Problem
When accessing the FQDN sso.domain.de, the expected redirect defined in the /etc/apache2/sites-enabled/univention-keycloak.conf did not take place. Instead, requests were redirected incorrectly, preventing users from reaching the intended target.
Solution
The root cause was an additional configuration file named /etc/apache2/ucs-sites.conf.d/servername.conf. This file contained a directive that forced all requests to be redirected to a fixed FQDN, overriding the settings in univention-keycloak.conf.
After removing the servername.conf file, the redirect worked as expected according to the configuration in univention-keycloak.conf.
To help diagnose similar issues, the command:
apache2ctl -S
can be used to list all active virtual hosts and identify conflicting configurations.
Example output:
VirtualHost configuration:
*:443 is a NameVirtualHost
default server primary.domain.de (/etc/apache2/sites-enabled/default-ssl.conf:16)
port 443 namevhost primary.domain.de (/etc/apache2/sites-enabled/default-ssl.conf:16)
port 443 namevhost sso.domain.de (/etc/apache2/sites-enabled/univention-keycloak.conf:19)
*:80 is a NameVirtualHost
default server primary.domain.de (/etc/apache2/sites-enabled/000-default.conf:13)
port 80 namevhost primary.domain.de (/etc/apache2/sites-enabled/000-default.conf:13)
port 80 namevhost sso.domain.de (/etc/apache2/sites-enabled/univention-keycloak.conf:46)
The output also shows the directories of the configuration files that were evaluated, which is how we identified the presence of the servername.conf file.