How to configure multiple SSL with one IP

Discussion in 'Installation/Configuration' started by Erjen, Feb 5, 2013.

  1. Erjen

    Erjen New Member

    Hi,

    In the first place, thanks for the great product!

    I am trying to configure multiple SSL websites on one IP address.
    So I checked SNI and configured an IP address to a client and in the website I changed IPv4 * to IPv4 [IP address]. And the last step I did also on my other website.

    But after that, if I use just http in the browser, it's not connecting to the website but to the "It Works!" Apache page. And if I use https it connects to the first configured website with SSL.

    What am I doing wrong? It should work with SNI right?

    Thanks in advance for the help!


    --------------------
    I am using Debian with ISPConfig 3.0.4.6 and Apache 2.2.16
    --------------------
     
    Last edited: Feb 5, 2013
  2. falko

    falko Super Moderator

    Can you post both vhost configurations?
     
  3. Erjen

    Erjen New Member

    Thanks for your response Falko.

    Can I PM those files to you? I don't like to make them public.

    And I found out that if I use the same IP address on the same website, both aren't working, nor the SSL connection, unlike i said before.

    Thanks again.
     
  4. Erjen

    Erjen New Member

    I still can't figure it out.. And I guess I can't PM you the files so then I will just post them here and changed the two domains with [domain] and [domain2].

    I would really appreciate it if you can help me out!
    Thanks!

    [domain].vhost
    Code:
    <Directory /var/www/[domain].nl>
        AllowOverride None
        Order Deny,Allow
        Deny from all
    </Directory>
    
    <VirtualHost [external IP address]:80>
          DocumentRoot /var/www/[domain].nl/web
      
        ServerName [domain].nl
        ServerAlias www.[domain].nl
        ServerAdmin webmaster@[domain].nl
    
        ErrorLog /var/log/ispconfig/httpd/[domain].nl/error.log
    
        Alias /error/ "/var/www/[domain].nl/web/error/"
        ErrorDocument 400 /error/400.html
        ErrorDocument 401 /error/401.html
        ErrorDocument 403 /error/403.html
        ErrorDocument 404 /error/404.html
        ErrorDocument 405 /error/405.html
        ErrorDocument 500 /error/500.html
        ErrorDocument 502 /error/502.html
        ErrorDocument 503 /error/503.html
    
        <IfModule mod_ssl.c>
        </IfModule>
    
        <Directory /var/www/[domain].nl/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        <Directory /var/www/clients/client3/web14/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
    
    
        # suexec enabled
        <IfModule mod_suexec.c>
          SuexecUserGroup web14 client3
        </IfModule>
        # Clear PHP settings of this website
        <FilesMatch "\.ph(p3?|tml)$">
            SetHandler None
        </FilesMatch>
        # php as fast-cgi enabled
    	# For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
        <IfModule mod_fcgid.c>
            IdleTimeout 300
            ProcessLifeTime 3600
            # MaxProcessCount 1000
            DefaultMinClassProcessCount 0
            DefaultMaxClassProcessCount 100
            IPCConnectTimeout 3
            IPCCommTimeout 360
            BusyTimeout 300
        </IfModule>
        <Directory /var/www/[domain].nl/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web14/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        <Directory /var/www/clients/client3/web14/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web14/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
    
        # add support for apache mpm_itk
        <IfModule mpm_itk_module>
          AssignUserId web14 client3
        </IfModule>
    
        <IfModule mod_dav_fs.c>
    	  # Do not execute PHP files in webdav directory
          <Directory /var/www/clients/client3/web14/webdav>
    	    <FilesMatch "\.ph(p3?|tml)$">
              SetHandler None
            </FilesMatch>
          </Directory>
          DavLockDB /var/www/clients/client3/web14/tmp/DavLock
          # DO NOT REMOVE THE COMMENTS!
          # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
          # WEBDAV BEGIN
          # WEBDAV END
        </IfModule>
    
    
    </VirtualHost>
    <VirtualHost [external IP address]:443>
          DocumentRoot /var/www/[domain].nl/web
      
        ServerName [domain].nl
        ServerAlias www.[domain].nl
        ServerAdmin webmaster@[domain].nl
    
