redirected to https://panel.site1.com
and the third VirtualHost
section will be selected.Upvotes: 2