Ssl – Change the default apache configuration to serve HTTPS on two ports

Apache2httpssslvirtualhost

I'm running apache2 on Devuan Beowulf (~= Debian Buster), with the default configuration. In that configuration, I have:

in sites-available/default-ssl.conf:

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
        # etc etc.

in sites-available/default-000.conf:

<VirtualHost *:80>
        # etc etc.

and in sites-available/default-000.conf:

Listen 80

<IfModule ssl_module>
        Listen 443
</IfModule>

<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

How do I make it so that apache listens on port 80 for HTTP traffic and on ports 443 and, say, 1234, for HTTPS connections?

Best Answer

There are several tasks here:

Make sure the SSL module is loaded
Listen on another port for SSL - port 1234 specifically
Make sure the default-ssl.conf site is enabled (or whatever site conf you want to use for your HTTPS site)
Make the port-443 virtual host also be served for the second port - without simply copying that block of configuration

Here's how to do it (as root):

Invoke a2enmod ssl (yes, there is such a utility)
Add Listen 1234 right below Listen 443 in ports.conf
Invoke a2ensite default-ssl
Change <VirtualHost _default_:443> to <VirtualHost _default_:443 _default_:1234> in default-ssl.conf.

There's (at least) one problem with the above solution, though - somehow, magically, you can speak HTTP to the server on port 443.

Note: Don't insert NameVirtualHost lines; if you do, you'll get warnings saying:

AH00548: NameVirtualHost has no effect and will be removed in the next 
release /etc/apache2/ports.conf:6

Related Solutions

Apache Virtualhost shows default page only

When I lookup your domains, I get 2 different IP addresses. In this case your configuration needs to be something like this:

# This is the "main" server running on IP_ADDRESS_OF_DOMAIN_tsk-run.tk
ServerAdmin webmaster@tsk-run.tk
ServerName tsk-run.tk
ServerAlias www.tsk-run.tk
DocumentRoot /var/www/html/tsk-run/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

<VirtualHost IP_ADDRESS_OF_DOMAIN_tsk-test.tk>
    ServerAdmin webmaster@tsk-test.tk
    ServerName tsk-test.tk
    ServerAlias www.tsk-test.tk
    DocumentRoot /var/www/html/tsk-test/public_html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Replace IP_ADDRESS_OF_DOMAIN_tsk-test.tk with the IP address of this domain.

See apache documentation section Name-based hosts on more than one IP address for more details.

Nginx as reverse ssl proxy (Apache + Varnish) skips its own configuration

You can try a couple of things around not messing around with the default file config

a) Create your own config file in /etc/nginx/sites-available and then enable it with a soft link in /etc/nginx/sites-enabled

b) disable default site entirely by deleting the default link in /etc/nginx/sites-enabled or simply change the port of the default config so nginx listens in port 81 (for example)

So in case Nginx insists on listening in http or whatever is causing this behavious, it will not take port 80 and allow Varnish to take it.

Alternatively upgrade to Ubuntu 16.04 LTS which would give you a much up-to-date of everything including Openssl v1.0.2+ so you can enable HTTP/2 support.

Best Answer

Related Solutions

Apache Virtualhost shows default page only

Nginx as reverse ssl proxy (Apache + Varnish) skips its own configuration

Related Topic