SSL site not using the correct IP in Apache and Ubuntu

apache-2.2 ssl ubuntu virtualhost

I'm trying to set up an apache-ubuntu-php webserver. My webserver will host multiple SSL sites, each SSL site will have it's own IP address (unless there's a better way to do this).

So I suppose the first step is to get apache to recognize at least two different IP addresses. Right now, I have an SSL and non-SSL version of a website which are http://mysite.com and https://mysite.com. Although both are currently running on my server, I can't get both to use different IP addresses. Right now, both are using the IP 1.1.1.1. I purchased a second IP address 2.2.2.2 but the https://mysite.com won't accept it and firefox complains with the error "ssl_error_rx_record_too_long". Here's a look at my 2 vhost files

/etc/apache2/site-enabled/000-default

#NameVirtualHost 1.1.1.1:80

#<VirtualHost 1.1.1.1:80>
<VirtualHost *:80>
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

/etc/apache2/site-enabled/mysite.com

<VirtualHost 1.1.1.1:80>
     ServerAdmin [email protected]
     ServerName mysite.com
     ServerAlias www.mysite.com
     DocumentRoot /srv/www/mysite.com/public_html/
     ErrorLog /srv/www/mysite.com/logs/error.log
     CustomLog /srv/www/mysite.com/logs/access.log combined
</VirtualHost>
<IfModule mod_ssl.c>
#<VirtualHost 2.2.2.2:443>
<VirtualHost *:443>
     ServerAdmin [email protected]
     ServerName mysite.com
     ServerAlias www.mysite.com
     DocumentRoot /srv/www/mysite.com/public_html/
     ErrorLog /srv/www/mysite.com/logs/error.log
     CustomLog /srv/www/mysite.com/logs/access.log combined

        SSLEngine on

        SSLCertificateFile    /etc/ssl/localcerts/www.mysite.com.crt
        SSLCertificateKeyFile /etc/ssl/localcerts/www.mysite.com.pem

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0

</VirtualHost>
</IfModule>

In mysite.com, if I replace <VirtualHost *:443> with <VirtualHost 2.2.2.2:443>, Firefox complains with the error "ssl_error_rx_record_too_long".

So when I try to create and enable a /etc/apache2/site-enabled/mysite2.com with another SSL certificate on a third IP address, Apache complains about an "overlap" problem.

Can someone tell me how to get up my server so that I can host multiple SSL websites on different domains? I want the SSL certificate to work for IE 7+, FF, and Safari on the popular OS such as WinXP, Vista, Win7 and OSX.


I've set this on on my servers by adjusting the /etc/apache2/ports.conf file as follows:

<IfModule mod_ssl.c>
NameVirtualHost *:443
    # SSL name based virtual hosts are not yet supported, therefore no
    # NameVirtualHost statement here
    NameVirtualHost *:443
    Listen 443
</IfModule>

You should then be able to use by editing /etc/apache2/sites-enabled/mysite.com (some code omitted to shorten the example):

<VirtualHost *:443>
     ServerName mysite1.com
     SSLCertificateFile    /etc/ssl/localcerts/www.mysite1.com.crt
     SSLCertificateKeyFile /etc/ssl/localcerts/www.mysite1.com.pem
</VirtualHost>

<VirtualHost *:443>
    ServerName mysite2.com
    SSLCertificateFile    /etc/ssl/localcerts/www.mysite2.com.crt
    SSLCertificateKeyFile /etc/ssl/localcerts/www.mysite2.com.pem
</VirtualHost>

For as many vhosts as you like.

Edit: NEED A SECOND OPINION? GO HERE: http://forum.slicehost.com/comments.php?DiscussionID=3244

Related

ZFS: How do you restore the correct number of copies after losing a drive?
How to stop brute force attacks on Terminal Server (Win2008R2)?
Why are enterprise SAS disk enclosures seemingly so expensive?
Copy and deliver a request to another nginx server for real traffic testing
Postfix: how to use simple file for SASL authentication?
Who is your favorite VPS Provider? [closed]
Finding short-lived TCP connections owner process
Is there a way to refresh computer group membership without rebooting?
Redirect Windows cmd stdout and stderr to a single file
How do I store an array in localStorage? [duplicate]
Sorting 1 million 8-decimal-digit numbers with 1 MB of RAM
How should I unit test multithreaded code?