When your server changes its internal IP address (e.g. AWS), Virtualmin will helpfully offer to update the IP address of the websites with the 'Change IP Address' module. However there is a bug when you have SSL websites (using SNI with NameVirtualHost).
The VirtualMin 'Change IP Addresses' (edit_newips.cgi) adds NameVirtualHost for the new IP address on port 80 but does not add the one required for port 443.
Also, even if all websites have been renumbered, it leaves behind the NameVirtualHost directives for the old IP. Tested on CentOS 6.5 with VirtalMin 4.06.gpl and Apache 2.2.15. There were multiple SSL websites on the servers. I've seen this on four different servers.
Before IP address change the Apache configuration file contains:
...
NameVirtualHost 10.1.1.1:80
NameVirtualHost 10.1.1.1:443
...
After using the "Change IP Addresses" module (edit_newips.cgi) to renumber all virtual website from 10.1.1.1 to 10.2.2.2 the Apache configuration file contains:
...
NameVirtualHost 10.1.1.1:80
NameVirtualHost 10.1.1.1:443
NameVirtualHost 10.2.2.2:80
...
The expected output is - if all virtual hosts are re-numbered:
...
NameVirtualHost 10.2.2.2:80
NameVirtualHost 10.2.2.2:443
...
The expected output is - if only some virtual hosts are re-numbered:
...
NameVirtualHost 10.1.1.1:80
NameVirtualHost 10.1.1.1:443
NameVirtualHost 10.2.2.2:80
NameVirtualHost 10.2.2.2:443
...
The impact is that all except the first SSL website on the server stop working. Any requests are sent to the first SSL website instead on the correct website.
Comments
Submitted by JamieCameron on Wed, 03/19/2014 - 15:58 Comment #1
Thanks for pointing this out - this will be fixed in the next Virtualmin release.
Submitted by Issues on Wed, 04/02/2014 - 16:01 Comment #2
Automatically closed -- issue fixed for 2 weeks with no activity.