Apache Multi-Site configuration with SSL – httpd-vhosts.conf , hosts table and .htaccess

  .htaccess, apache, virtualhost, windows, wordpress

My setting is done and it works. Is it the correct way?

I have a Windows server and I installed XAMPP on it. Different domain would point to different IP address to the server. Also, every site runs https on this server. I go through a lot of tutorials and set up self-signed cert to each site.
Then, I configed the server with below setting.

These config works but I am not sure is it secure enough. I afraid that I missed something important.
I need the site to be reachable by below URL:

http://sitea.com (Will redirect to https://sitea.com)

http://www.sitea.com (Will also redirect to https://sitea.com)

https://sitea.com (This great)

https://www.sitea.com (Will force to use non-www version due to program needed- https://sitea.com)

My configuration is listed below. May I ask if it is good enough or if I missed something?

C:xamppapacheconfextrahttpd-vhosts.conf:

<VirtualHost 192.168.242.121:80>
    ServerName sitea.com
    ServerAlias www.sitea.com
    Redirect permanent / https://sitea.com/
</VirtualHost>

<VirtualHost 192.168.242.121:443>
    DocumentRoot "S:/websites/sitea/"
    ServerName sitea.com
   RewriteEngine On
   RewriteCond %{HTTP_HOST} ^(www.)(.*) [NC]
   RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]
   SSLEngine on
   SSLCertificateFile "ssl/sitea.com/server.crt"
   SSLCertificateKeyFile "ssl/sitea.com/server.key"
    AccessFileName .htaccess
    ErrorLog "S:/websites/sitea/logs/error.log"
    CustomLog "S:/websites/sitea/logs/access.log" common

    <Directory S:/websites/sitea/>  
       Options FollowSymLinks
        AllowOverride All
        Require all granted  
    </Directory>
</VirtualHost>

<VirtualHost 192.168.242.120:80>
    ServerName siteb.com
   ServerAlias www.siteb.com
    Redirect permanent / https://siteb.com/
</VirtualHost>

<VirtualHost 192.168.242.120:443>
    DocumentRoot "S:/websites/siteb/"
    ServerName siteb.com
   RewriteEngine On
   RewriteCond %{HTTP_HOST} ^(www.)(.*) [NC]
  RewriteRule (.*) https://%2%{REQUEST_URI} [L,R=301]
   SSLEngine on
   SSLCertificateFile "ssl/siteb.com/server.crt"
   SSLCertificateKeyFile "ssl/siteb.com/server.key"
    AccessFileName .htaccess
    ErrorLog "S:/websites/siteb/logs/error.log"
    CustomLog "S:/websites/siteb/logs/access.log" common

    <Directory S:/websites/siteb/>  
       Options FollowSymLinks
        AllowOverride All
        Require all granted  
    </Directory>
</VirtualHost>

C:WindowsSystem32driversetchosts:

192.168.242.121 sitea.com www.sitea.com
192.168.242.120 siteb.com www.siteb.com

sitea.com is a wordpress site and the .htaccess is here.
The directory setting is correct.

# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /sitea/siteacms/
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /sitea/siteacms/index.php [L]
</IfModule>

# END WordPress

Thank you!

Source: Windows Questions

LEAVE A COMMENT