How to setup multiple Apache SSL sites using multiple IP addresses
Restart Apache, don't reload. Newly configured SSL certs aren't loaded in on a reload.
Drop the NameVirtualHost ...:443
directives; you'd only want them if you were doing SNI.
And yeah, keep the NameVirtualHost 1.1.1.1:80
directive, your port 80 hosts need that for requests to be routed based on host header.
![Jeff](https://i.stack.imgur.com/ukJsE.png?s=256&g=1)
Jeff
Updated on September 18, 2022Comments
-
Jeff almost 2 years
How do you setup a single Apache2 config to host multiple HTTPS sites each on their own IP address? There will also be multiple HTTP sites on just a single IP address.
I do not want to use Server Name Indication (SNI) as described here, and I'm only concerned with the important top-level Apache directives. That is, I just need to know the skeleton of how my config should look.
The basic setup looks like this:
Hosted on 1.1.1.1:80 (HTTP) - example.com - example.net - example.org Hosted on 2.2.2.2:443 (HTTPS) - secure.com Hosted on 3.3.3.3:443 (HTTPS) - secure.net Hosted on 4.4.4.4:443 (HTTPS) - secure.org
And here are the important config directives I have so far, which is the closest I've come to a working iteration, but still no dice. I know I'm close, just need a little push in the right direction.
Listen 1.1.1.1:80 Listen 2.2.2.2:443 Listen 3.3.3.3:443 Listen 4.4.4.4:443 NameVirtualHost 1.1.1.1:80 NameVirtualHost 2.2.2.2:443 NameVirtualHost 3.3.3.3:443 NameVirtualHost 4.4.4.4:443 # HTTP VIRTUAL HOSTS: <VirtualHost 1.1.1.1:80> ServerName example.com DocumentRoot /home/foo/example.com </VirtualHost> <VirtualHost 1.1.1.1:80> ServerName example.net DocumentRoot /home/foo/example.net </VirtualHost> <VirtualHost 1.1.1.1:80> ServerName example.org DocumentRoot /home/foo/example.org </VirtualHost> # HTTPS VIRTUAL HOSTS: <VirtualHost 2.2.2.2:443> ServerName secure.com DocumentRoot /home/foo/secure.com SSLEngine on SSLCertificateFile /home/foo/ssl/secure.com.crt SSLCertificateKeyFile /home/foo/ssl/secure.com.key SSLCACertificateFile /home/foo/ssl/ca.txt </VirtualHost> <VirtualHost 3.3.3.3:443> ServerName secure.net DocumentRoot /home/foo/secure.net SSLEngine on SSLCertificateFile /home/foo/ssl/secure.net.crt SSLCertificateKeyFile /home/foo/ssl/secure.net.key SSLCACertificateFile /home/foo/ssl/ca.txt </VirtualHost> <VirtualHost 4.4.4.4:443> ServerName secure.org DocumentRoot /home/foo/secure.org SSLEngine on SSLCertificateFile /home/foo/ssl/secure.org.crt SSLCertificateKeyFile /home/foo/ssl/secure.org.key SSLCACertificateFile /home/foo/ssl/ca.txt </VirtualHost>
For what it's worth, I prefer to have each of my SSL sites on their own IP instead of including one of them on the primary VHOST IP. Any links which show a standard setup would be more than welcome!
-
ravi yarlagadda over 12 yearsLooks fine, but feel free to drop the
NameVirtualHost ...:443
directives; you'd only want them if you were doing SNI. Can you clarify what problems or errors you're seeing? Did you do a full restart, not just a reload, of Apache? -
Jeff over 12 yearsNo firewall set up on the machine yet. Telnet to each
IP PORT
works fine. I really thought it was something in my Apache config, but I will try out Shane's suggestions in a bit.
-
-
Jeff over 12 yearsSo the rest of my Apache config looks right to you? It looked right to me! Banging my head on this. I will go ahead and restart, plus remove the
NameVirtualHost ...:443
's (when I get home). If all is well, you should see a big ole' green check mark next to your answer. -
voretaq7 over 12 years@Jeff - Before you
restart
you can ask apache to do aconfigtest
which will tell you if Apache doesn't like something about your config file's syntax. Theapachectl
utility that comes with Apache can do this, and most systems' init scripts will also takeconfigtest
as a directive. -
Jeff over 12 years@voretaq7,
configtest
was done and reported my config files are OK. Was wondering about the common/home/foo/ssl/ca.txt
. I don't think that's the problem, though. Isn't that just a Certificate Authority list? Again, I appreciate the help, and I'll be able to try all this when I get home. -
Jeff over 12 yearsTo summarize this question, everyone thinks my Apache config looks fine, so I will make the change suggested by Shane in his first comment above and restart Apache. If it works, I'll edit his answer to reflect the change and mark it correct. Thanks again.