Ssl – apache2 reverse proxy 2 virtual hosts & ssl

I have 2 servers: app1.example.biz & app2.example.biz
I need to do the following using apache2 as a reverse proxy
redirect all traffic coming from internet to the appropriate server & use ssl.
The configuration i did allows me to redirect app1.example.biz to https app1.example.biz & i can access the server. The problem is that i can't do the same for app2.example.biz, when i type app2.example.biz it redirects me to https app1.example.biz!!
PS: I can't post more than two hyperlinks because i'm a new user but my config is correct.

<VirtualHost *:80>
   ServerName app1.example.biz/
    Redirect / https app1.example.biz/

</VirtualHost>

<VirtualHost *:443>

ServerName app1.example.biz
ServerAlias app1.example.biz

ProxyPass / http app1.example.biz/
ProxyPassReverse / http app1.example.biz/
SSLEngine on
SSLCertificateFile    /etc/ssl/servwiki.crt
SSLCertificateKeyFile /etc/ssl/servwiki.key
SSLVerifyClient none

</VirtualHost>

#<VirtualHost *>
#    ServerName app2.example.biz/
#    Redirect / https  app2.example.biz/
#</VirtualHost>

<VirtualHost *>
ProxyPreserveHost On
ServerName  app2.example.biz
ServerAlias  app2.example.biz

ProxyPass / http app2.example.biz/
ProxyPassReverse / http app2.example.biz/
SSLEngine on
SSLCertificateFile    /etc/ssl/servwiki.crt
SSLCertificateKeyFile /etc/ssl/servwiki.key
SSLVerifyClient none

</VirtualHost>

I tried:
1/ using NameVirtualHost:80 & NameVirtualHost:443
2/Naming each virtual host like this
3/adding

 <VirtualHost *>
ServerName www.example.biz
DocumentRoot /usr/local/apache/htdocs
#SSLEngine on
#SSLCertificateFile    /etc/ssl/servwiki.crt
#SLCertificateKeyFile /etc/ssl/servwiki.key
#SSLVerifyClient none
</VirtualHost>

this solves the problem of redirecting http app1.example.biz & http app2.example.biz to the corresponding server but it doesn't wok with ssl!

plzzzzz help

Best Answer

Presumably, you're missing :443 in your second virtual host configuration (I'm not sure whether this is just a copy/paste error here).

The next problem you're going to face is that you will need to be able to handle multiple hosts on SSL/TLS. For this, you will need the server to present a valid certificate for that host name during the SSL/TLS handshake, before any HTTP request/response is sent. The can be done using one of the following techniques:

Use a single IP address and a single certificate valid for all the hosts you want to serve at the same time. This could be achieved with a certificate with multiple Subject Alternative Name entries (app1.example.biz and app2.example.biz), sometimes called UCC, or a wildcard certificate (e.g. *.example.biz, but their use is discouraged).
Use distinct IP addresses for each host, if you can. In this case, don't rely on NameVirtualHost for HTTPS, but set the IP addresses in each virtual host entry, and configure each virtual host section with its certificate.
Use a single IP address and multiple certificates, but your client will need to support the Server Name Indication extension. (This is not supported by any version of IE on Windows XP, some mobile clients, and Java 6, for example.) How to configure it on Apache Httpd is documented on this page.

Best Answer

Related Solutions

Ssl – Apache 2.2.14: SSLCARevocation location

Tomcat cookies not working via the ProxyPass VirtualHost

Related Topic