I just purchased an SSL certificate to secure/enable only ONE domain on a server with multiple vhosts. I plan on configuring as shown below (non SNI). In addition, I still want to access phpMyAdmin, securely, via my server's IP address. Will the below configuration work? I have only one shot to get this working in production. Are there any redundant settings?
---apache ssl.conf file---
Listen 443
SSLCertificateFile /home/web/certs/domain1.public.crt
SSLCertificateKeyFile /home/web/certs/domain1.private.key
SSLCertificateChainFile /home/web/certs/domain1.intermediate.crt
---apache httpd.conf file----
...
DocumentRoot "/var/www/html" #currently exists
...
NameVirtualHost *:443 #new - is this really needed if "Listen 443" is in ssl.conf???
...
#below vhost currently exists, the domain I wish t enable SSL)
<VirtualHost *:80>
ServerAdmin info@domain1.com
ServerName domain1.com
ServerAlias 173.XXX.XXX.XXX
DocumentRoot /home/web/public_html/domain1.com/public
</VirtualHost>
#below vhost currently exists.
<VirtualHost *:80>
ServerName domain2.com
ServerAlias www.domain2.com
DocumentRoot /home/web/public_html/domain2.com/public
</VirtualHost>
#new -I plan on adding this vhost block to enable ssl for domain1.com!
<VirtualHost *:443>
ServerAdmin info@domain1.com
ServerName www.domain1.com
ServerAlias 173.XXX.XXX.20
SSLEngine on
SSLProtocol all
SSLCertificateFile /home/web/certs/domain1.public.crt
SSLCertificateKeyFile /home/web/certs/domain1.private.key
SSLCACertificateFile /home/web/certs/domain1.intermediate.crt
DocumentRoot /home/web/public_html/domain1.com/public
</VirtualHost>
As previously mentioned, I want to be able to access phpmyadmin via "https://173.XXX.XXX.XXX/hiddenfolder/phpmyadmin" which is stored
under "var/www/html/hiddenfolder"
Best Answer
What you are trying to do is SNI. The IP address is in fact a host name in matters of negotiation.
Your configuration will point both domain1.com and https://173.XXX.XXX.20 into the same directory.
You have 4 options:
SNI
Get an additional IP
Create an alias for phpmyamin under the one SSL cert you have
Just listen on another port for SSL as well and have the IP hostname use that. e.g. https://173.XXX.XXX.20:444
The configuration you have listed would most likely cause you some trouble. Edit your question with what solution you want to run with.. Or comment on this reply