apache2 - Apache virtual hosts https works but http takes to ...

Asked3 years, 11 months ago

Viewed3k times

I'm using amazon linux with apache (Apache/2.4.25 (Amazon)). I have a few domains and a few handful of subdomains. I use letsencrypt/cerbot for ssl certificates. This works. I can access https without issue. However, I cannot access any of my non default http virtual hosts. They all re-route to the default virtual host. I've only found a few other posts like this without resolution and this appears to be difficult to search for. Letsencrypt complained that I needed separate files for virtual hosts so thats what i did for http and https. I have ended up moving all of the http ones into the httpd.conf and that doesn't work either. I have "A" records for my domains and subdomains as well. What am I missing?

###Begin httpd.conf###ServerRoot "/etc/httpd"Listen 80Include conf.modules.d/*.confUser nona_yo_bizGroup nona_yo_bizServerAdmin support@example.comAllowOverride noneRequire all deniedAllowOverride All# Allow open access:Require all grantedOptions FollowSymLinksAllowOverride AllRequire all granted# Load config files in the "/etc/httpd/conf.d" directory, if any.# This is where my ssl files are storedIncludeOptional conf.d/*.conf#Some other module crap etc#Some other AWS settingsOptions FollowSymLinksAllowOverride AllDirectoryIndex index.html index.phpRequire all grantedServerAdmin support@example.comDocumentRoot "/var/www/html/basesite"ServerName basesite.comServerAdmin support@example.comDocumentRoot "/var/www/html/sub1example"ServerName sub1.example.comServerAdmin support@example.comDocumentRoot "/var/www/html/sub2example"ServerName sub2.example.comServerAdmin support@example.comDocumentRoot "/var/www/html/example"ServerName example.com###End httpd.conf######BEGIN ssl.conf###Listen 443 https#Some other stuffDocumentRoot "/var/www/html/basesite"ServerName basesite.com:443ErrorLog logs/ssl_error_logTransferLog logs/ssl_access_logLogLevel warnSSLEngine onSSLProtocol all -SSLv3SSLProxyProtocol all -SSLv3SSLHonorCipherOrder on#Some other stuffCustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"ServerAdmin support@example.comSSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pemSSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem###END ssl.conf###Separate conf file for vhost###ServerAdmin support@example.comDocumentRoot "/var/www/html/sub1example"ServerName sub1.example.com:443SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pemSSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem###Separate conf file for vhost###ServerAdmin support@example.comDocumentRoot "/var/www/html/sub2example"ServerName sub2.example.com:443SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pemSSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem###Separate conf file for vhost###ServerAdmin support@example.comDocumentRoot "/var/www/html/example"ServerName example.com:443SSLCertificateFile /etc/letsencrypt/live/basesite.com/fullchain.pemSSLCertificateKeyFile /etc/letsencrypt/live/basesite.com/privkey.pem

Edit apachectl -S output

sudo apachectl -SVirtualHost configuration:*:443is a NameVirtualHost default server basesite.com (/etc/httpd/conf.d/ssl.conf:57) port 443 namevhost basesite.com (/etc/httpd/conf.d/ssl.conf:57) port 443 namevhost sub1.example.com (/etc/httpd/conf.d/ssl_sub1_exa.conf:1) port 443 namevhost example.com (/etc/httpd/conf.d/ssl_exa.conf:1) port 443 namevhost sub2.example.com (/etc/httpd/conf.d/ssl_sub2_exa.conf:1)*:80 is a NameVirtualHost default server basesite.com (/etc/httpd/conf/httpd.conf:392) port 80 namevhost basesite.com (/etc/httpd/conf/httpd.conf:392) port 80 namevhost sub1.example.com (/etc/httpd/conf/httpd.conf:400) alias sub1.example.com:80 port 80 namevhost example.com (/etc/httpd/conf/httpd.conf:407)ServerRoot: "/etc/httpd"Main DocumentRoot: "/var/www/html/"Main ErrorLog: "/etc/httpd/logs/error_log"Mutex default: dir="/var/run/httpd/" mechanism=defaultMutex mpm-accept: using_defaultsMutex cache-socache: using_defaultsMutex authdigest-opaque: using_defaultsMutex watchdog-callback: using_defaultsMutex proxy-balancer-shm: using_defaultsMutex rewrite-map: using_defaultsMutex ssl-stapling-refresh: using_defaultsMutex authdigest-client: using_defaultsMutex ssl-stapling: using_defaultsMutex proxy: using_defaultsMutex authn-socache: using_defaultsMutex ssl-cache: using_defaultsPidFile: "/var/run/httpd/httpd.pid"Define: DUMP_VHOSTSDefine: DUMP_RUN_CFGUser: name="nona_yo_biz" id=404Group: name="nona_yo_biz" id=505

asked Oct 12 '17 at 5:34

vdidxhovdidxho

12511 silver badge1111 bronze badges

So I have resolved the problem and unfortunately it was a combination of trying several different things. So I don't have a simple answer to provide but I can provide some of the things that helped me along the way.

Thanks to Vasya Zhuryk I used sudo apachectl -S to determine where/how my virtualhosts were actually being loaded. In Amazon Linux apache default setup your ssl files are dynamically loaded from conf.d when they end in ".conf." They are loaded in from the main httpd.conf file via IncludeOptional conf.d/*.conf. As i had previously realized, don't leave your backups in conf.d with ".conf" or you'll end up with problems. This does not however occur in the conf folder. So those need to be included with Include /path to file/file.conf. I found that when private browsing in chrome (ctrl+shift+N), the non ssl sites worked fine. So clearing AutoFill Form Data (and possibly cached images and files) since "the beginning of time" cleared the bad domain redirect in chrome. It was very misleading because as I would type the address, the correct domain name would show but would always redirect to the wrong one. This is likely because of a previous poorly configured virtualhosts.

Again there were a lot of things done and tried along the way but the above were some key points that may help others.

answered Oct 17 '17 at 15:43

vdidxhovdidxho

12511 silver badge1111 bronze badges

I don't see a entry for NameVirtualHost *:80, for name based virtualhost this is an entry you will need in your configuration file. Just give it a try.

answered Oct 12 '17 at 6:08

ShantanuShantanu

1,8991414 silver badges1515 bronze badges

1

I have 2 idea:(see virtual hosts)

1. httpd -S

And

2. SSLCertificateKeyFile must have *.key extension

You don`t have virtual host directive of rules(index.php, enabling .htaccess and other), you can try this:

ServerAdmin support@example.comDocumentRoot "/var/www/html/basesite"ServerName basesite.comOptions Indexes FollowSymLinksAllowOverride AllDirectoryIndex index.php index.htmlRequire all granted

answered Oct 12 '17 at 8:34

Vasyl ZhurykVasyl Zhuryk

1,08777 silver badges2121 bronze badges

2

You need to add "NS" record to domain admin panel.

answered Oct 17 '17 at 15:17

Vasyl ZhurykVasyl Zhuryk

1,08777 silver badges2121 bronze badges

Stack Overflow works best with JavaScript enabled

Your privacy

By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.