Help with configuring Apache for SSL for multiple sites on single IP address

I’m trying to set up Apache to host owncloud and davical (a carddav and caldav server) on my home PC. I’ve managed to get everything working with plain http but would now like to set up ssl encryption, i.e. connect by https.

I’ve created my own signed certificate as described here and created the corresponding vhost files. My problem is that I can only access one site the two sites via ssl. I read through the openSUSE 12.2. apache manualand specifically the section 20.6.2.1. Name-Based Virtual Hosts and SSL. I think I’m going wrong with fully understanding name based virtual hosts using a single IP address.

If I type “https://192.168.1.68” into the browser it opens the davical web page fine. If I type “https://192.168.1.68/owncloud” I get an "object not found message - error 404. I’d appreciate any guidance as I’m going round in circles and getting more confused.

My set up is as follows:
The IP address of the server is 192.168.1.68
Running oS 12.2
The vhosts files are as follows:
davical-ssl.conf

# Virtual Host DAViCal
<VirtualHost 192.168.1.68:443>
  DocumentRoot /usr/share/davical/htdocs
  DirectoryIndex index.php index.html
  ServerName davical
# ServerAlias 192.168.1.68/davical
  Alias /images/ /usr/share/davical/htdocs/images/
  SSLEngine on
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  SSLCertificateFile /etc/apache2/ssl.crt/server.crt
  SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
  <Directory /usr/share/davical/htdocs/>
      AllowOverride None
      Order allow,deny
      Allow from all
  </Directory>
  AcceptPathInfo On
  #
  #  You probably don't need to enable any of these sorts of things other than in exceptional
  #  circumstances.  Apart from the include path (which DAViCal will discover if it is anywhere
  #  'normal') they are the default in newer PHP versions. 
  #
  # php_value include_path /usr/share/awl/inc
  # php_value magic_quotes_gpc 0
  # php_value register_globals 0
  # php_value error_reporting "E_ALL & ~E_NOTICE"
  # php_value default_charset "utf-8"
 # ErrorLog /var/log/apache2/davical.error.log
 # Transferlog /var/log/apache2/davical.access.log
</VirtualHost> 

owncloud-ssl.conf

# Virtual Host ownCloud
<VirtualHost 192.168.1.68:443>
 DocumentRoot /srv/www/htdocs
 ServerName owncloud
 ServerAlias 192.168.1.68/owncloud
 SSLEngine on
 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 SSLCertificateFile /etc/apache2/ssl.crt/server.crt
 SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
 <Directory /srv/www/htdocs/owncloud>
  AllowOverride all
  Order allow,deny
  Allow from all
 </Directory>
 ScriptAlias /cgi-bin/ /srv/www/cgi-bin
 <Directory /srv/www/cgi-bin>
  AllowOverride None
  Options +ExecCGI -Includes
  Order allow,deny
  Allow from all
 </Directory>
</VirtualHost>

listen.conf

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports. See also the <VirtualHost> directive.
#
# http://httpd.apache.org/docs-2.2/mod/mpm_common.html#listen
#
# Change this to Listen on specific IP addresses as shown below to 
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
# When we also provide SSL we have to listen to the 
# standard HTTP port (see above) and to the HTTPS port
#
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
#       Listen directives: "Listen ::]:443" and "Listen 0.0.0.0:443"
#
#Listen 12.34.56.78:80
#Listen 80
#Listen 443
# Line below added by GJ - Listen 8040
Listen 8040
Listen 80


<IfDefine SSL>
    <IfDefine !NOSSL>
    <IfModule mod_ssl.c>

        Listen 443

    </IfModule>
    </IfDefine>
</IfDefine>


# Use name-based virtual hosting
# 
# - on a specified address / port:
#
#NameVirtualHost 12.34.56.78:80
#
# - name-based virtual hosting:
#
#NameVirtualHost *:80
#
# - on all addresses and ports. This is your best bet when you are on
#   dynamically assigned IP addresses:
#
#NameVirtualHost *
NameVirtualHost *:80
NameVirtualHost *:8040
NameVirtualHost *:443

First, is there some reason why you didn’t post in the Technical Help Forums (Applications) instead of this forum which specfically is titled “Other than Support” ?
(Forum Admin - hint, hint)

As for your specific problem, you should consider what it means for sites to be “Name Based.”
It means that you’re not serving your sites by IP address, only the first site is accessible that way.

Note that to implement Name Based “anything” you also need to configure client name resolution (eg DNS or Hosts file).

The alternative to Name Based when sharing the same IP address is to deploy each webite using a different port.

HTH,
TSU

Oops. I didn’t notice it was the wrong forum. When browsing the forum I usually like to have multiple tabs open of the various forum sections and posted in the wrong one by accident. Can a forum mod please move it.

On to your reply. I am hearing what you say but am not fully understanding. I’ve trawled google for tutorials on setting up apache for name based sites but their examples always seem simplified and don’t seem to work when I apply them to my set up. I’ve had to leave it for a while as I got busy with other things but I’ll have another look later.

I use the method of having different sites on different ports for the non encrypted versions but I thought for HTTPS it had to be port 443 so you couldn’t have different secure ports.

Hi
Closing thread and moving to applications :wink:

nntp users, please don’t respond until the thread is moved.

Thread moved and reopend :slight_smile:

Port 443 is only the default SSL port, you can specify any unused port you want but of course using default port numbers makes it easier/simpler for client browser URLs.

Bottom line is that of course you ran into your posted problem because only the first Named website is also accessible using an IP address (because it’s default). Trying to access any other Named website by IP address will fail, you need to use the Hostname, ie configured website name.

The reason why I mentioned using non-default port numbers is because that method <will> work if you wish to access the website using the IP address.

HTH,
TSU

Thanks tsu2. I’ll try give it another go when I have more time to mess with it. But to be clear:

Let’s say I have given my server the name pc1.
I have website call davical.
I have a second website called owncloud.

In my hosts file on the server do I set my IP 192.168.1.68 to pc1 as well as davical and owncloud? At the moment it just sets the IP to pc1.

So in the virtual hosts files where <Virtualhost> is defined do I use the server name or website name instead of the IP address? I.E. <Virtualhost pc1:443> or <Virtualhost davical:443> instead of <Virtualhost 192.168.1.68:443>?

Would I also need to set the same IP to hostname mapping in my client’s hostfile?