[SOLVED] setting up a website to only answer when accessed through a subdomain?

cmsimike · January 11, 2008

hello all.

i have a subversion repository set up through apache. i also have an ssl set up in order to access this subversion repository. the address to access the repository site is svn.example.com, which has the ip mapped to the server. the problem i am having is, though i have no problem accessing the repository through https://svn.example.com/, i can also get to it like this https://<ip that svn.cmsimike.com maps to>, or any other domain name that maps back to the server (for instance https://www.example2.com/ also then accesses the subversion repository).

my question is, how can i set up apache to only respond with my subversion repository when only accessing it through https://svn.example.com/ ?

here is the sites-available config i am using to get the ssl'ed website up.

(i've changed a few things just for security sake)

NameVirtualHost <private internal ip>.210:443

ServerName svn.example.com

ServerAdmin webmaster@localhost

LogLevel warn

ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log

TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log

SSLEngine on

SSLCertificateFile /etc/apache2/ssl/apache.pem

SSLProtocol all

SSLCipherSuite HIGH:MEDIUM

DAV svn

SVNPath /srv/svn/work

AuthType Basic

AuthName "Subversion Repository"

AuthUserFile /etc/subversion/passwd-work

Require valid-user

</Location>

ServerSignature OFF

</VirtualHost>

thanks for your help!

steviewdr · January 13, 2008

Put in another virtualhost for 443, and place it before svn.example.com in the apache conf.

The first VirtualHost picked up by apache becomes default for https://ip.address/

-steve

cmsimike · January 13, 2008

now it looks like:

NameVirtualHost *:443

</VirtualHost>

ServerName svn.example.com

ServerAdmin webmaster@localhost

LogLevel warn

ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log

TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log

SSLEngine on

SSLCertificateFile /etc/apache2/ssl/apache.pem

SSLProtocol all

SSLCipherSuite HIGH:MEDIUM

DAV svn

SVNPath /srv/svn/work

AuthType Basic

AuthName "Subversion Repository"

AuthUserFile /etc/subversion/passwd-work

Require valid-user

</Location>

ServerSignature OFF

</VirtualHost>

and it is still not working

steviewdr · January 13, 2008

Put in at least a little info in the first Vhost!!

NameVirtualHost *:443

ServerName example.com

ErrorLog /var/www/error.log

TransferLog /var/www/access.log

DocumentRoot /var/www/

SSLEngine on

SSLCertificateFile /etc/apache2/ssl/apache.pem

SSLProtocol all

SSLCipherSuite HIGH:MEDIUM

</VirtualHost>

ServerName svn.example.com

ServerAdmin webmaster@localhost

LogLevel warn

ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log

TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log

SSLEngine on

SSLCertificateFile /etc/apache2/ssl/apache.pem

SSLProtocol all

SSLCipherSuite HIGH:MEDIUM

DAV svn

SVNPath /srv/svn/work

AuthType Basic

AuthName "Subversion Repository"

AuthUserFile /etc/subversion/passwd-work

Require valid-user

</Location>

ServerSignature OFF

</VirtualHost>

Accessing via https://ipaddress will show the first vhost which is config'd properly.

-steve

cmsimike · January 13, 2008

now i have this. when i comment out the second virtual host, the rewrite works. however if i uncomment it, it still defaults to the second virtual host no matter what:

by the way, thank you so very much with your input so far. this is definitely a lot further than i've ever gotten!

NameVirtualHost *:443

SSLEngine on

SSLCertificateFile /etc/apache2/ssl/apache.pem

SSLProtocol all

SSLCipherSuite HIGH:MEDIUM

RewriteEngine On

RewriteCond %{SERVER_PORT} ^443$

RewriteRule ^/(.*) http://www.example.com/$1 [L,R]

</VirtualHost>

ServerName svn.example.com

ServerAdmin webmaster@localhost

LogLevel warn

ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log

TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log

SSLEngine on

SSLCertificateFile /etc/apache2/ssl/svn.example.pem

SSLProtocol all

SSLCipherSuite HIGH:MEDIUM

DAV svn

SVNPath /srv/svn/work

AuthType Basic

AuthName "Subversion Repository"

AuthUserFile /etc/subversion/passwd-work

Require valid-user

</Location>

ServerSignature OFF

</VirtualHost>

steviewdr · January 14, 2008

Your missing a ServerName from your first VirtualHost.

You need to put a ServerName e.g. ServerName www.example.com or misc.example.com in the first VirtualHost.

Once the first VirtualHost has a ServerName and is working, then it will be the default for http://ip.address.

-steve

cmsimike · January 14, 2008

i was worried that putting servername in there would screw things up since the main site (www.example.com) is hosted offsite.

i will try that thanks

cmsimike · January 14, 2008

Your missing a ServerName from your first VirtualHost.

You need to put a ServerName e.g. ServerName www.example.com or misc.example.com in the first VirtualHost.

Once the first VirtualHost has a ServerName and is working, then it will be the default for http://ip.address.

