Ssl – Apache Rewrite rules for SSL in sub domain

apache-2.2kohanarewritessl

I have a web site deployed that uses kohana and URL rewriting to make the URLs more restful. This works fine.

I also have Moodle installed in a sub directory on the same server and a subdomain defined for this directory. So Moodle is installed in a directory called students and the subdomain is students.example.com. This too works fine.

I am now attempting to install an SSL certificate that I only need on the sub domain. I have a Comodo wildcard certificate so it is supposed to be able to work with the subdomains. When I use https://example.com it works fine so I can see that the SSL certificate is in force. However, when I try https://students.example.com it redirects to the main site. http://students.example.com works fine though.

The .htaccess file that works for the kohana rewrite rules is:

# Use PHP5.4 Single php.ini as default
AddHandler application/x-httpd-php54s .php
# Turn on URL rewriting
RewriteEngine On

# Installation directory
RewriteBase /

# Protect hidden files from being viewed
<Files .*>
   Order Deny,Allow
   Deny From All
</Files>

# Protect application and system files from being viewed
RewriteRule ^(?:application|modules|system)\b index.php/$0 [L]

# Allow any files or directories that exist to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

# Rewrite all other URLs to index.php/URL
RewriteRule .* index.php/$0 [PT]
Options -Indexes

According to the docs I will need the following rules to be added for the subdomain:

#.htaccess WildCard SSL 
RewriteCond %{HTTP_HOST} ^students.example.com$ 
RewriteCond %{REQUEST_URI} !^/students/ 
RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule ^(.*)$ /students/$1 
RewriteCond %{HTTP_HOST} ^students.example.com$ 
RewriteRule ^(/)?$ students/index.php [L]

I tried adding this as the first rule and as the second rule but neither worked. I now understand that I will have to write a new set of rules to do what I want.

Any advice on how to accomplish this would be greatly appreciated. This site is hosted with Bluehost if that makes any difference.

Best Answer

I suspect you may have another issue. An HTTP request looks something like:

GET /foo.php HTTP/1.1
Host: monkedung.example.com
Keep-Alive: timeout=15
Connection: Keep-Alive

etc. When you encrypt it with SSL, everything after the GET line is encrypted, so Apache has no way of even knowing what host you are asking for. Without knowing the host, it has no way of knowing which certificate to use to decrypt the request. It also has no idea which directory to redirect to, which .htaccess file to use or anything else determined by the host. For this reason, AFAIK you can only use a single ssl host per IP address.

I would try setting

students.example.com

as the default apache domain and example.com if that is the only one that you want to use ssl for. I would also turn on debugging for your rewrite rules so you can see if they are actually firing. If the issue is the ssl issue mentioned above, I suspect you are not even getting that far.

Hope this helps.

Related Topic