        ErrorLog /var/log/ispconfig/httpd/[domain].nl/error.log
    
        Alias /error/ "/var/www/[domain].nl/web/error/"
        ErrorDocument 400 /error/400.html
        ErrorDocument 401 /error/401.html
        ErrorDocument 403 /error/403.html
        ErrorDocument 404 /error/404.html
        ErrorDocument 405 /error/405.html
        ErrorDocument 500 /error/500.html
        ErrorDocument 502 /error/502.html
        ErrorDocument 503 /error/503.html
    
        <IfModule mod_ssl.c>
    	SSLEngine on
        SSLCertificateFile /var/www/clients/client3/web14/ssl/www.[domain].nl.crt
        SSLCertificateKeyFile /var/www/clients/client3/web14/ssl/www.[domain].nl.key
        </IfModule>
    
        <Directory /var/www/[domain].nl/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        <Directory /var/www/clients/client3/web14/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
    
    
        # suexec enabled
        <IfModule mod_suexec.c>
          SuexecUserGroup web14 client3
        </IfModule>
        # Clear PHP settings of this website
        <FilesMatch "\.ph(p3?|tml)$">
            SetHandler None
        </FilesMatch>
        # php as fast-cgi enabled
    	# For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
        <IfModule mod_fcgid.c>
            IdleTimeout 300
            ProcessLifeTime 3600
            # MaxProcessCount 1000
            DefaultMinClassProcessCount 0
            DefaultMaxClassProcessCount 100
            IPCConnectTimeout 3
            IPCCommTimeout 360
            BusyTimeout 300
        </IfModule>
        <Directory /var/www/[domain].nl/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web14/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        <Directory /var/www/clients/client3/web14/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web14/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
    
        # add support for apache mpm_itk
        <IfModule mpm_itk_module>
          AssignUserId web14 client3
        </IfModule>
    
        <IfModule mod_dav_fs.c>
    	  # Do not execute PHP files in webdav directory
          <Directory /var/www/clients/client3/web14/webdav>
    	    <FilesMatch "\.ph(p3?|tml)$">
              SetHandler None
            </FilesMatch>
          </Directory>
          DavLockDB /var/www/clients/client3/web14/tmp/DavLock
          # DO NOT REMOVE THE COMMENTS!
          # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
          # WEBDAV BEGIN
          # WEBDAV END
        </IfModule>
    
    
    </VirtualHost>
    
    [domain2].vhost
    Code:
    <Directory /var/www/[domain2].nl>
        AllowOverride None
        Order Deny,Allow
        Deny from all
    </Directory>
    
    <VirtualHost [external IP address]:80>
          DocumentRoot /var/www/[domain2].nl/web
      
        ServerName [domain2].nl
        ServerAlias www.[domain2].nl
        ServerAdmin webmaster@[domain2].nl
    
        ErrorLog /var/log/ispconfig/httpd/[domain2].nl/error.log
    
        Alias /error/ "/var/www/[domain2].nl/web/error/"
        ErrorDocument 400 /error/400.html
        ErrorDocument 401 /error/401.html
        ErrorDocument 403 /error/403.html
        ErrorDocument 404 /error/404.html
        ErrorDocument 405 /error/405.html
        ErrorDocument 500 /error/500.html
        ErrorDocument 502 /error/502.html
        ErrorDocument 503 /error/503.html
    
        <IfModule mod_ssl.c>
        </IfModule>
    
        <Directory /var/www/[domain2].nl/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        <Directory /var/www/clients/210220203/web15/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
    
    
        # suexec enabled
        <IfModule mod_suexec.c>
          SuexecUserGroup web15 client3
        </IfModule>
        # Clear PHP settings of this website
        <FilesMatch "\.ph(p3?|tml)$">
            SetHandler None
        </FilesMatch>
        # php as fast-cgi enabled
    	# For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
        <IfModule mod_fcgid.c>
            IdleTimeout 300
            ProcessLifeTime 3600
            # MaxProcessCount 1000
            DefaultMinClassProcessCount 0
            DefaultMaxClassProcessCount 100
            IPCConnectTimeout 3
            IPCCommTimeout 360
            BusyTimeout 300
        </IfModule>
        <Directory /var/www/[domain2].nl/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web15/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        <Directory /var/www/clients/210220203/web15/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web15/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
    
        # add support for apache mpm_itk
        <IfModule mpm_itk_module>
          AssignUserId web15 client3
        </IfModule>
    
