Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by megaspaz: http://wiki.apache.org/httpd/ScratchPad/CommonMisconfigurations ------------------------------------------------------------------------------ === Name Based Virtual Host === - 1. Not matching the value of !NameVirtualHost with a corresponding <!VirtualHost> block.[[BR]] + ==== 1. Not matching the value of NameVirtualHost with a corresponding <VirtualHost> block. ==== Example: {{{NameVirtualHost *:80 @@ -24, +24 @@ Why is the first virtual host wrong? It's wrong on a couple of levels. The most obvious is that some.domain.com used in the first <!VirtualHost> block doesn't match *:80 used in !NameVirtualHost. The other being that NameVirtualHost refers to an interface, not a domain. For instance using *:80, means catch all interfaces on port 80. !NameVirtualHost 1.1.1.1:80, would mean to catch the interface defined as 1.1.1.1 on port 80. While you can use a "!NameVirtualHost some.domain.com/<!VirtualHost some.domain.com>" combination, it doesn't really make sense and is not used... at least not used by anyone who's experienced with Apache administration.[[BR]][[BR]] - 2. Not setting a !ServerName in a virtual host.[[BR]] + ==== 2. Not setting a ServerName in a virtual host. ==== Example: {{{NameVirtualHost *:80 @@ -42, +42 @@ The second virtual host is wrong because when using name based virtual hosts, the !ServerName is used by Apache to determine which virtual host configuration to use. Without it, Apache will never use the second virtual host configuration and will use the default virtual host. The default virtual host when using name based virtual hosts is the first defined virtual host.[[BR]][[BR]] - 3. Mixing !NameVirtualHost * with !NameVirtualHost *:<some port>.[[BR]] + ==== 3. Mixing NameVirtualHost * with NameVirtualHost *:<some port>. ==== Example: {{{NameVirtualHost * NameVirtualHost *:80 @@ -58, +58 @@ </VirtualHost> }}} - Because !NameVirtualHost * means catch on all interfaces on all ports, the *:80 virtual host will never be caught. Every request to Apache will result in the some.domain.com virtual host being used. + Because !NameVirtualHost * means catch on all interfaces on all ports, the *:80 virtual host will never be caught. Every request to Apache will result in the some.domain.com virtual host being used.[[BR]][[BR]] + ==== 4. Mutliple SSL name based virtual hosts on the same interface. ==== + Example: + {{{NameVirtualHost *:443 + + <VirtualHost *:443> + ServerName some.domain.com + # SSL options, other options, and stuff defined here. + </VirtualHost> + + <VirtualHost *:443> + ServerName some.domain2.com + # SSL options, other options, and stuff defined here. + </VirtualHost> + }}} + + Because of the nature of SSL, host information isn't used when first establishing an SSL connection. Apache will always use the certificate of the default virtual host, which is the first defined virtual host in name based virtual hosts. While this doesn't mean that you won't ever be able to access the second virtual host, it does mean your users will always get a certificate mismatch popup warning when trying to access some.domain2.com. Read more about this at [http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2].[[BR]][[BR]] + Also, note that the configuration above isn't something someone would normally use for SSL. However, using !NameVirtualHost *:443 is commonly seen in howtos for Debian/Ubuntu.[[BR]][[BR]] +
