Hi, nice to partecipate to this list I have a question:
i have many virtual-host on apache for http and https pointing same web application folder /var/www/website1 --> /var/www/clients/client2/web1107/web following this schema https://pastebin.com/raw/s6WacZzd WebApplication has many domain list in db and impersonate that domains. 1) for http://website1.example.com and http://www.httpwebsite[1-1000].com there is this configuration <Directory /var/www/website1> AllowOverride None Require all denied </Directory> <VirtualHost *:80> DocumentRoot /var/www/clients/client2/web1107/web ServerName website1.example.com ServerAlias www.httpwebsite1.com ServerAlias www.httpwebsite2.com ServerAlias www.httpwebsite3.com ServerAlias www.httpwebsite4.com ServerAlias www.httpwebsite5.com ServerAdmin webmas...@website1.example.com ErrorLog /var/log/ispconfig/httpd/website1/error.log <IfModule mod_ssl.c> </IfModule> <Directory /var/www/website1/web> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +FollowSymLinks AllowOverride All Require all granted </Directory> <Directory /var/www/clients/client2/web1107/web> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +FollowSymLinks AllowOverride All Require all granted </Directory> # suexec enabled <IfModule mod_suexec.c> SuexecUserGroup web1107 client2 </IfModule> <IfModule mod_fastcgi.c> <Directory /var/www/clients/client2/web1107/cgi-bin> Require all granted </Directory> <Directory /var/www/website1/web> <FilesMatch "\.php[345]?$"> SetHandler php-fcgi </FilesMatch> </Directory> <Directory /var/www/clients/client2/web1107/web> <FilesMatch "\.php[345]?$"> SetHandler php-fcgi </FilesMatch> </Directory> Action php-fcgi /php-fcgi virtual Alias /php-fcgi /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 FastCgiExternalServer /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 -idle-timeout 300 -socket /var/lib/php7.0-fpm/web1107.sock -pass-header Authorization -pass-header Content-Type </IfModule> <IfModule mod_proxy_fcgi.c> #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.0-fpm/web1107.sock|fcgi://localhost//var/www/clients/client2/web1107/web/$1 <Directory /var/www/clients/client2/web1107/web> <FilesMatch "\.php[345]?$"> SetHandler "proxy:unix:/var/lib/php7.0-fpm/web1107.sock|fcgi://localhost" </FilesMatch> </Directory> </IfModule> # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web1107 client2 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client2/web1107/webdav> <ifModule mod_security2.c> SecRuleRemoveById 960015 SecRuleRemoveById 960032 </ifModule> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client2/web1107/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> /VirtualHost> 2) for https://website1.example.com i have another virtual host config file <IfModule mod_ssl.c> <VirtualHost *:443> DocumentRoot /var/www/clients/client2/web1107/web ServerName website1.example.com ServerAdmin webmas...@website1.example.com ErrorLog /var/log/ispconfig/httpd/website1/error.log <IfModule mod_ssl.c> </IfModule> <Directory /var/www/website1/web> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +FollowSymLinks AllowOverride All Require all granted </Directory> <Directory /var/www/clients/client2/web1107/web> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +FollowSymLinks AllowOverride All Require all granted </Directory> # suexec enabled <IfModule mod_suexec.c> SuexecUserGroup web1107 client2 </IfModule> <IfModule mod_fastcgi.c> <Directory /var/www/clients/client2/web1107/cgi-bin> Require all granted </Directory> <Directory /var/www/website1/web> <FilesMatch "\.php[345]?$"> SetHandler php-fcgi </FilesMatch> </Directory> <Directory /var/www/clients/client2/web1107/web> <FilesMatch "\.php[345]?$"> SetHandler php-fcgi </FilesMatch> </Directory> Action php-fcgi /php-fcgi virtual Alias /php-fcgi /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 FastCgiExternalServer /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 -idle-timeout 300 -socket /var/lib/php7.0-fpm/web1107.sock -pass-header Authorization -pass-header Content-Type </IfModule> <IfModule mod_proxy_fcgi.c> #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.0-fpm/web1107.sock|fcgi://localhost//var/www/clients/client2/web1107/web/$1 <Directory /var/www/clients/client2/web1107/web> <FilesMatch "\.php[345]?