How should I configure multiple virtual hosts with a single configuration file in Apache?

Question

System

Linux hosek 4.15.0-48-generic #51-Ubuntu SMP Wed Apr 3 08:28:49 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Issue

How should I configure multiple virtual hosts with a single configuration file in Apache using ssl with redirecting?

What is needed and not needed in my configuration below? Is possible for example set Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/hosek/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/hosek/privkey.pem to begin of file only? For all vhosts?

Is possible to make whole configuration to one file, especially one VirtualHost? I have 2 files now, one for 80, second for 443.

Example of my vhosts.

no-ssl.conffile.

<VirtualHost *:80>
ServerName www.thehatmakers.cz
ServerAlias thehatmakers.cz
RewriteCond %{HTTP_HOST} ^(thehatmakers.cz) [NC]
RewriteRule ^(.*)$ http://www.thehatmakers.cz$1 [R=301,L]
RewriteCond %{SERVER_NAME} =www.thehatmakers.cz
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:80>
ServerName www.obrazduse.cz
ServerAlias obrazduse.cz
RewriteCond %{HTTP_HOST} ^(obrazduse.cz) [NC]
RewriteRule ^(.*)$ http://www.obrazduse.cz$1 [R=301,L]
RewriteCond %{SERVER_NAME} =www.obrazduse.cz
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

ssl.conf file.

<VirtualHost *:443>
ServerName www.thehatmakers.cz
ServerAlias thehatmakers.cz
RewriteCond %{HTTP_HOST} ^(thehatmakers.cz) [NC]
RewriteRule ^(.*)$ http://www.thehatmakers.cz$1 [R=301,L]
DocumentRoot /var/www/html/thehatmakers
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/hosek/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/hosek/privkey.pem
</VirtualHost>

<VirtualHost *:443>
ServerName www.obrazduse.cz
ServerAlias obrazduse.cz
RewriteCond %{HTTP_HOST} ^(obrazduse.cz) [NC]
RewriteRule ^(.*)$ http://www.obrazduse.cz$1 [R=301,L]
DocumentRoot /var/www/html/obrazduse
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/hosek/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/hosek/privkey.pem
</VirtualHost>

Thanks.

Update

If not possible to do with 1 VirtualHost, what about this configuration? Is any shorter way to do this? Is possible to use Redirect for ssl? As I have commented for *:443 configuration? Can I use Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/hosek/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/hosek/privkey.pem outside VirtualHost configuration? And what about google, is it ok with this redirecting? I am using 1 certificate for all domains, is it ok?

<VirtualHost *:80>
ServerName www.thehatmakers.cz
ServerAlias thehatmakers.cz
Redirect / https://www.thehatmakers.cz
</VirtualHost>

<VirtualHost *:443>
ServerName www.thehatmakers.cz
ServerAlias thehatmakers.cz
#Redirect / https://www.thehatmakers.cz
RewriteCond %{HTTP_HOST} ^(thehatmakers.cz) [NC]
RewriteRule ^(.*)$ https://www.thehatmakers.cz$1 [R=301,L]
DocumentRoot /var/www/html/thehatmakers
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/hosek/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/hosek/privkey.pem
</VirtualHost>

Thanks.

Answer 1

In addition to the proposed duplication here are few answers specific to this question:

How do I setup HTTPS virtual host with ServerAlias in use.

If you are using ServerAlias directive within HTTPS/SSL virtual host you need to issue certificates for all domain names. By using letsencrypt you will need to add few -d options:

sudo letsencrypt --apache .... -d www.example.com -d example.com

All certificates will be placed in the same certificate file.

Is it possible to make whole configuration to one file, especially one VirtualHost? I have 2 files now, one for 80, second for 443.

You can place the definitions for all VirtualHosts in one file, thus it will be easy to enable and disable all of them together. But there is no way to configure one VirtualHost to listen on two ports.

What about Redirect instead Rewrite in ssl config?

According to Apache2's documentation for such cases it is better to use the Redirect directive instead of Rewrite rules. Note, you need to create two separate VirtualHosts if you want to redirect https://example.com to https://www.example.com. All related VirtualHosts can use the same certificate file, generated in the way described above.

Each virtual host will be responsible for a different ServerName, for example: ServerName example.com for the first, respectively ServerName www.example.com for the second, etc. Note the ServerAlias directive must be removed.

If everything works as expected, you can keep using Rewrite rules - this is subject of your decision. If you are using Redirect directive, do not miss the slash at the end of the target domain name! Here is an example for HTTPS VirtualHost that uses the Redirect directive.

<VirtualHost *:443>
    ServerName thehatmakers.cz
    Redirect permanent "/" "https://www.thehatmakers.cz/"
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/hosek/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/hosek/privkey.pem

</VirtualHost>

• You do not need anything else for this VirtualHost.

• The keyword permanent will instruct the client's browser to do this redirection automatically next time.

• Redirect = HTTP 302

• Redirect permanent = HTTP 301