Getting SSL to work across virtual hosts in Apache

Dr. Internet By Steve Blass, Network World
January 17, 2006 12:38 PM ET

I have an Apache server running a number of named virtual hosts that I want to use SSL with. Apache doesn't support named virtual hosts in the SSL configuration file, because of the way the protocols work. I need to route requests by hostname using SSL. How can I do that?

Apache cannot support named virtual hosts in SSL host configuration files, because it cannot see the hostname header when the SSL request is being processed. You can use a directory-level configuration file, typically called .htaccess, to redirect the request, because the host name information is available at that later point in the processing.

To do this, include the line

AllowOverride Options FileInfo AuthConfig

Related Content

in the general configuration section of the apache httpd.conf server configuration file. This allows you to use the Apache URL rewriting engine from a directory-level configuration file.

In the directory defined as DocumentRoot in the <VirtualHost_default:443> section of the Apache SSL configuration file, create an .htaccess file containing three lines:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} ^.*$
RewriteRule ^(.*)$ http://%{HTTP_HOST}:80/$1 [P]

This will send the decrypted SSL request to the host named in the http headers by proxy so that your users see only the https URLs.

Depending on how your sites are named, users may see security warnings that your SSL certificate does not match the hostname.

Read more about software in Network World's Software section.