Difference between ServerName and ServerAlias
Solution 1:
The ServerName directive is
Hostname and port that the server uses to identify itself
Whilst ServerAlias is
Alternate names for a host used when matching requests to name-virtual hosts
Given a vhost configured like
...
ServerName example.com
ServerAlias www.example.com foo.example.com *.somewherelse.org
...
apache would respond to example.com, www.example.com foo.example.com and anything in .somewherelse.org with this VirtualHost
Solution 2:
One Key difference that I have found by experiment (based on necessity) is that when used with wildcard sub-domains (e.g. "*.mycompany.com" and "*.mycompany.net") then the wildcard must be specified as ServerAlias and not ServerName.
I haven't tried this with non-SSL but with SSL this was the case (for me). I settled on a configuration of:
Listen *:8443
NameVirtualHost *:8443
SSLStrictSNIVHostCheck off
<VirtualHost *:8443>
ServerName mycompany.com
ServerAlias *.mycompany.com
...
</VirtualHost>
<VirtualHost *:8443>
ServerName mycompany.net
ServerAlias *.mycompany.net
...
</VirtualHost>
When using "ServerName *.mycompany.net" then the first Virtual Host was always used. This wasn't just the certificate it was rewriting and proxying logic as well.
It is entirely possible that this only happens with SSL as there are a whole heap of other things going - as referenced in SSL with Virtual Hosts Using SNI and many ServerFault threads. Having followed all the advice in these this was the last head scratching aspect.
I came to this thread to try and understand myself why there was a difference and confess I get closer but not quite full understanding.
In my case ServerName seems to do a little less (isn't picked up in virtual host search), rather than more.
Running "apacectl -S | httpd -S" as per Iain's advice gives:
wildcard NameVirtualHosts and _default_ servers:
*:8443 is a NameVirtualHost
default server mycompany.com (/etc/httpd/conf/httpd.conf:1100)
port 8443 namevhost mycompany.com (/etc/httpd/conf/httpd.conf:1100)
wild alias *.mycompany.com
port 8443 namevhost mycompany.net (/etc/httpd/conf/httpd.conf:1164)
wild alias *.mycompany.net
Edit: (adding ServerName with the wildcard for completeness)
wildcard NameVirtualHosts and _default_ servers:
*:8443 is a NameVirtualHost
default server *.mycompany.com (/etc/httpd/conf/httpd.conf:1040)
port 8443 namevhost *.mycompany.com (/etc/httpd/conf/httpd.conf:1040)
port 8443 namevhost *.mycompany.net (/etc/httpd/conf/httpd.conf:1105)
Note: the word "wild" in the alias line, in the first case (using ServerAlias), comes from apache and it don't show in the second (using ServerName) - I suspect this is significant.
In addition, if I remove "ServerName" from second VirtualHost and just use an Alias following the advice "there should be only one ServerName" then a request gets a bit lost - seems to automatically redirect to "https://test.mycompany.net:8443" - as (in my case) 8443 isn't showing externally (nat'd) then it fails. Yes, I know for 443 this might work, but possibly shows something else is going on.
So, perhaps not an answer to the question, but a bit of documentation for someone else struggling with similar setup.
Solution 3:
When dealing with software, it is often important to have one single point of truth. ServerName can be considered the "Real" canonical name of a host. ServerAlias is not.
ServerName does everything that ServerAlias does, and a bit more. As a best practice only set one ServerName, since there should only be one "Canonical" anything. If ServerName is not explicitly set, the httpd will determine a name on it's own.
ServerAlias on the other hand is just an alias, and can only be used in the VirtualHost context. There can be as many of these as you'd like.
If the site is served over HTTPS, then the ServerName should match one of the names contained the Certificate. If your certificate was created for www.example.org , but your configuration says:
ServerName foo.example.org
ServerAlias www.example.org
Then Apache will complain with the following error:
Dec 10 13:23:45 web1 httpd[1234]: [warn] RSA server certificate CommonName (CN) `www.example.org' does NOT match server name!?