Hosting 2 domains on the same server - Amazon Linux AMI


#1

I have installed and configure 2 different instances of Mautic on Apache server on an Amazon Linux AMI and they are on folders as below

newsletter.abc.com
newsletter.xyz.com

  • Both abc.com and xyz.com are hosted elsewhere so the DNS is configured to use the Elastic IP of the EC2 instance.
  • Server locations are: /var/www/vhosts/abc and /var/www/vhosts/xyz.
  • Virtual hosts are configured on /etc/httpd/conf/httpd.conf (I’ll provide the settings below).
  • Both instances ran perfectly on http so I moved on to installing certificates based on the instructions given in AWS and here.
  • It was a little painful process but I somehow managed to get the certificates created for both in /etc/letsencrypt/live/.
  • After that I configured the http.conf file to add the virtual hosts for the port 443 and tried to access the sites
  • Things started to behave erratically. One site would work fine and the other wouldn’t. After a while the one worked well stopped working and the other started to work OK.
  • I also noticed that when I try the AWS Pubic IP, it’s now pointing to one of those sites (it shouldn’t).

I’m now trying to remove everything and redo it. My guess is that I ran certbot once before configuring the vhosts so it has installed a certificate on the web root (/var/www/html). Could someone kindly explain the steps I need to follow to get this right? Please also explain if I need to move the vhosts folder to /var/www/html as it seems to be the web root folder, not /var/www. Here are my virtual hosts settings:

<VirtualHost *:80>
DocumentRoot "/var/www/vhosts/xyz"
ServerName "newsletter.xyz.com"
ServerAlias "newsletter.xyz.com"
<Directory />
    Options FollowSymLinks
    AllowOverride All
</Directory>
<Directory /var/www/vhosts/xyz>
    Options FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    Allow from All
</Directory>

<VirtualHost *:80>
DocumentRoot “/var/www/vhosts/abc”
ServerName “newsletter.abc.com
ServerAlias “newsletter.abc.com

Options FollowSymLinks
AllowOverride All

<Directory /var/www/vhosts/abc>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from All

<VirtualHost *:443>
ServerAdmin hello@xxx.co.uk
DocumentRoot /var/www/vhosts/xyz
ServerName newsletter.xyz.com
ServerAlias newsletter.xyz.com

 # Certificates
 SSLEngine on
 SSLCertificateFile /etc/letsencrypt/live/newsletter.xyz.com/cert.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/newsletter.xyz.com/privkey.pem
 SSLCertificateChainFile /etc/letsencrypt/live/newsletter.xyz.com/chain.pem
 SSLProtocol All -SSLv2 -SSLv3
 SSLHonorCipherOrder on
 SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"

<VirtualHost *:443>
ServerAdmin hello@xxx.co.uk
DocumentRoot /var/www/vhosts/abc
ServerName newsletter.abc.com
ServerAlias newsletter.abc.com

 # Certificates
 SSLEngine on
 SSLCertificateFile /etc/letsencrypt/live/newsletter.abc.com/cert.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/newsletter.abc.com/privkey.pem
 SSLCertificateChainFile /etc/letsencrypt/live/newsletter.abc.com/chain.pem
 SSLProtocol All -SSLv2 -SSLv3
 SSLHonorCipherOrder on
 SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"

#2

Only thing I can think of is - does your configuration have NameVirtualHost *:80 but not NameVirtualHost *:443?


#3

Thanks for the reply. Where should I check this for? Sorry I’m very new to these settings.


#4

Somewhere in your Apache configuration… I’m not familiar with where Amazon Linux puts things but probably somewhere under /etc/httpd/conf/ or /etc/httpd/conf.d/ I guess?


#5

Oh sorry I thought you were referring to something other than those settings. No not the main config file but when I ran the command httpd -S it throws out below:

VirtualHost configuration:
*:80 is a NameVirtualHost
default server newsletter.abc.com (/etc/httpd/conf/httpd.conf:50)
port 80 namevhost newsletter.abc.com (/etc/httpd/conf/httpd.conf:50)
alias newsletter.abc.com
port 80 namevhost newsletter.xyz.com (/etc/httpd/conf/httpd.conf:66)
alias newsletter.xyz.com
*:443 ip-172-31-3-62.xx-xxx-1.compute.internal (/etc/httpd/conf.d/ssl.conf:56)
ServerRoot: “/etc/httpd”
Main DocumentRoot: “/var/www/html”

There are more lines. I only copied the first part of it. Does that mean I’ve to make those virtual host entries as NameVirtualHost *:80 instead of VirtualHost *:80?

As it’s a brand new instance it is probably quicker for me to rebuild everything. Is there any guideline available that I can follow? I mean for an installation with multiple domains. If I’m not mistaken Amazon Linux is a build based on Fedora so the structure and commands are more or less the same as Fedora/RedHat/CentOS. Many thanks in advance.


#6

No. There’s a line somewhere in your configuration that is literally

NameVirtualHost *:80

That activates name-based virtual hosting on port 80 so that you can have multiple <VirtualHost *:80> virtual hosts on port 80 and Apache can select the correct one based on the host name. It looks like you need to activate the same functionality for port 443 by adding the line

NameVirtualHost *:443

I’m just not sure exactly where you should add it. Perhaps in /etc/httpd/conf.d/ssl.conf or somewhere like that?


#7

Didn’t work I’m afraid. This is what the message I got when I restarted apache:

AH00548: NameVirtualHost has no effect and will be removed in the next release /etc/httpd/conf.d/ssl.conf:6

I’m going to remove Apache and reinstall it as it would be quicker than troubleshooting this. I found these two guides through the original guide I’ve followed. Could you be so kind to confirm if they contain the correct steps? I know I’m asking a lot. They are here and here.

Please also confirm these if it’s better to apply one domain (subdomain in my case) at a time than trying to apply it for all? I think this is where I got it wrong last time.


#8

Well, those tutorials are quite old and have a couple of problems, but I don’t see anything that would explain the specific behaviour you’re seeing.

Did you try Amazon’s own tutorial?

I wouldn’t say either approach is universally better, but in your case it may be relevant that if you do all your (sub)domains at once, you’ll get a single certificate covering all domains, which might remove some complications with getting each virtual host to use the right certificate.


#9

I tried that tutorial first but it didn’t work for me. After your reply, I visited the Certbot site and managed to figure out how to do it properly. There were a couple of issues with my virtual hosts configurations too. As it’s a new instance, I rebuilt it and everything is working smoothly now. Many thanks for all directions.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.