httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Issac Goldstand <mar...@beamartyr.net>
Subject Re: Why aren't name-based vhosts not working properly under SSL?
Date Mon, 16 Apr 2012 16:25:53 GMT
Are you sure that your client supports SNI?

On 16/04/2012 19:21, Tom Evans wrote:
> On Mon, Apr 16, 2012 at 4:51 PM, Mikhail T. <mi+thun@aldan.algebra.com> wrote:
>> On 16.04.2012 11:40, Tom Evans wrote:
>>
>> They can. Excerpt from my httpd.conf:
>>
>> Your excerpt does not show different DocumentRoots -- nor any other
>> settings... Could you show more contents? What is the Apache version you are
>> using? In all my attempts, Apache a) issues a pointless warning about
>> multiple SSL vhosts on the same IP/port; b) uses the settings (including
>> DocumentRoot) from the first vhost encountered for all of them.
>>
> Er, OK:
>
> NameVirtualHost *:80
> NameVirtualHost *:443
>
>
> <VirtualHost *:443>
>     ServerName rc.xxxxxx.com
>
>     SSLEngine on
>     SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>     SSLCertificateFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.crt
>     SSLCertificateKeyFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.key
>     SSLCACertificateFile /etc/ssl/xxxxxx/ca.crt
>     ErrorDocument 403 /errors/certneeded.html
>     Alias /errors /usr/local/etc/apache22/xxxxxxerrors
>     SSLVerifyClient optional
>
>     <LocationMatch ^(?!/errors/)>
>         SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
>         SSLVerifyClient optional
>     </LocationMatch>
>
>     SSLVerifyDepth 1
>     SSLCARevocationFile /etc/ssl/xxxxxx/ca.crl
>     SSLOptions +StdEnvVars
>     SSLUserName SSL_CLIENT_S_DN_Email
>     RequestHeader set X-SSL-Enabled 1
>
>     DocumentRoot /usr/home/tom/projects/rc/htdocs
>
>     <Directory /usr/home/tom/projects/rc/htdocs>
>         Order allow,deny
>         Allow from all
>     </Directory>
>
>     #CustomLog /var/log/httpd-ssl-rc.log "%t %h %{SSL_PROTOCOL}x
> %{SSL_CIPHER}x \"%r\" %b"
>
>     SetEnv proxy-nokeepalive 1
>
>     RewriteEngine on
>     RewriteCond %{REQUEST_URI} !^/favicon.ico
>     RewriteCond %{REQUEST_URI} !^/media
>     RewriteCond %{REQUEST_URI} !^/amedia
>     RewriteCond %{REQUEST_URI} !^/errors
>     RewriteRule ^/(.*)$ /rc.fcgi/$1 [QSA,L]
>
>     FastCGIExternalServer /usr/home/tom/projects/rc/htdocs/rc.fcgi
> -socket /usr/home/tom/projects/rc/run/rc.socket
> </VirtualHost>
>
>
> <VirtualHost *:443>
>     ServerName sab.xxxxxx.com
>
>     SSLEngine on
>     SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>     SSLCertificateFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.crt
>     SSLCertificateKeyFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.key
>     SSLCACertificateFile /etc/ssl/xxxxxx/ca.crt
>     SSLVerifyClient optional
>
>     ErrorDocument 403 /errors/certneeded.html
>     Alias /errors /usr/local/etc/apache22/xxxxxxerrors
>
>     <LocationMatch ^(?!/errors/)>
>         SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
>         SSLVerifyClient optional
>     </LocationMatch>
>
>     SSLVerifyDepth 1
>     SSLCARevocationFile /etc/ssl/xxxxxx/ca.crl
>     SSLUserName SSL_CLIENT_S_DN_Email
>     SSLOptions +StdEnvVars
>     RequestHeader set X-SSL-Enabled 1
>
>     DocumentRoot /var/empty
>
>     <Directory /var/empty>
>         Order allow,deny
>         Allow from all
>     </Directory>
>
>     ProxyPass /errors !
>     ProxyPass / http://ethan.xxxxxx.com:8085/sabnzbd/ retry=0
>     ProxyPassReverse / http://ethan.xxxxxx.com:8085/sabnzbd/
>     SetEnv proxy-nokeepalive 1
> </VirtualHost>
>
> <VirtualHost *:443>
>     ServerName svn.xxxxxx.com
>
>     SSLEngine on
>     SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>     SSLCertificateFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.crt
>     SSLCertificateKeyFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.key
>     SSLCACertificateFile /etc/ssl/xxxxxx/ca.crt
>     SSLVerifyClient optional
>
>     ErrorDocument 403 /errors/certneeded.html
>     Alias /errors /usr/local/etc/apache22/xxxxxxerrors
>
>     <Location />
>         DAV svn
>         SVNPath /tank/svn/repos/devel
>     </Location>
>
>     <LocationMatch ^(?!/errors/)>
>         SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
>         SSLVerifyClient optional
>     </LocationMatch>
>
>     SSLVerifyDepth 1
>     SSLCARevocationFile /etc/ssl/xxxxxx/ca.crl
>     SSLUserName SSL_CLIENT_S_DN_Email
> </VirtualHost>
>
> This is httpd 2.2.21 btw
>
> Cheers
>
> Tom


Mime
View raw message