Jump to content

[SOLVED] setting up a website to only answer when accessed through a subdomain?


cmsimike

Recommended Posts

hello all.

 

i have a subversion repository set up through apache. i also have an ssl set up in order to access this subversion repository. the address to access the repository site is svn.example.com, which has the ip mapped to the server. the problem i am having is, though i have no problem accessing the repository through https://svn.example.com/, i can also get to it like this https://<ip that svn.cmsimike.com maps to>, or any other domain name that maps back to the server (for instance https://www.example2.com/ also then accesses the subversion repository).

 

my question is, how can i set up apache to only respond with my subversion repository when only accessing it through https://svn.example.com/ ?

 

here is the sites-available config i am using to get the ssl'ed website up.

(i've changed a few things just for security sake)

 

 

NameVirtualHost <private internal ip>.210:443

<VirtualHost svn.example.com:443>

  ServerName svn.example.com

  ServerAdmin webmaster@localhost

  LogLevel warn

  ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log

  TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log

 

  SSLEngine on

  SSLCertificateFile /etc/apache2/ssl/apache.pem

  SSLProtocol all

  SSLCipherSuite HIGH:MEDIUM

  <Location /work>

    DAV svn

    SVNPath /srv/svn/work

    AuthType Basic

    AuthName "Subversion Repository"

    AuthUserFile /etc/subversion/passwd-work

    Require valid-user

  </Location>

  ServerSignature OFF

</VirtualHost>

 

 

thanks for your help!

 

Link to comment
Share on other sites

now it looks like:

 

NameVirtualHost *:443

 

<VirtualHost *:443>

 

</VirtualHost>

 

<VirtualHost svn.example.com:443>

  ServerName svn.example.com

  ServerAdmin webmaster@localhost

  LogLevel warn

  ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log

  TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log

 

  SSLEngine on

  SSLCertificateFile /etc/apache2/ssl/apache.pem

  SSLProtocol all

  SSLCipherSuite HIGH:MEDIUM

  <Location /work>

    DAV svn

    SVNPath /srv/svn/work

    AuthType Basic

    AuthName "Subversion Repository"

    AuthUserFile /etc/subversion/passwd-work

    Require valid-user

  </Location>

  ServerSignature OFF

</VirtualHost>

 

 

and it is still not working :(

Link to comment
Share on other sites

Put in at least a little info in the first Vhost!!

 

NameVirtualHost *:443

 

<VirtualHost *:443>

  ServerName example.com

  ErrorLog /var/www/error.log

  TransferLog /var/www/access.log

  DocumentRoot /var/www/

 

  SSLEngine on

  SSLCertificateFile /etc/apache2/ssl/apache.pem

  SSLProtocol all

  SSLCipherSuite HIGH:MEDIUM 

</VirtualHost>

 

<VirtualHost svn.example.com:443>

  ServerName svn.example.com

  ServerAdmin webmaster@localhost

  LogLevel warn

  ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log

  TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log

 

  SSLEngine on

  SSLCertificateFile /etc/apache2/ssl/apache.pem

  SSLProtocol all

  SSLCipherSuite HIGH:MEDIUM

  <Location /work>

    DAV svn

    SVNPath /srv/svn/work

    AuthType Basic

    AuthName "Subversion Repository"

    AuthUserFile /etc/subversion/passwd-work

    Require valid-user

  </Location>

  ServerSignature OFF

</VirtualHost>

 

 

Accessing via https://ipaddress will show the first vhost which is config'd properly.

 

-steve

Link to comment
Share on other sites

now i have this. when i comment out the second virtual host, the rewrite works. however if i uncomment it, it still defaults to the second virtual host no matter what:

 

by the way, thank you so very much with your input so far. this is definitely a lot further than i've ever gotten!

NameVirtualHost *:443

<VirtualHost *:443>

  SSLEngine on

  SSLCertificateFile /etc/apache2/ssl/apache.pem

  SSLProtocol all

  SSLCipherSuite HIGH:MEDIUM

 

  RewriteEngine On

  RewriteCond %{SERVER_PORT} ^443$

  RewriteRule ^/(.*) http://www.example.com/$1 [L,R]

</VirtualHost>

 

<VirtualHost svn.example.com:443>

  ServerName svn.example.com

  ServerAdmin webmaster@localhost

  LogLevel warn

  ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log

  TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log

 

  SSLEngine on

  SSLCertificateFile /etc/apache2/ssl/svn.example.pem

  SSLProtocol all

  SSLCipherSuite HIGH:MEDIUM

  <Location /work>

    DAV svn

    SVNPath /srv/svn/work

    AuthType Basic

    AuthName "Subversion Repository"

    AuthUserFile /etc/subversion/passwd-work

    Require valid-user

  </Location>

  ServerSignature OFF

</VirtualHost>

Link to comment
Share on other sites

Your missing a ServerName from your first VirtualHost.

You need to put a ServerName e.g. ServerName www.example.com or misc.example.com in the first VirtualHost.

 

Once the first VirtualHost has a ServerName and is working, then it will be the default for http://ip.address.

