[BlueOnyx:24493] Re: Questions about LE and domain aliases

Dirk Estenfeld dirk.estenfeld at blackpoint.de
Thu Nov 12 04:02:55 -05 2020 

Hello Michael,

I see it is only an issue of BlueOnyx 5108R (maybe also 5107 but I do not
know)
In BlueOnyx 5108R the ServerAlias are missing in 443 section of site<nr>
configuration.
In 5209R I can see the SiteAlias. All fine.
But I think that CentOS 6 is close to EOL anyway, so I prefer to migrate the
server.

Best regards,
Dirk
 

blackpoint GmbH – Friedberger Straße 106b – 61118 Bad Vilbel 

 
-----Ursprüngliche Nachricht-----
Von: Blueonyx <blueonyx-bounces at mail.blueonyx.it> Im Auftrag von Michael
Stauber
Gesendet: Mittwoch, 11. November 2020 21:07
An: blueonyx at mail.blueonyx.it
Betreff: [BlueOnyx:24486] Re: Questions about LE and domain aliases

Hi Dirk,

> Can you show me the <Virtualhost 443></Virtualhost> section from 
> /etc/httpd/conf/vhosts/site<nr> for this example?

Please recall that 5209R and 5210R do have the option to use "Nginx SSL
Proxy". If that is enabled, handling of anything port 443 related is removed
from Apache and handed over to Nginx.

In any case, both <Virtualhost 80> and <Virtualhost 443> entries will have
the same hostnames and aliases.

My example: Vsite 5210r1.smd.net with the following Web Server Aliases:

one.smd.net
oneone.smd.net
oneoneone.smd.net

The siteX file for that Vsite starts like this:

<VirtualHost 208.77.151.213:80>
ServerName 5210r1.smd.net
ServerAlias one.smd.net oneone.smd.net oneoneone.smd.net [...]
</VirtualHost>

If "Nginx SSL Proxy" is NOT enabled, then at the bottom of the siteX file
you also have the VH-container for 443:

<VirtualHost 208.77.151.213:443>
SSLengine on
SSLCompression off
[...]
ServerName 5210r1.smd.net
ServerAlias one.smd.net oneone.smd.net oneoneone.smd.net [...]
</VirtualHost>

If "Nginx SSL Proxy" is enabled, Nginx will have the siteX file for SSL
instead and that's found in /etc/nginx/vsites/siteX:


# Do NOT edit this file. The GUI will replace this file on edits.
server {
    listen              [::]:443 ssl http2;
    listen              443 ssl http2;
    server_name         5210r1.smd.net one.smd.net oneone.smd.net
oneoneone.smd.net;

    include /etc/nginx/headers.d/*.conf; [...] }

Nginx has no aliases in that sense. Instead it all goes into 'server_name',
which then serves the same purpose.

> Because yes, the names are in the certificate, I saw that too. But if 
> the names are not listed as ServerAlias in the https section of the 
> site's Apache configuration, then they don't help.

That's true. The question is: Don't you have the aliases listed in either
Apaches or Nginx's siteX include file(s)?


--
With best regards

Michael Stauber
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5506 bytes
Desc: not available
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20201112/38f7115e/attachment.p7s>

More information about the Blueonyx mailing list