apache2 namevirtualhost resolving wrong site
Posted
by joe
on Server Fault
See other posts from Server Fault
or by joe
Published on 2010-03-03T01:07:21Z
Indexed on
2010/04/20
19:14 UTC
Read the original article
Hit count: 486
apache2
|virtualhosts
Running apache 2.2.6. I'm setting up a development environment.
dev and production will be hosted on the same machine, same IP address.
DNS entries like prod.domain.com and dev.domain.com point to the same IP.
* Imprortant: it is required that dev and prod are otherwise completely separate. Each will run it's own apache instance. Each will use it's own apache configuration.
Each, prod and dev, will host http and https.
I have this set up and working, but not as restrictive as I'd like.
For instance, the production config:
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80 >
ServerName prod.domain.com
# ... etc
</VirtualHost>
<VirtualHost *:443 >
ServerName prod.domain.com
# ... etc
</VirtualHost>
The dev site is set up similarly, using ports 8080 and 4443.
Each site works fine. But assuming both apaches are running, one can also hit "cross-site" by mistake. So, inadvertently hitting prod.domain.com:8080 successfully returns a page from the dev site. It would be much better if this failed completely.
This is a bit more difficult to solve (for me) because of the need for two apache configs. If all in one, the single process would have full knowledge of everything.
So, I tried to solve this with brute force, including virtual hosts for the "other" site, with something that would fail, like no access to documentroot. But apache then inexplicably finds the "wrong" virtual host.
Here's the full config for production, with the dummy dev configs.
NameVirtualHost *:80
NameVirtualHost *:443
# ----------------------------------------------
# DUMMY HOSTS
<VirtualHost *:8080 >
ServerName dev.domain.com:8080
DocumentRoot /tmp/
<Directory /tmp/ >
Order deny,allow
Deny from all
</Directory>
</VirtualHost>
<VirtualHost *:4443 >
ServerName dev.domain.com:4443
DocumentRoot /tmp/
<Directory /tmp/ >
Order deny,allow
Deny from all
</Directory>
</VirtualHost>
# ----------------------------------------------
# REAL PRODUCTION HOSTS
<VirtualHost *:80 >
ServerName prod.domain.com:80
DocumentRoot /something/valid/
<Directory /something/valid/>
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443 >
ServerName prod.domain.com:443
DocumentRoot /something/valid/
<Directory /something/valid/>
Order allow,deny
Allow from all
</Directory>
# .... other valid ssl setup
</VirtualHost>
Here's the strange thing. With this configuration, a prod.domain.com:80 hit succeeds. But a prod.domain.com:443 hit fails, because it finds the dev.domain.com:4443 instead. I've also tried removing the port from the ServerName, but it still doesn't work.
Sorry for the long question. Hopefully this is enough information. Thanks in advance for any help.
© Server Fault or respective owner