Serve scripts-cert.mit.edu with SNI-based and name-based virtual hosting.

quentinmit · quentinmit · commit 930c8607abf1 · 2020-03-04T00:41:36.000-05:00
When traffic is going through the proxies, IP-based virtual hosting is
no longer an option.
diff --git a/server/fedora/config/etc/httpd/conf/httpd.conf b/server/fedora/config/etc/httpd/conf/httpd.conf
@@ -273,13 +273,6 @@ ProxyRequests Off
     ErrorDocument 404 "No favicon.ico.
 </Location>
 
-<VirtualHost 18.4.86.50:80>
-    ServerName scripts-cert.mit.edu
-    ServerAlias scripts-cert
-    Include conf.d/scripts-vhost.conf
-    Include conf.d/vhosts-common.conf
-</VirtualHost>
-
 # LDAP vhost, w00t w00t
 <VirtualHost *:80>
     ServerName localhost
@@ -293,6 +286,14 @@ ProxyRequests Off
     Include conf.d/vhosts-common.conf
 </VirtualHost>
 
+# scripts-cert.mit.edu; must be listed below the default vhost
+<VirtualHost 18.4.86.50:80 *:80>
+    ServerName scripts-cert.mit.edu
+    ServerAlias scripts-cert
+    Include conf.d/scripts-vhost.conf
+    Include conf.d/vhosts-common.conf
+</VirtualHost>
+
 <IfModule ssl_module>
     Listen 443
     Listen 444
@@ -321,15 +322,6 @@ ProxyRequests Off
     SSLHonorCipherOrder on
     SSLCompression off
 
-    <VirtualHost 18.4.86.50:443 18.4.86.50:444>
-        ServerName scripts-cert.mit.edu
-        ServerAlias scripts-cert
-        Include conf.d/scripts-vhost.conf
-        Include conf.d/vhosts-common-ssl.conf
-        SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem
-        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
-        Include conf.d/vhosts-common-ssl-cert.conf
-    </VirtualHost>
     <VirtualHost 18.4.86.43:443>
         Include conf.d/scripts-vhost-names.conf
         Include conf.d/scripts-vhost.conf
@@ -377,6 +369,16 @@ ProxyRequests Off
         Include conf.d/vhosts-common-ssl.conf
         Include conf.d/vhosts-common-ssl-cert.conf
     </VirtualHost>
+    # scripts-cert.mit.edu; must be listed below the default vhost
+    <VirtualHost 18.4.86.50:443 18.4.86.50:444 *:443 *:444>
+        ServerName scripts-cert.mit.edu
+        ServerAlias scripts-cert
+        Include conf.d/scripts-vhost.conf
+        Include conf.d/vhosts-common-ssl.conf
+        SSLCertificateFile /etc/pki/tls/certs/scripts-cert.pem
+        SSLCertificateKeyFile /etc/pki/tls/private/scripts-2048.key
+        Include conf.d/vhosts-common-ssl-cert.conf
+    </VirtualHost>
     Include /var/lib/scripts-certs/vhosts.conf
 </IfModule>
 
