Join Log in
Score:0
Jerry avatar Server

Apache directs https:b-site visitor to https:a-site (b-site don't have ssl)

jp flag
Jerry

I've got an issue with my apache system. it's brand new, and so are I.

my problem now is that if somebody visit https://123.446.689.0 or https://b-site.com, (which don't have any ssl), then will a-site cut in on the https...

How can a connection jump like that? (of course a warning comes up, since the ssl is for another domain)

I WILL get ssl on b-site to, but can't get a ssl to the ip. and all direct IP access should be redirect to another site. (which currently is 000-default)

these are my configuration files;

a-site.com.conf

<VirtualHost a-site.com:80>
ServerName a-site.com
DocumentRoot /var/www/a-site.com
    <Directory /var/www/a-site.com>
        Options FollowSymLinks
        AllowOverride Limit Options FileInfo
        DirectoryIndex index.html index.php
        Require all granted

    </Directory>
<Directory /var/www/a-site.com/wp-content>
        Options FollowSymLinks
        Require all granted

    </Directory>

ErrorLog ${APACHE_LOG_DIR}/a-site.error.log
CustomLog ${APACHE_LOG_DIR}/a-site.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =a-site.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

a-conf.com-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost a-site.com:443>
    ServerName a-site.com
    ServerAdmin arga@localhost
    DocumentRoot /var/www/a-site.com
    ErrorLog ${APACHE_LOG_DIR}/a-site.error.log
    CustomLog ${APACHE_LOG_DIR}/a-site.access.log combined


SSLCertificateFile /etc/letsencrypt/live/a-site.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/a-site.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000"
</VirtualHost>
</IfModule>

000-default.conf

<VirtualHost 123.456.789.0:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/00
        ErrorLog ${APACHE_LOG_DIR}/catchall.error.log
        CustomLog ${APACHE_LOG_DIR}/catchall.access.log combined

</VirtualHost>

b-site.com.conf

<VirtualHost b-site.com:80>
ServerName b-site.com
DocumentRoot /var/www/b-site.com
    <Directory /var/www/b-site.com>
        Options FollowSymLinks
        AllowOverride Limit Options FileInfo
        DirectoryIndex index.html index.php
        Require all granted

    </Directory>
<Directory /var/www/b-site.com/wp-content>
        Options FollowSymLinks
        Require all granted

    </Directory>

ErrorLog ${APACHE_LOG_DIR}/b-site.error.log
CustomLog ${APACHE_LOG_DIR}/b-site.log combined

</VirtualHost>

000-default-ssl.conf

<IfModule mod_ssl.c>
  
 <VirtualHost _default_:443>
            ServerAdmin webmaster@localhost
            DocumentRoot /var/www/00
            
            ErrorLog ${APACHE_LOG_DIR}/napto.def.error.log
            CustomLog ${APACHE_LOG_DIR}/napto.def.access.log combined
            SSLEngine on

            SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
            SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
            <FilesMatch "\.(cgi|shtml|phtml|php)$">
                            SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory /usr/lib/cgi-bin>
                            SSLOptions +StdEnvVars
            </Directory>             
        </VirtualHost>
</IfModule>
28
0 + 0
Jerry avatar
jp flag
Jerry
I added a new site, called 00al... but now does the 00al site intercept the a-sites https... what's happening? how is this possible?
0
Reply
Score:1
avatar Server
jp flag
AlexD

You have only a-site.com:443 VirtualHost defined for port 443 (https) so Apache shows only the site it can find to show.

You need to define a default VirtualHost on port 443 <VirtualHost _default_:443> the same way as you have in 000-default.conf (or check if you have default-ssl.conf and enable it). You still need a TLS/SSL certificate for the default host but you can create a self-signed certificate. Debian-based systems already have one generated for you as /etc/ssl/certs/ssl-cert-snakeoil.pem.

0 + 0
Jerry avatar
jp flag
Jerry
Actually, I have one, and when but there's no difference if it's activated or not, I even tried to rename it to 000-def... so it would be before then a-site, but the a site still intercept the https://123.456.789.0 call..
0
Reply
Jerry avatar
jp flag
Jerry
actually, it was my tires eyes, I had actually written .conf instead of .com in the virtualhost line..., and when I censured the address in the question, the error wanished, but I have your answer as correct, as it is on this question..
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.