I have a CentOS 6 server with Apache (httpd-2.2.15-15.el6.centos.x86_64). Now I configured TLS SNI using OpenSSL and that was pretty easy.
Now I have two TLS vhosts on the same ip and I want to specify which one should be the default it the client does not support TLS SNI (yes, I'm looking at you, git/hg).
Looking at the Apache docs there should be at least two ways to do this:
- set for the default host (and *:443 for all others)
- set "SSLStrictSNIVHostCheck on" for the non-default hosts.
Unfortunately neither method works for me. Can someone explain to me how to achieve the goal anyway and why the two methods above don't work as I expected?
Best Answer
1st enabled will be the default one so rename the config file of the default vhost to something like
00-config_file_name
so it is the 1st loaded.As you (rightfully) would like something documented:
From Apache docs: An In-Depth Discussion of Virtual Host Matching
So if you use only 1 config file for your vhosts, you need to order them in the file and if you include several separated files (including ../sites-enabled directory which is the way Apache2 sample site is defined) you need to load the files in the order you need to define the default site first and they are loaded according to the directory alphabetical order.
Always according to the same Apache doc (following examples link in the page), if you use
_default_
vhost, it must be defined before other vhosts and that's exactly what you will be doing defining the vhost in the order you want but when using_default_
vhost, the main server will not respond anymore to requests.