1

I have a web site deployed that uses kohana and URL rewriting to make the URLs more restful. This works fine.

I also have Moodle installed in a sub directory on the same server and a subdomain defined for this directory. So Moodle is installed in a directory called students and the subdomain is students.example.com. This too works fine.

I am now attempting to install an SSL certificate that I only need on the sub domain. I have a Comodo wildcard certificate so it is supposed to be able to work with the subdomains. When I use https://example.com it works fine so I can see that the SSL certificate is in force. However, when I try https://students.example.com it redirects to the main site. http://students.example.com works fine though.

The .htaccess file that works for the kohana rewrite rules is:

# Use PHP5.4 Single php.ini as default AddHandler application/x-httpd-php54s .php # Turn on URL rewriting RewriteEngine On # Installation directory RewriteBase / # Protect hidden files from being viewed <Files .*> Order Deny,Allow Deny From All </Files> # Protect application and system files from being viewed RewriteRule ^(?:application|modules|system)\b index.php/$0 [L] # Allow any files or directories that exist to be displayed directly RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d # Rewrite all other URLs to index.php/URL RewriteRule .* index.php/$0 [PT] Options -Indexes

According to the docs I will need the following rules to be added for the subdomain:

#.htaccess WildCard SSL RewriteCond %{HTTP_HOST} ^students.example.com$ RewriteCond %{REQUEST_URI} !^/students/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ /students/$1 RewriteCond %{HTTP_HOST} ^students.example.com$ RewriteRule ^(/)?$ students/index.php [L]

I tried adding this as the first rule and as the second rule but neither worked. I now understand that I will have to write a new set of rules to do what I want.

Any advice on how to accomplish this would be greatly appreciated. This site is hosted with Bluehost if that makes any difference.

Improve this question
3
  • What do you mean by "However, when I try students.example.com it redirects to the main site." Do you have an SSL VirtualHost for students.example.com? Commented Oct 31, 2014 at 15:16
  • I mean that it actually goes to example.com when you try to load students.example.com. However, the http version loads fine. Not sure about the SSL VirtualHost though? Commented Oct 31, 2014 at 17:03
  • you probably have a <VirtualHost default:443> somewhere. copy that and change it to <VirtualHost students.example.com:443> and put everything you would do different for this VirtualHost in there. Commented Nov 2, 2014 at 12:34

3 Answers 3

Reset to default
0

I suspect you may have another issue. An HTTP request looks something like:

GET /foo.php HTTP/1.1 Host: monkedung.example.com Keep-Alive: timeout=15 Connection: Keep-Alive

etc. When you encrypt it with SSL, everything after the GET line is encrypted, so Apache has no way of even knowing what host you are asking for. Without knowing the host, it has no way of knowing which certificate to use to decrypt the request. It also has no idea which directory to redirect to, which .htaccess file to use or anything else determined by the host. For this reason, AFAIK you can only use a single ssl host per IP address.

I would try setting

students.example.com

as the default apache domain and example.com if that is the only one that you want to use ssl for. I would also turn on debugging for your rewrite rules so you can see if they are actually firing. If the issue is the ssl issue mentioned above, I suspect you are not even getting that far.

Hope this helps.

Improve this answer
0

It looks like you are trying to host example.com and students.example.com on the same IP address. This is fine if you are use regular HTTP, but if you are using HTTPS (Port 443), then you need to serve this up on a different IP address. 

<VirtualHost *:80> DocumentRoot /var/www/example.com ServerName example.com </VirtualHost> <VirtualHost *:80> DocumentRoot /var/www/students.example.com ServerName students.example.com </VirtualHost> <VirtualHost 192.168.1.10:443> DocumentRoot /var/www/example.com ServerName example.com SSLEngine on SSLCertificateFile /path/to/example.com.cert SSLCertificateKeyFile /path/to/example.com.key </VirtualHost> <VirtualHost 192.168.1.11:443> DocumentRoot /var/www/students.example.com ServerName students.example.com SSLEngine on SSLCertificateFile /path/to/example.com.cert SSLCertificateKeyFile /path/to/example.com.key </VirtualHost>
Improve this answer
2
  • 2
    No you don't, all modern browsers support SNI. Commented Nov 2, 2014 at 12:32
  • Right.. SNI should work to redirect traffic to the virtual host by hostname without the need for another static IP address. Check the apache2.conf or ports.conf config file for the entry NameVirtualHost *:443 to ensure that you are resolving name-based hosts on port 443 Commented Nov 4, 2014 at 18:35
0

Have you reviewed your config.php in moodle after the SSL switch?

Note that your $CFG->wwwroot now has changed. It should be https://students.example.com

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.