$"> SetHandler "proxy:unix:/var/lib/php7.0-fpm/web1107.sock|fcgi://localhost" </FilesMatch> </Directory> </IfModule> # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web1107 client2 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client2/web1107/webdav> <ifModule mod_security2.c> SecRuleRemoveById 960015 SecRuleRemoveById 960032 </ifModule> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client2/web1107/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> SSLCertificateFile /etc/letsencrypt/live/website1.example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/website1.example.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost> </IfModule> 3) for https://www.httpwebsite1.com i have another virtual host config file <IfModule mod_ssl.c> <VirtualHost *:443> DocumentRoot /var/www/clients/client2/web1107/web ServerName www.httpwebsite1.com ServerAdmin webmas...@httpwebsite1.com ErrorLog /var/log/ispconfig/httpd/website1/error.log <IfModule mod_ssl.c> </IfModule> <Directory /var/www/website1/web> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +FollowSymLinks AllowOverride All Require all granted </Directory> <Directory /var/www/clients/client2/web1107/web> # Clear PHP settings of this website <FilesMatch ".+\.ph(p[345]?|t|tml)$"> SetHandler None </FilesMatch> Options +FollowSymLinks AllowOverride All Require all granted </Directory> # suexec enabled <IfModule mod_suexec.c> SuexecUserGroup web1107 client2 </IfModule> <IfModule mod_fastcgi.c> <Directory /var/www/clients/client2/web1107/cgi-bin> Require all granted </Directory> <Directory /var/www/website1/web> <FilesMatch "\.php[345]?$"> SetHandler php-fcgi </FilesMatch> </Directory> <Directory /var/www/clients/client2/web1107/web> <FilesMatch "\.php[345]?$"> SetHandler php-fcgi </FilesMatch> </Directory> Action php-fcgi /php-fcgi virtual Alias /php-fcgi /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 FastCgiExternalServer /var/www/clients/client2/web1107/cgi-bin/php-fcgi-*-80-website1 -idle-timeout 300 -socket /var/lib/php7.0-fpm/web1107.sock -pass-header Authorization -pass-header Content-Type </IfModule> <IfModule mod_proxy_fcgi.c> #ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.0-fpm/web1107.sock|fcgi://localhost//var/www/clients/client2/web1107/web/$1 <Directory /var/www/clients/client2/web1107/web> <FilesMatch "\.php[345]?$"> SetHandler "proxy:unix:/var/lib/php7.0-fpm/web1107.sock|fcgi://localhost" </FilesMatch> </Directory> </IfModule> # add support for apache mpm_itk <IfModule mpm_itk_module> AssignUserId web1107 client2 </IfModule> <IfModule mod_dav_fs.c> # Do not execute PHP files in webdav directory <Directory /var/www/clients/client2/web1107/webdav> <ifModule mod_security2.c> SecRuleRemoveById 960015 SecRuleRemoveById 960032 </ifModule> <FilesMatch "\.ph(p3?|tml)$"> SetHandler None </FilesMatch> </Directory> DavLockDB /var/www/clients/client2/web1107/tmp/DavLock # DO NOT REMOVE THE COMMENTS! # IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE! # WEBDAV BEGIN # WEBDAV END </IfModule> SSLCertificateFile /etc/letsencrypt/live/www.httpwebsite1.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/www.httpwebsite1.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost> </IfModule> I user call http://website1.example.com apache serve web application on virtualhost1 and web application redirect to https://website1.example.com, than served by Virtualhost2 It's same with http://www.httpwebsite1.com served by virtualhost1: the web application redirect to https://www.httpwebsite1.com, thank served by VirtuaHost3 If i call http://www.httpwebsite2[2-1000], served by Virtulhost1 it's ok, but if i call https://www.httpwebsite[2-1000].com there is the issue. Apache serve user call by VirtualHost3 giving the VirtulHost3 ssl Certificate. I'ts possible stop this Apache b ehavior? Thanks Gianluca Gargiulo
