Mobile app version of vmapp.org
Login or Join
Cooney921

: Multiple Apache vhosts with Basic Auth & SSL I'm just getting started using Apache and I pretty much have everything configured the way I want, I'm just having trouble with one aspect. A

@Cooney921

Posted in: #Apache #Authentication #Https #Virtualhost

I'm just getting started using Apache and I pretty much have everything configured the way I want, I'm just having trouble with one aspect. A quick overview: I have a document root of "/var/www", then I have two sites at "/var/www/site1" and "/var/www/site2". Both sites have SSL and authenticate using a simple htpasswd file and run on two different ports (443 & 444). Everything works as I would expect, the auth and SSL both work fine. The only problem is that I can access "site2" without a password under certain conditions.

If I browse to "https://10.0.0.13:444/site2" I get the SSL and auth prompt, I can log in and everything works fine. The same goes for "site1", both the SSL and auth work correctly. However if I browse to "https://10.0.0.13/site2", then Apache lets me access "site2" without a password. Both site1 and site2 DNS resolve to the server's IP address. I know it's gotta be something that I'm just not understanding with the vhosts configuration. I've poked around a lot and cannot seem to get it working nor have I found an example online that helps me figure it out either. Any help would be greatly appreciated!! Here is the current "default-ssl" vhost configuration I'm using:

<VirtualHost *:443>
ServerName site1.domain.com
ServerAdmin site1@localhost

SSLEngine on
SSLCertificateFile /etc/apache2/site1.pem

DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined

<Location /site1>
AuthType Digest
AuthName "site1"
AuthDigestDomain /var/www/site1/ site1.domain.com/site1
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/site1"
</Location>
</VirtualHost>

<VirtualHost *:444>
ServerName site2.domain.com
ServerAdmin site2@localhost

SSLEngine on
SSLCertificateFile /etc/apache2/site2.pem

DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined

<Location /site2>
AuthType Digest
AuthName "site2"
AuthDigestDomain /var/www/site2/ site2.domain.com/site2
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/site2"
</Location>
</VirtualHost>

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Cooney921

1 Comments

Sorted by latest first Latest Oldest Best

 

@Kristi941

@Cragmuer If all you want to do is host two different directories with separate user authentication, just add another <location> directive to your site config. I will assume that you have your ports.conf file setup correctly but I'll include a sample anyway. An example configuration would look like something like this:

/etc/apache2/sites-available

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/cert-file.pem

DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/>
Options -Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined

<Location /site1>
AuthType Digest
AuthName "site1"
AuthDigestDomain /var/www/site1/ 10.0.0.13/site1
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/site1"
</Location>

<Location /site2>
AuthType Digest
AuthName "site2"
AuthDigestDomain /var/www/site2/ 10.0.0.13/site2
AuthDigestProvider file
AuthUserFile /etc/apache2/htpasswd
Require valid-user
SetEnv R_ENV "/var/www/site2"
</Location>
</VirtualHost>


/etc/apache2/ports.conf

<IfModule mod_ssl.c>
NameVirtualHost *:443
Listen 443
</IfModule>

<IfModule mod_gnutls.c>
Listen 443
</IfModule>


If you want to add more directories simply insert another <location> directive. Now if you want to actually host separate domains with different document roots, then you need to look into using the NamedVirtualHost directive. Also you don't need two different certificate files for the configuration you posted, one will work just fine.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme