1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 5:14 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

SSL Proxy issue

Redirecting to default vhost sometimes

         

fruitwerks

9:54 pm on May 31, 2010 (gmt 0)

10+ Year Member



So we have a typical and simple SSL Proxy 

<virtualhost *:443>
ProxyRequests Off
SSLProxyEngine on
ProxyPass / https://174.123.47.#*$!:8443/
ProxyPassReverse / https://174.123.47.#*$!:8443/
ServerName plesk.domain.foo
</VirtualHost>


Works at first, but if anyone has used plesk you are familiar with the main content being framed. On certain links in plesk, instead of the framed content loading, I get the default ssl vhost in the content frame. This issue is not restricted to plesk, webmin also does this after saving a setting. The guys on freenode said there no reason my default vhost config had anything to do with this error so what might it be? If you look around, you will see this same config on various sites so I guess it works.

The links that do this always do so. I don't see any reason why this is happening though.

Just in case, here is the default vhost config 


NameVirtualHost *:443

<virtualhost *:80>
DocumentRoot "/var/www/foodomain.com/"
<Directory "/var/www/foodomain.com/"> 
allow from all       
Options FollowSymLinks Indexes   
AllowOverride all      
DirectoryIndex index.php     
</Directory>        
ServerAlias www.foodomain.com   
RewriteEngine On       
RewriteRule ^/?secure/(.*) https://%{HTTP_HOST}/secure/$1 [R,L]
RewriteRule ^/?signup/(.*) https://%{HTTP_HOST}/signup/$1 [R,L]
ServerName foodomain.com         
CustomLog  /var/log/apache2/foodomain.com-access.log combined
ErrorLog  /var/log/apache2/foodomain.com-error.log
LogLevel warn
</VirtualHost>

<virtualhost *:443>
DocumentRoot "/var/www/foodomain.com/"
<Directory "/var/www/foodomain.com/">
allow from all
Options FollowSymLinks Indexes
AllowOverride all
DirectoryIndex index.php
</Directory>
ServerAlias www.foodomain.com
RewriteEngine On
RewriteRule ^([^A-Z]*[A-Z].*)$ ${lc:$1} [R=301,L]
ServerName foodomain.com
CustomLog  /var/log/apache2/foodomain.com-access.log combined
ErrorLog  /var/log/apache2/foodomain.com-error.log
LogLevel warn
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/foodomain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.foodomain.com.key
SSLCertificateChainFile /etc/apache2/ssl/gd_bundle.crt
</VirtualHost>

<VirtualHost *:80>
ServerName foodomain.net
ServerAlias www.foodomain.net
RedirectMatch 301 (.*) http://www.foodomain.com$1
</VirtualHost>


Thanks!

jdMorgan

3:59 pm on Jun 1, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Any SSL gurus in the house?

(Bump)

lammert

9:20 am on Jun 5, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Can you tell us if you use more than one certificate and the proxy and your regular site are listening on the same IP address or different addresses?

I see two times <virtualhost *:443> statements and a NameVirtualHost *:443. It seems that you are trying to turn on name-based virtual hosting on an https connection but that doesn't work in most situations. With SSL encrypted connections, the certificate exchange is done prior to the exchange of the host name. Therefore name-based virtual hosting only works if both domains share the same certificate. This could cause Apache to serve one of the sites randomly. To be honest, I am surprised that this config validates in Apache at all and that Apache doesn't refuse to start.

fruitwerks

7:16 pm on Jun 5, 2010 (gmt 0)

10+ Year Member



It is a wildcard certificate for the domain (just one cert) - I actually forgot about this post! I know this looks like an odd config, but this is how it is done. All you need is a few mods for apache. We have moved away from this config though. We are now running service / admin apps on .net and the public stuff on .com - might as well use it if we are paying for it right!

I really don't know what the issue is, but I will try it again with our newer setup and let you all know what happens.

Thanks!

lammert

4:35 am on Jun 6, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Then let's consider the issue closed for now. Wildcard certificates are interesting things, and the setup with a combination of normal SSL site serving and proxying hasn't been discussed here much. It would be an interesting setup to discuss here. So if you need help making a bullet-proof installation with your newer setup, feel free to come back here.

fruitwerks

4:24 pm on Jun 6, 2010 (gmt 0)

10+ Year Member



Thanks Everyone!

WC certs are indeed mysterious. With our new changes, it is 'ridiculous' to bother with what we were trying to achieve. All of the proxy targets are for in-house use only so we don't mind using self-signed - because the cert is not valid for the .net domain.

I wonder if there will ever be certs for WC.domain.WC - that would probably get messy :)

Thanks Again!

(mods - mark as closed / resolved - don't see such an option anywhere!)
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 5:14 am May 2, 2026