-steve

NameVirtualHost *:443

ServerName example.com

ErrorLog /var/www/error.log

TransferLog /var/www/access.log

DocumentRoot /var/www/

SSLEngine on

SSLCertificateFile /etc/apache2/ssl/apache.pem

SSLProtocol all

SSLCipherSuite HIGH:MEDIUM

</VirtualHost>

ServerName svn.example.com

ServerAdmin webmaster@localhost

LogLevel warn

ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log

TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log

SSLEngine on

SSLCertificateFile /etc/apache2/ssl/apache.pem

SSLProtocol all

SSLCipherSuite HIGH:MEDIUM

DAV svn

SVNPath /srv/svn/work

AuthType Basic

AuthName "Subversion Repository"

AuthUserFile /etc/subversion/passwd-work

Require valid-user

</Location>

ServerSignature OFF

</VirtualHost>

Accessing via https://ipaddress will show the first vhost which is config'd properly.

-steve

Report to moderator Logged

How to Install and Setup Various Linux Services :: http://wiki.kartbuilding.net

cmsimike

n00bie

*

Online Online

Posts: 4

View Profile Email

Re: setting up a website to only answer when accessed through a subdomain?

« Reply #4 on: Yesterday at 04:43:16 PM »

Reply with quoteQuote

now i have this. when i comment out the second virtual host, the rewrite works. however if i uncomment it, it still defaults to the second virtual host no matter what:

by the way, thank you so very much with your input so far. this is definitely a lot further than i've ever gotten!

NameVirtualHost *:443

ServerName www.example.com

SSLEngine on

SSLCertificateFile /etc/apache2/ssl/apache.pem

SSLProtocol all

SSLCipherSuite HIGH:MEDIUM

RewriteEngine On

RewriteCond %{SERVER_PORT} ^443$

RewriteRule ^/(.*) http://www.example.com/$1 [L,R]

</VirtualHost>

ServerName svn.example.com

ServerAdmin webmaster@localhost

LogLevel warn

ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log

TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log

SSLEngine on

SSLCertificateFile /etc/apache2/ssl/svn.example.pem

SSLProtocol all

SSLCipherSuite HIGH:MEDIUM

DAV svn

SVNPath /srv/svn/work

AuthType Basic

AuthName "Subversion Repository"

AuthUserFile /etc/subversion/passwd-work

Require valid-user

</Location>

ServerSignature OFF

</VirtualHost>

added the servername line and it is not working.

steviewdr · January 18, 2008

What does https://ip.address show?

Try using this code, and make sure you have cut out any old vhosts which may be stored elsewhere.

NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName www.example.com
        DocumentRoot /var/www/

        # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
        LogLevel warn
        ErrorLog /var/log/apache2/error.log
        CustomLog /var/log/apache2/access.log combined
        ServerSignature On
</VirtualHost>
<VirtualHost *:443>
        ServerName www.example.com
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.pem
        SSLProtocol all
        SSLCipherSuite HIGH:MEDIUM
      
        RewriteEngine On
        RewriteCond %{SERVER_PORT} ^443$
        RewriteRule ^/(.*) http://www.example.com/$1 [L,R]
</VirtualHost>

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        ServerName svn.example.com
        DocumentRoot /var/www/svn.example.com/

        # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
        LogLevel warn
        ErrorLog /var/log/apache2/error.log
        CustomLog /var/log/apache2/access.log combined
        ServerSignature On
</VirtualHost>
<VirtualHost *:443>
        ServerName svn.example.com
        ServerAdmin webmaster@localhost
        LogLevel warn
        ErrorLog /var/www/svn.example.com/logs/error.svn.example.com.log
        TransferLog /var/www/svn.example.com/logs/transfer.svn.example.com.log
      
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/svn.example.pem
        SSLProtocol all
        SSLCipherSuite HIGH:MEDIUM
            <Location /work>
              DAV svn
              SVNPath /srv/svn/work
              AuthType Basic
              AuthName "Subversion Repository"
              AuthUserFile /etc/subversion/passwd-work
              Require valid-user
            </Location>
        ServerSignature OFF
</VirtualHost>

cmsimike · January 18, 2008

https://ip.address is the base for my subversion repository

if i were to add, https://ip.address/work, i get to that repository.

i guess i should note that www.example.com isnt hosted on the same computer. www.example.com is hosted by a hosted company. i just set up a subdomain svn.example.com that points to the computer hosting the subversion repository. not sure if that makes a difference or not.

thanks for the input. i will try it out in a few and let you know

cmsimike · January 27, 2008

thanks you all so far for the help. the previous conf example is working almost as intended. i can only access the repository from svn.example.com now, however now the problem i am running into is that, since example.com uses two ssl certs (one for the regular site, for the redirection, the other for the svn site specifically) now no matter what site i go to, it uses the first ssl cert. is there any way to correct this?

thanks again !

steviewdr · January 28, 2008

There can only be 1 ssl cert per ip address.

This is because the ssl negotiation must take place first (in order to have a secure connection), before any vhost negotiation.

Typically I use a wildcard SSL cert, e.g. *.example.com for multiple vhosts.

-steve

cmsimike · January 28, 2008

There can only be 1 ssl cert per ip address.

This is because the ssl negotiation must take place first (in order to have a secure connection), before any vhost negotiation.

Typically I use a wildcard SSL cert, e.g. *.example.com for multiple vhosts.

-steve

oh i had NO idea you could do wildcard SSL certs. i will try that. thanks!

cmsimike · January 28, 2008

thank you all very much for all the help. the server is now working exactly how i wanted it to!

Sign In

[SOLVED] setting up a website to only answer when accessed through a subdomain?

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information