VirtualHost: * vs. _default_

Avi Greenbury lists at avi.co
Wed Jul 3 08:20:29 UTC 2013 

Dotan Cohen wrote:
> When configuring SSL in Apache2, what is the difference between these two lines:
> <VirtualHost *:443>
> <VirtualHost _default_:443>

The former is simply one of a list of virtualhosts, the latter is
specifically the default (the default is normally the one Apache finds
first in its config).

> I've tried limited experimentation, but as I only have this cert for a
> live site I can't be experimenting too long! My end goal is to serve
> SSL for example.com and for sub.example.com, but setting two
> sites-enabled files with the following lines does not work:
> <VirtualHost example.com:443>
> <VirtualHost sub.example.com:443>

I think you're misunderstanding the syntax; you don't put the domain
name in there, you put the IP address (or a wildcard, or the default).
So you might have

    <VirtualHost 10.20.30.40:80>

Where you are going to have more than one virtualhost per
IP-address-and-port-combination you need to have told Apache that it
is a name-based virtualhost:

    NameVirtualHost 10.20.30.40:80

The 'name' is then set in the virtualhost config with ServerName and
perhaps ServerAlias directives:

    NameVirtualHost 10.20.30.40:443
    <VirtualHost 10.20.30.40:443>
      ServerName example.com
      ServerAlias www.example.com
      SSLEngine On
      SSLCertificateFile /etc/ssl/certs/example.com.crt
      SSLCertificateKeyFile /etc/ssl/private/example.com.key
      DocumentRoot /home/example/public_html
    </VirtualHost>
    <VirtualHost 10.20.30.40:443>
      ServerName sub.example.com
      SSLEngine On
      SSLCertificateFile /etc/ssl/certs/example.com.crt
      SSLCertificateKeyFile /etc/ssl/private/example.com.key
      DocumentRoot /home/example/sub_html
    </VirtualHost>

This is assuming you wish to use SNI to allow the use of one IP
address to serve multiple SSL sites; if you can give us more
background as to what you're doing and let us know what's in
/etc/apache2/ports.conf and your vhost files we can probably make a
better guess as to what the solution to your problem is.


-- 
Avi

More information about the ubuntu-server mailing list