SSL SNI and Virtual Hosts

Hi everyone,

So I am working towards a load balanced, high availability, web hosting environment. I will be using Windows Azure load balancer to help facilitate this. My problem is the way Virtualmin generates VirtualHost blocks for SSL websites. I learned about using Apache’s SNI (Server Name Identification) function/feature, well I already knew about it I should say but I discovered with the proper manual virtual host file changes I could serve websites, all from a single IP on the system, using a wildcard IP selector:

<VirtualHost *:443>
...
</VirtualHost>

However, Virtualmin prefers to specify the IP address:

<VirtualHost 1.1.1.1:443>
...
</VirtualHost>

Is there any possible way to make Virtualmin create SSL virtual host blocks in the format I require? Said format being the use of * instead of the IP address.

Thank you in advanced!
-Dustin

–Edit–
Came up with this simple bash script to execute (thankfully I can have Virtualmin execute it after making changes to a virtual server)

#!/bin/sh
sed -i 's/<VirtualHost {PUBLIC_IP_REDACTED}:443>/<VirtualHost *:443>/g' /etc/httpd2/conf/vhosts/*.conf
/etc/httpd2/bin/apachectl -k restart

If there is not another solution built into Virtualmin I will probably go ahead and use the above script.

–Edit 2—
Realized that some words were missing because I failed to surround them in the proper tags :stuck_out_tongue:

BUMP

Any ideas anyone?

Thanks,
-Dustin

This has been added in the most recent version of Virtualmin (4.12). I don’t know exactly where, as I haven’t poked at it yet, but it is mentioned in the changelog. (Eric passed your request on to Jamie at one of our company meetings, and it got added to the todo list.)

HI Joe,

Thank you for that, not sure how I missed that changelog. :slight_smile:

-Dustin

–Edit–

Wait a second,

The changelog:

On systems running Apache 2.4 and above, VirtualHost blocks are now created with an IP address instead of *.

Non-SSL Virtual host blocks are created with an *, while an SSL VirtulHost block is created with the IP address. I need it so that ALL VirtualHost blocks, SSL or not, are created with *. From what I am reading in the changeling, it appears as if now all VirtualHost blocks will contain the IP address instead of *.

-Dustin

One last bump

I am slightly confused Joe. Hoping you can clear up my confusion please.

-Dustin

The current version of Virtualmin will always use an IP in the virtualhost block, as this is the most compatible option for recent Apache releases.

Why do you need a * in your setup? There may be other options that we could explore.

Hi Jamie,

I am trying out a high availability setup at the moment. I have a few directories shared between my web servers, /opt/rh (for php), /etc/httpd2 (for Apache), and /home (for the website data). Virtualmin runs on only one machine. The other machines simply use the data given to them. I should mention that I am using GlusterFS to serve these directories. If I have to use an IP address in the VirtualHost block, then any machine other than the primary will fail to reload/start Apache as the IP address isn’t available to them. I am running on Azure if it makes a difference. Using a * would allow any web server to read and serve the Virtual server. I am using Apache 2.4.10 (compiled from source) currently.

Thank you,
-Dustin

So you can manually change the virtualhost block to use a * , and Virtualmin shouldn’t touch this from then on.

Yes, this is true. (My script can take care of that). However I was hoping for a configuration option that might exist to control this behavior.

P.s: not sure why but my script in my original post shows “< em>” instead of * but only when viewing the post, when I clicked edit I see it as a * again.

Thanks,
-Dustin

Hi Jamie,

Any ideas? I would rather Virtualmin handle the creation so my customers don’t need to get in contact with support simply to create a virtual server. For now, I will use my script to change the blocks.

Thanks,
Dustin

I will add an option on the Virtualmin Configuration page to make this controllable in the next release.

Thank you Jamie. :slight_smile:

-Dustin

Hi Jamie,
could you give a hint for finding this setting in the Virtualmin Configuration page? I am using Webmin version 1.782.

Best regards,

Jamie correct me if I’m wrong:

System Settings => Virtualmin Configuration => Defaults for new domains => Address format for Apache virtual hosts