Score:0

Apache2 VHOST matches wrong server name

jp flag

I'm running Apache 2.4.54 on Debian Bullseye and have 42 VHOSTs configured. Most of them are subdomains xxx.my.domain.com of our main domain, say my.domain.com. One client has a special domain. There is also a default VHOST to catch all the requests. All the VHOSTS reside in numbered files, the default comes last.

  • HTTP -> HTTPS
  • subdomain not catches before -> ErrorDocument
  • no subdomain -> errorDocument

In the case I just enter https://my.domain.com, this request is catched by one of the earlier vhosts and not by the default VHOST. I don't understand why this happens.

Without SSL, the request is answered by 99-default.conf

99-default.conf

<VirtualHost _default_:80>
        ServerName my.domain.com
        Redirect permanent / https://my.domain.com
        ErrorLog ${APACHE_LOG_DIR}/default_error.log
        CustomLog ${APACHE_LOG_DIR}/default_access.log vhost_combined
</VirtualHost>

<VirtualHost *:80>
        ServerAlias *.my.domain.com
        Redirect 404 /
        DocumentRoot /var/www/html/
        ErrorDocument 404 "Subdomain does not exist"
        ErrorLog ${APACHE_LOG_DIR}/default_error.log
        CustomLog ${APACHE_LOG_DIR}/default_access.log combined
</VirtualHost>



# match requests without subdomain
<VirtualHost _default_:443>
        ServerName my.domain.com
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        Redirect 404 /
        ErrorDocument 404 "Please choose subdomain"
        ErrorLog ${APACHE_LOG_DIR}/default_error.log
        CustomLog ${APACHE_LOG_DIR}/default_access.log combined
</VirtualHost>

# match any subdomain that does not exist (that's why order is important)
<VirtualHost *:443>
        ServerAlias *.my.domain.com
        Redirect 404 /
        DocumentRoot /var/www/html/
        ErrorDocument 404 "Subdomain does not exist"
        ErrorLog ${APACHE_LOG_DIR}/default_error.log
        CustomLog ${APACHE_LOG_DIR}/default_access.log combined
</VirtualHost>

02-app-customer.conf

<VirtualHost *:443>
    Protocols h2 http/1.1
    ServerAlias customers-domain.com
#    ServerAlias customer.my.domain.com

    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/wildcard.crt
    SSLCertificateKeyFile /etc/ssl/private/wildcard.key
    SSLCertificateChainFile /etc/ssl/certs/wildcard_chain.crt

    ErrorLog ${APACHE_LOG_DIR}/app_error.log
    CustomLog ${APACHE_LOG_DIR}/app_access.log vhost_combined

    Include conf.d/security.conf
    Include /usr/local/app/local/customer/httpd.conf

    <FilesMatch ".+\.ph(p[3457]?|t|tml)$">
        SetHandler "proxy:unix:/run/php/php7.4-fpm-app.sock|fcgi://localhost"
    </FilesMatch>

</VirtualHost>

# Redirection from port 80 to 443 if ssl enabled
<VirtualHost *:80>
    ServerName customers-domain.com
#    ServerAlias customer.my.domain.com
    Redirect permanent / https://www.customers-domain.com/
    ErrorLog ${APACHE_LOG_DIR}/app_error.log
    CustomLog ${APACHE_LOG_DIR}/app_access.log vhost_combined
</VirtualHost>

# Redirect of www.customers-domain.com to customers-domain.com
<VirtualHost *:443>
    Protocols h2 http/1.1
    ServerName www.customers-domain.com
    ServerAlias www.customers-domain.biz
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/wildcard.crt
    SSLCertificateKeyFile /etc/ssl/private/wildcard.key
    SSLCertificateChainFile /etc/ssl/certs/wildcard_chain.crt
    ErrorLog ${APACHE_LOG_DIR}/app_error.log
    CustomLog ${APACHE_LOG_DIR}/app_access.log vhost_combined
    Redirect permanent / https://customers-domain.com        
</VirtualHost>
<VirtualHost *:80>
    ServerName www.customers-domain.com
    ServerAlias www.customers-domain.biz
    Redirect permanent / https://customers-domain.com/
    ErrorLog ${APACHE_LOG_DIR}/app_error.log
    CustomLog ${APACHE_LOG_DIR}/app_access.log vhost_combined
</VirtualHost>

I don't understand why a request to https://my.domain.com is catched by 02-app-customer.conf and not by 99-default.conf. Any ideas?

in flag
Your VirtualHost for `customers-domain.com` is missing the `ServerName` directive.
Powerriegel avatar
jp flag
Problem solved! Thank you so much!
Score:1
in flag

Your VirtualHost for customers-domain.com:443 is missing the ServerName directive.

<VirtualHost *:443>
    Protocols h2 http/1.1
    ServerName customers-domain.com
    # ...
</VirtualHost>
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.