Wednesday, 27 August 2025

Apache configuration to listen and server multiple port of same domain, virtualhost *:443 vs virtualhost _default: 443

 # Enable needed modules (once)

# a2enmod ssl proxy proxy_http headers

# (optional for HTTP/2) a2enmod http2


# Tell Apache to listen on both ports

Listen 443

Listen 9888

//!!!!!!!!!!!! the above is usually in httpd.conf

# --- :443 -> https://serverA/ ---

<VirtualHost *:443>

  ServerName testme.com


  SSLEngine On

  # Reuse the same cert for both ports (or different, your choice)

  SSLCertificateFile      /etc/ssl/certs/testme.crt

  SSLCertificateKeyFile   /etc/ssl/private/testme.key

  # SSLCertificateChainFile /etc/ssl/certs/chain.pem   # if needed

  # Protocols h2 http/1.1   # if you use mod_http2


  ProxyPreserveHost On

  SSLProxyEngine On            # because backend is https

  # (Optional if backend is self-signed)

  # SSLProxyVerify none

  # SSLProxyCheckPeerName off

  # SSLProxyCheckPeerExpire off


  ProxyPass        "/"  "https://serverA/"

  ProxyPassReverse "/"  "https://serverA/"

</VirtualHost>


# --- :9888 -> https://serverB:9586/ ---

<VirtualHost *:9888>

  ServerName testme.com


  # If clients connect with https://testme.com:9888 then you MUST enable SSL here too

  SSLEngine On

  SSLCertificateFile      /etc/ssl/certs/testme.crt

  SSLCertificateKeyFile   /etc/ssl/private/testme.key

  # Protocols h2 http/1.1


  ProxyPreserveHost On

  SSLProxyEngine On


  ProxyPass        "/"  "https://serverB:9586/"

  ProxyPassReverse "/"  "https://serverB:9586/"

</VirtualHost>



VirtualHost *:443

  • Means: this vhost will respond on all IPs bound to the server, on port 443.

  • Typical form used in almost all modern Apache configs.

  • Can be matched by ServerName or ServerAlias for name-based virtual hosting.

  • If multiple vhosts on the same port exist, Apache picks the one with the best ServerName match (or the first defined as fallback).

This is the recommended style when you’re hosting multiple domains on the same server/port (which is your case — one domain, two ports).


For same domain multiple ports this is also recommended

VirtualHost _default_:443

  • Means: this vhost is the “catch-all” for port 443 if no other vhost matches.

  • It’s not tied to ServerName or ServerAlias matching — it’s just the fallback.

  • Useful if you want a safety net for requests that don’t match any defined ServerName. For example, sending them to a default “Not Found / Wrong Host” site.

  • Only one _default_ vhost per port can exist.

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)