Msg#: 4421907 posted 10:46 am on Feb 26, 2012 (gmt 0)
I have a pretty straightforward question about setting up virtualhosts in both the httpd.conf and ssl.conf.
I have 3 domains that I'm hosting on my machine, two use ssl and one doesn't. When I set up the httpd.conf file I went ahead & included all 3 domains in the virtualhosts section. I then set up the two domains that require ssl in the ssl.conf virtualhosts section. For the two domains that use ssl, I specified an ip address rather than a hostname. When I start apache, it gives me a warning about the setup:
VirtualHost www.domain1.com:80 overlaps with VirtualHost 111.222.333.444:80, the first has precedence, perhaps you need a NameVirtualHost directive
The first virtualhost is the domain that doesn't need ssl. Since the other domain is configured in the ssl.conf & has the .htaccess configured to always redirect to https, all three of the sites are running and the content from the correct directory is shown on the appropriate domain.
My question is - is this something that I should be concerned about? Should I just remove the two domains that don't need ssl from httpd.conf?
Msg#: 4421907 posted 12:53 pm on Feb 27, 2012 (gmt 0)
For what it's worth, my setup for one SSL site and numerous non-SSL sites is like this: NameVirtualHost *:80 <VirtualHost *:80> ServerName www.example.com ... </VirtualHost> <VirtualHost *:80> ServerName sub1.example.com ... </VirtualHost>
Msg#: 4421907 posted 9:30 am on Feb 28, 2012 (gmt 0)
For the same reason you specified one in your configuration. :)
I probably need to use a NameVirtualHost directive like you've done. I'd ask you what your reasoning was, but I have a feeling you may have followed some type of setup guide?
Technically, the sites load the way I want without problems. My main concern is whether there might be some type of security risk here. Also, for the sites that use ssl the virtualhost configuration is in ssl.conf, not httpd.conf, so I could simply eliminate the error I get from apache by removing the virtualhosts defined in httpd.conf for the secure sites since they will load correctly anyway without those definitions. Is this the way you have your set up?