Handling multiple SSL sites on a single IP address using Apache mod_rewrite

Category : Programming, Technology, Web Design, Work

Recently at work we needed to come up with a way to have multiple sites using SSL on a single IP address. Each site used a different sub domain.

Normally with Apache, each site set up with SSL needs it’s own unique IP address, however by adding some clever internal redirect code into the Apache config files, it is possible to achieve exactly what we needed. I’m posting this here in case anyone else has the same problem and happens to come across this post!

 

This is done in the conf/httpd-vhosts.conf file.

One thing to note is that any other vhosts setup already for specific subdomains will continue to function as normal and will bypass this code entirely.

1. Firstly, the server must be assigned an unused SSL IP address which will handle all the site subdomains. In the example below, this IP address is: 123.45.67.89

2. Insert virtual hosts containing the rewrite code, into Apache

Below is the apache config code which achieves this. This can be lifted and added to a new server when needed. I have added some comments to explain what it is doing

# first we add a vhost for all port 80 traffic. This is to catch http://anysubdomain.yoursite.co.uk
<VirtualHost *:80>
ServerAdmin support@yoursite.co.uk

#the document root needs to be moved up one folder so we can then specify the subfolders for the individual sites
#in the main config file, the same change should be been made (i.e.if the server root was g:/inetpub/wwwroot, change to g:/inetpub)
DocumentRoot “g:/inetpub/”

#turn on the rewrite code (make sure mod_rewrite module is enabled in main httpd.conf)
RewriteEngine on

# this first line is important as it is the one that stops it recursively redirecting in an infinite loop.
# The condition is basically saying “do not do this if wwwroot is already in the path”
RewriteCond $1 !^wwwroot

#this was needed to stop it redirecting the PHP paths, which caused everything to break
#what is needed here may differ slightly depending on the PHP path variables setup, but this should cover most, if not all cases
# or may not be needed at all – depends on your config
RewriteCond $1 !/php5/
RewriteCond $1 !/php/

# this is the condition which says foranything.yoursite.co.uk , apply the rewrite rule
RewriteCond %{HTTP_HOST} ^([^.]+)\.yoursite\.co\.uk

#and this actually applies the rule. It prepends the path with wwwroot, so apache knows where to find the relevant files.
#the url shown in the browser does not change
RewriteRule (.*) /wwwroot/%1/$1 [L]

</VirtualHost>

#We now create a virtual host for the IP we have assigned to the server, for SSL connections.
# Other than the virtual host declaration, the code is exactly the same as above, so no need to comment further.
<VirtualHost 123.45.67.89:443>
ServerAdmin yourname@yoursite.co.uk

# the paths to your SSL certs etc – change as appropriate
SSLEngine On
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key

DocumentRoot “g:/inetpub/”
RewriteEngine on

RewriteCond $1 !^wwwroot
RewriteCond $1 !/php5/
RewriteCond $1 !/php/
RewriteCond %{HTTP_HOST} ^([^.]+)\.yoursite\.co\.uk
RewriteRule (.*) /wwwroot/%1/$1 [L]

</VirtualHost>

Taking on the spammers!!!

Category : Work

My latest project at work is fighting the war against Spam!
We are looking a new solution to SPAM emails having had just about every one of our customers bending our ears about it all week.

I’ve implemented some software I found, and am currently Mr Spam in our office. I will soon be Mr Spam of several offices as we’ve already sold the solution to a number of our clients. So, you want an effective, cheap, manageable antispam solution – click the software add-ons link on the right, and get in touch with us!!

TeamLink Support Portal

Category : Work

My latest project at work is an online Support portal to integrate with our back-office systems.This will integrate with our Back Office system – TeamLink Evolution and will be an online web portal to allow users to log support incidents.

The portal is being written as an ASP.net web application in C#, and utilises our own in-house components including the TeamLink Data Connector. For more details, see http://www.add-ons.co.uk

With this and my own VB .Net project, I’m really starting to get into this .Net stuff!