 

-steve

 

NameVirtualHost *:443

 

<VirtualHost *:443>

  ServerName example.com

  ErrorLog /var/www/error.log

  TransferLog /var/www/access.log

  DocumentRoot /var/www/

 

  SSLEngine on

  SSLCertificateFile /etc/apache2/ssl/apache.pem

  SSLProtocol all

  SSLCipherSuite HIGH:MEDIUM

</VirtualHost>

 

<VirtualHost svn.example.com:443>

  ServerName svn.example.com

  ServerAdmin webmaster@localhost

  LogLevel warn

  ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log

  TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log

 

  SSLEngine on

  SSLCertificateFile /etc/apache2/ssl/apache.pem

  SSLProtocol all

  SSLCipherSuite HIGH:MEDIUM

  <Location /work>

    DAV svn

    SVNPath /srv/svn/work

    AuthType Basic

    AuthName "Subversion Repository"

    AuthUserFile /etc/subversion/passwd-work

    Require valid-user

  </Location>

  ServerSignature OFF

</VirtualHost>

 

 

Accessing via https://ipaddress will show the first vhost which is config'd properly.

 

-steve

Report to moderator  Logged

How to Install and Setup Various Linux Services :: http://wiki.kartbuilding.net

cmsimike

n00bie

*

Online Online

 

Posts: 4

 

 

View Profile Email

 

 

Re: setting up a website to only answer when accessed through a subdomain?

« Reply #4 on: Yesterday at 04:43:16 PM »

Reply with quoteQuote

now i have this. when i comment out the second virtual host, the rewrite works. however if i uncomment it, it still defaults to the second virtual host no matter what:

 

by the way, thank you so very much with your input so far. this is definitely a lot further than i've ever gotten!

NameVirtualHost *:443

<VirtualHost *:443>

  ServerName www.example.com

  SSLEngine on

  SSLCertificateFile /etc/apache2/ssl/apache.pem

  SSLProtocol all

  SSLCipherSuite HIGH:MEDIUM

 

  RewriteEngine On

  RewriteCond %{SERVER_PORT} ^443$

  RewriteRule ^/(.*) http://www.example.com/$1 [L,R]

</VirtualHost>

 

<VirtualHost svn.example.com:443>

  ServerName svn.example.com

  ServerAdmin webmaster@localhost

  LogLevel warn

  ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log

  TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log

 

  SSLEngine on

  SSLCertificateFile /etc/apache2/ssl/svn.example.pem

  SSLProtocol all

  SSLCipherSuite HIGH:MEDIUM

  <Location /work>

    DAV svn

    SVNPath /srv/svn/work

    AuthType Basic

    AuthName "Subversion Repository"

    AuthUserFile /etc/subversion/passwd-work

    Require valid-user

  </Location>

  ServerSignature OFF

</VirtualHost>

 

 

added the servername line and it is not working.

Link to comment
Share on other sites

What does https://ip.address show?

 

Try using this code, and make sure you have cut out any old vhosts which may be stored elsewhere.

 

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName www.example.com
        DocumentRoot /var/www/

        # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
        LogLevel warn
        ErrorLog /var/log/apache2/error.log
        CustomLog /var/log/apache2/access.log combined
        ServerSignature On
</VirtualHost>
<VirtualHost *:443>
        ServerName www.example.com
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.pem
        SSLProtocol all
        SSLCipherSuite HIGH:MEDIUM
      
        RewriteEngine On
        RewriteCond %{SERVER_PORT} ^443$
        RewriteRule ^/(.*) http://www.example.com/$1 [L,R]
</VirtualHost>

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName svn.example.com
        DocumentRoot /var/www/svn.example.com/

        # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
        LogLevel warn
        ErrorLog /var/log/apache2/error.log
        CustomLog /var/log/apache2/access.log combined
        ServerSignature On
</VirtualHost>
<VirtualHost *:443>
        ServerName svn.example.com
        ServerAdmin webmaster@localhost
        LogLevel warn
        ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log
        TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log
      
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/svn.example.pem
        SSLProtocol all
        SSLCipherSuite HIGH:MEDIUM
            <Location /work>
              DAV svn
              SVNPath /srv/svn/work
              AuthType Basic
              AuthName "Subversion Repository"
              AuthUserFile /etc/subversion/passwd-work
              Require valid-user
            </Location>
        ServerSignature OFF
</VirtualHost>

Link to comment
Share on other sites

https://ip.address is the base for my subversion repository

if i were to add, https://ip.address/work, i get to that repository.

 

i guess i should note that www.example.com isnt hosted on the same computer. www.example.com is hosted by a hosted company. i just set up a subdomain svn.example.com that points to the computer hosting the subversion repository. not sure if that makes a difference or not.

 

thanks for the input. i will try it out in a few and let you know

Link to comment
Share on other sites

  • 2 weeks later...

thanks you all so far for the help. the previous conf example is working almost as intended. i can only access the repository from svn.example.com now, however now the problem i am running into is that, since example.com uses two ssl certs (one for the regular site, for the redirection, the other for the svn site specifically) now no matter what site i go to, it uses the first ssl cert. is there any way to correct this?

 

 

thanks again !

Link to comment
Share on other sites

There can only be 1 ssl cert per ip address.

 

This is because the ssl negotiation must take place first (in order to have a secure connection), before any vhost negotiation.

 

Typically I use a wildcard SSL cert, e.g. *.example.com  for multiple vhosts.

 

-steve

Link to comment
Share on other sites

There can only be 1 ssl cert per ip address.

 

This is because the ssl negotiation must take place first (in order to have a secure connection), before any vhost negotiation.

 

Typically I use a wildcard SSL cert, e.g. *.example.com  for multiple vhosts.

 

-steve

oh i had NO idea you could do wildcard SSL certs. i will try that. thanks!

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.