        <IfModule mod_dav_fs.c>
    	  # Do not execute PHP files in webdav directory
          <Directory /var/www/clients/210220203/web15/webdav>
    	    <FilesMatch "\.ph(p3?|tml)$">
              SetHandler None
            </FilesMatch>
          </Directory>
          DavLockDB /var/www/clients/210220203/web15/tmp/DavLock
          # DO NOT REMOVE THE COMMENTS!
          # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
          # WEBDAV BEGIN
          # WEBDAV END
        </IfModule>
    
    
    </VirtualHost>
    <VirtualHost [external IP address]:443>
          DocumentRoot /var/www/[domain2].nl/web
      
        ServerName [domain2].nl
        ServerAlias www.[domain2].nl
        ServerAdmin webmaster@[domain2].nl
    
        ErrorLog /var/log/ispconfig/httpd/[domain2].nl/error.log
    
        Alias /error/ "/var/www/[domain2].nl/web/error/"
        ErrorDocument 400 /error/400.html
        ErrorDocument 401 /error/401.html
        ErrorDocument 403 /error/403.html
        ErrorDocument 404 /error/404.html
        ErrorDocument 405 /error/405.html
        ErrorDocument 500 /error/500.html
        ErrorDocument 502 /error/502.html
        ErrorDocument 503 /error/503.html
    
        <IfModule mod_ssl.c>
    	SSLEngine on
        SSLCertificateFile /var/www/clients/210220203/web15/ssl/www.[domain2].nl.crt
        SSLCertificateKeyFile /var/www/clients/210220203/web15/ssl/www.[domain2].nl.key
        </IfModule>
    
        <Directory /var/www/[domain2].nl/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        <Directory /var/www/clients/210220203/web15/web>
            Options FollowSymLinks
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
    
    
        # suexec enabled
        <IfModule mod_suexec.c>
          SuexecUserGroup web15 client3
        </IfModule>
        # Clear PHP settings of this website
        <FilesMatch "\.ph(p3?|tml)$">
            SetHandler None
        </FilesMatch>
        # php as fast-cgi enabled
    	# For config options see: http://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
        <IfModule mod_fcgid.c>
            IdleTimeout 300
            ProcessLifeTime 3600
            # MaxProcessCount 1000
            DefaultMinClassProcessCount 0
            DefaultMaxClassProcessCount 100
            IPCConnectTimeout 3
            IPCCommTimeout 360
            BusyTimeout 300
        </IfModule>
        <Directory /var/www/[domain2].nl/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web15/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        <Directory /var/www/clients/210220203/web15/web>
            AddHandler fcgid-script .php .php3 .php4 .php5
            FCGIWrapper /var/www/php-fcgi-scripts/web15/.php-fcgi-starter .php
            Options +ExecCGI
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
    
    
        # add support for apache mpm_itk
        <IfModule mpm_itk_module>
          AssignUserId web15 client3
        </IfModule>
    
        <IfModule mod_dav_fs.c>
    	  # Do not execute PHP files in webdav directory
          <Directory /var/www/clients/210220203/web15/webdav>
    	    <FilesMatch "\.ph(p3?|tml)$">
              SetHandler None
            </FilesMatch>
          </Directory>
          DavLockDB /var/www/clients/210220203/web15/tmp/DavLock
          # DO NOT REMOVE THE COMMENTS!
          # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
          # WEBDAV BEGIN
          # WEBDAV END
        </IfModule>
    
    
    </VirtualHost>
    
     
  5. Erjen

    Erjen New Member

    Well, I just installed ISPConfig 3.0.5 RC1, very interesting version. It solves a lot of problems like now I can choose if the user may use SSL.

    But still, I can't figure out how to configure SSL on one IP-address. it's still not working, even in 3.0.5 RC1 I can't get it to work properly with multiple sites on 1 IP address. Can someone please explain how I have to configure it?

    Thanks thanks.
     
  6. Erjen

    Erjen New Member

    Its finally working.. pff not really much help here but that's probably just me.

    The problem was with the current stable version (3.0.4.6) that you can bring the Apache server down by signing a wrong .crt.
    So before, I deleted everything related to SSL to be able to start the Apache server again. But I also deleted
    Code:
    NameVirtualHost *:443
    from /etc/apache2/ports.conf.

    I replaced that rule and everything is working fine now! And also, you shouldn't choose an IP in sites in ISPConfig, just leave the *.

    cheers
     
    Last edited: Feb 14, 2013

Share This Page