Linux – Unable to visit virtual host over port 443

apache-2.4google-compute-enginelinuxvirtualhost

I have a Google Compute instance (Debian 8 and Apache) running using Google Compute protocol forwarding to be able to use multiple external IP addresses with one virtual machine instance:

Google Compute Protocol Forwarding (full article)

Google Compute Engine supports Protocol Forwarding, which lets you
create forwarding rule objects that can send packets to a non-NAT’ed
target instance. Each target instance contains a single virtual
machine instance that receives and handles traffic from the
corresponding forwarding rules.

The Problem

I am not able to visit one of the virtual host domains/IP's over port 443. I need this, because I want to enable HTTPS on all these domains.

I have tried multiple options to achieve opening port 443, but none of them works:

Option 1) Virtual name-based hosts:

/etc/apache2/ports.conf

Listen 80

<IfModule ssl_module>
    NameVirtualHost *:443
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    NameVirtualHost *:443
    Listen 443
</IfModule>

/etc/apache2/sites-enabled/example.com.conf

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/website1
</VirtualHost>

<VirtualHost *:443>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/website1
</VirtualHost>

Option 2) Virtual IP-based hosts:

/etc/apache2/ports.conf

Listen 80

<IfModule ssl_module>
    NameVirtualHost *:443
    Listen 443
</IfModule>

<IfModule mod_gnutls.c>
    NameVirtualHost *:443
    Listen 443
</IfModule>

<VirtualHost 192.0.2.5>
 DocumentRoot /var/www/website1
 <Directory /var/www/website1>
  Require all granted
 </Directory>
</VirtualHost>

...

Both options work for port 80, but not for port 443.

Best Answer

In ports.conf you need

Listen 443

and in /etc/apache2/sites-enabled/example.com.conf you need:

SSLEngine On
SSLCertificateFile      /path/to/file.pem
SSLCertificateKeyFile /path/to/file.key

where file.pem and file.key are certificate and key

Related Solutions

Ssl – Mixing SSL and non-SSL content in an Apache2 virtual host

better yet, redirect it to ssl (or back) automatically

in non ssl vhost:

Redirect /admin https://example.com/admin
Redirect /admin https://example.com/order

in ssl vhost (if you really want /maps always to be non-ssl, to save cpu maybe?)

Redirect /maps http://example.com/maps

Apache2 multiple hostnames redirected to one

To be fairly honest with you, the best approch i can see for this would be if you setup your main domain normally like this:

<VirtualHost *:80>
    ServerName www.example.com
    DocumentRoot /www/domain 
</virtualhost>

Then you create a new virtualhost that will hold all domains you want to redirect like this:

<VirtualHost *:80>
    ServerName example.com
    ServerAlias foo.example.com bar.example.com others.example.com
    DocumentRoot /www/redirect_folder 
</virtualhost>

Inside that folder make a simple index.php page that summons the 301 so any domains hold in there will be redirect to your main domain with the 301 code.

<?
Header( "HTTP/1.1 301 Moved Permanently" );
Header( "Location: http://www.example.com" );
?>

Why do you think it is better this way ?

This way you won't have to keep updating a bunch of places everytime you have a new domain to hold and redirct to your main domain and it won't be serving your users with the current name but will actually redirect them to your main domain in question.

If you are the server owner you can make it even better, you can put the 2nd virtualhost as the first virtualhost in your httpd.conf of vhost.conf file and whenever you hit the IP of your server it will lead you to the redirection page which will lead your users to the main domain in this case instead of having to set a bunch of ServerAlias you can just create the DNS A record for that given subdomain or domain leading to your IP and the server will take care of the rest.

In this last case all you would need for your virtual host would be:

<VirtualHost *:80>
    ServerName example.com
    DocumentRoot /www/redirect_folder 
</virtualhost>

as you dont need the ServerAlias since every and each request that hits your server IP will go to your first vhost.

In addition if you wanted to do this using .htaccess, it would be something like this i belive:

RewriteEngine on
rewritecond %{http_host} ^foo.example.com [nc]
rewriterule ^(.*)$ http://www.example.com/$1 [r=301,nc]

Best Answer

Related Solutions

Ssl – Mixing SSL and non-SSL content in an Apache2 virtual host

Apache2 multiple hostnames redirected to one

Related Topic