Hi

Goals:
  • If the user support SNI and hit https://myurl1.server.com or https://myurl2.server.com it will match the right vhost. (the last 2 vhosts)
  • If the user does not support SNI and hit https://myurl1.server.com or https://myurl2.server.com it will be catch by the fallback vhost (the first on port 443). It contains the SAN certificate and it will hit the server again to do the match. This time it will hit the last 2 vhost.
  • If the user enter an unknown url with either http or https it will be catch in the first vhost that show a error page.


I have tested all 3 goals and it's working fine.

Questions:
  • When the user is hitting the SAN vhost (https) which make a new request to it self. How does Apache know it will match the last 2 vhost (443) when the proxypass in SAN vhost is using http(80)
  • When the user is hitting the SAN vhost I can't see any requests in the SAN access log. The requests only appears in the last 2 vhost even if it goes through the SAN vhost. However I can see some bot requests in the SAN access log.


The code only contains the important parts.

Code:
NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
  show error page
</VirtualHost>

<VirtualHost *:443>
  SSLCertificateFile san.crt
  CustomLog san-access.log 
  ProxyPass / http://my-local-url-server/
  ProxyPassReverse / http://my-local-url-server/
</VirtualHost>

<VirtualHost *:443>
  ServerName myurl1.server.com
  SSLCertificateFile myurl1.crt
  CustomLog myurl1-access.log 
  ProxyPass / http://mybackend1/
  ProxyPassReverse / http://mybackend1/
</VirtualHost>

<VirtualHost *:443>
  ServerName myurl2.server.com
  SSLCertificateFile myurl2.crt
  CustomLog myurl2-access.log 
  ProxyPass / http://mybackend2/
  ProxyPassReverse / http://mybackend2/
</VirtualHost>