Apache 2.2 – How to Setup Multiple SSL Sites Using Multiple IP Addresses

How do you setup a single Apache2 config to host multiple HTTPS sites each on their own IP address? There will also be multiple HTTP sites on just a single IP address.

I do not want to use Server Name Indication (SNI) as described here, and I'm only concerned with the important top-level Apache directives. That is, I just need to know the skeleton of how my config should look.

The basic setup looks like this:

Hosted on 1.1.1.1:80 (HTTP)
  - example.com
  - example.net
  - example.org
Hosted on 2.2.2.2:443 (HTTPS)
  - secure.com
Hosted on 3.3.3.3:443 (HTTPS)
  - secure.net
Hosted on 4.4.4.4:443 (HTTPS)
  - secure.org

And here are the important config directives I have so far, which is the closest I've come to a working iteration, but still no dice. I know I'm close, just need a little push in the right direction.

Listen 1.1.1.1:80
Listen 2.2.2.2:443
Listen 3.3.3.3:443
Listen 4.4.4.4:443

NameVirtualHost 1.1.1.1:80
NameVirtualHost 2.2.2.2:443
NameVirtualHost 3.3.3.3:443
NameVirtualHost 4.4.4.4:443

# HTTP VIRTUAL HOSTS:

<VirtualHost 1.1.1.1:80>
    ServerName example.com
    DocumentRoot /home/foo/example.com
</VirtualHost>

<VirtualHost 1.1.1.1:80>
    ServerName example.net
    DocumentRoot /home/foo/example.net
</VirtualHost>

<VirtualHost 1.1.1.1:80>
    ServerName example.org
    DocumentRoot /home/foo/example.org
</VirtualHost>

# HTTPS VIRTUAL HOSTS:

<VirtualHost 2.2.2.2:443>
    ServerName secure.com
    DocumentRoot /home/foo/secure.com
    SSLEngine on
    SSLCertificateFile /home/foo/ssl/secure.com.crt
    SSLCertificateKeyFile /home/foo/ssl/secure.com.key
    SSLCACertificateFile /home/foo/ssl/ca.txt
</VirtualHost>

<VirtualHost 3.3.3.3:443>
    ServerName secure.net
    DocumentRoot /home/foo/secure.net
    SSLEngine on
    SSLCertificateFile /home/foo/ssl/secure.net.crt
    SSLCertificateKeyFile /home/foo/ssl/secure.net.key
    SSLCACertificateFile /home/foo/ssl/ca.txt
</VirtualHost>

<VirtualHost 4.4.4.4:443>
    ServerName secure.org
    DocumentRoot /home/foo/secure.org
    SSLEngine on
    SSLCertificateFile /home/foo/ssl/secure.org.crt
    SSLCertificateKeyFile /home/foo/ssl/secure.org.key
    SSLCACertificateFile /home/foo/ssl/ca.txt
</VirtualHost>

For what it's worth, I prefer to have each of my SSL sites on their own IP instead of including one of them on the primary VHOST IP. Any links which show a standard setup would be more than welcome!

Best Answer

Restart Apache, don't reload. Newly configured SSL certs aren't loaded in on a reload.

Drop the NameVirtualHost ...:443 directives; you'd only want them if you were doing SNI.

And yeah, keep the NameVirtualHost 1.1.1.1:80 directive, your port 80 hosts need that for requests to be routed based on host header.

Best Answer

Related Solutions

SSL – How to Make Both HTTP and HTTPS Work

Ssl – Apache 2.2.14: SSLCARevocation location

Related Topic