is it necessary to use separate virtualhost blocks for http and https

apache2

Solution 1:

Unlike for example a server block in nginx that can support both http and https definitions (each on a different port) in a single server block the Apache VirtualHost only has a toggle.

The SSLEngine directive switches TLS either on or off for the entire VirtualHost.

(The SSLEngine optional setting is more a curiosity and not a valid production option to support both plain http and https from a single VirtualHost block. )

You will get protocol errors when attempting to connect with plain http to a Apache https IP-address & port combination or vice-versa when using https on a plain http port.

Solution 2:

Based on my testing, it appears it is necessary to have separate virtualhost blocks for the default virtualhost on each port, but secondary virtualhosts can use the same virtualhost block for both plain http and https.

However these secondary virtual hosts must be specified with an explicit list of ports, e.g. *:80 *:443, not with just a plain wildcard.

Related

Exchange mail flow rule to use connector when no mailbox found
OpenLDAP server: chaining of SSL certificates (let's encrypt) does not work as expected
Force applications to use TLS 1.2 for certain domains
Are Kubernetes updates an atomic transaction?
What will I need to create a web server out of an R710? [closed]
What are the symptoms of an IP address conflict?
How to install PHP 8 in Oracle Linux with Apache?
Proxy settings at/prior to cloud-init runtime
Upgrading Tomcat 7.0 - 8.5 or 9.0?
How do untar as the current user by default?
CryptographyDeprecationWarning: Python 3.5 support will be dropped in the next release of cryptography. Please upgrade your Python
Authenticate Samba against OpenLDAP