httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Evans <tevans...@googlemail.com>
Subject Re: Why aren't name-based vhosts not working properly under SSL?
Date Mon, 16 Apr 2012 16:21:16 GMT
On Mon, Apr 16, 2012 at 4:51 PM, Mikhail T. <mi+thun@aldan.algebra.com> wrote:
> On 16.04.2012 11:40, Tom Evans wrote:
>
> They can. Excerpt from my httpd.conf:
>
> Your excerpt does not show different DocumentRoots -- nor any other
> settings... Could you show more contents? What is the Apache version you are
> using? In all my attempts, Apache a) issues a pointless warning about
> multiple SSL vhosts on the same IP/port; b) uses the settings (including
> DocumentRoot) from the first vhost encountered for all of them.
>

Er, OK:

NameVirtualHost *:80
NameVirtualHost *:443


<VirtualHost *:443>
    ServerName rc.xxxxxx.com

    SSLEngine on
    SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.crt
    SSLCertificateKeyFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.key
    SSLCACertificateFile /etc/ssl/xxxxxx/ca.crt
    ErrorDocument 403 /errors/certneeded.html
    Alias /errors /usr/local/etc/apache22/xxxxxxerrors
    SSLVerifyClient optional

    <LocationMatch ^(?!/errors/)>
        SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
        SSLVerifyClient optional
    </LocationMatch>

    SSLVerifyDepth 1
    SSLCARevocationFile /etc/ssl/xxxxxx/ca.crl
    SSLOptions +StdEnvVars
    SSLUserName SSL_CLIENT_S_DN_Email
    RequestHeader set X-SSL-Enabled 1

    DocumentRoot /usr/home/tom/projects/rc/htdocs

    <Directory /usr/home/tom/projects/rc/htdocs>
        Order allow,deny
        Allow from all
    </Directory>

    #CustomLog /var/log/httpd-ssl-rc.log "%t %h %{SSL_PROTOCOL}x
%{SSL_CIPHER}x \"%r\" %b"

    SetEnv proxy-nokeepalive 1

    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/favicon.ico
    RewriteCond %{REQUEST_URI} !^/media
    RewriteCond %{REQUEST_URI} !^/amedia
    RewriteCond %{REQUEST_URI} !^/errors
    RewriteRule ^/(.*)$ /rc.fcgi/$1 [QSA,L]

    FastCGIExternalServer /usr/home/tom/projects/rc/htdocs/rc.fcgi
-socket /usr/home/tom/projects/rc/run/rc.socket
</VirtualHost>


<VirtualHost *:443>
    ServerName sab.xxxxxx.com

    SSLEngine on
    SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.crt
    SSLCertificateKeyFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.key
    SSLCACertificateFile /etc/ssl/xxxxxx/ca.crt
    SSLVerifyClient optional

    ErrorDocument 403 /errors/certneeded.html
    Alias /errors /usr/local/etc/apache22/xxxxxxerrors

    <LocationMatch ^(?!/errors/)>
        SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
        SSLVerifyClient optional
    </LocationMatch>

    SSLVerifyDepth 1
    SSLCARevocationFile /etc/ssl/xxxxxx/ca.crl
    SSLUserName SSL_CLIENT_S_DN_Email
    SSLOptions +StdEnvVars
    RequestHeader set X-SSL-Enabled 1

    DocumentRoot /var/empty

    <Directory /var/empty>
        Order allow,deny
        Allow from all
    </Directory>

    ProxyPass /errors !
    ProxyPass / http://ethan.xxxxxx.com:8085/sabnzbd/ retry=0
    ProxyPassReverse / http://ethan.xxxxxx.com:8085/sabnzbd/
    SetEnv proxy-nokeepalive 1
</VirtualHost>

<VirtualHost *:443>
    ServerName svn.xxxxxx.com

    SSLEngine on
    SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.crt
    SSLCertificateKeyFile /etc/ssl/xxxxxx/star.xxxxxx.com/apache.key
    SSLCACertificateFile /etc/ssl/xxxxxx/ca.crt
    SSLVerifyClient optional

    ErrorDocument 403 /errors/certneeded.html
    Alias /errors /usr/local/etc/apache22/xxxxxxerrors

    <Location />
        DAV svn
        SVNPath /tank/svn/repos/devel
    </Location>

    <LocationMatch ^(?!/errors/)>
        SSLRequire %{SSL_CLIENT_VERIFY} eq "SUCCESS"
        SSLVerifyClient optional
    </LocationMatch>

    SSLVerifyDepth 1
    SSLCARevocationFile /etc/ssl/xxxxxx/ca.crl
    SSLUserName SSL_CLIENT_S_DN_Email
</VirtualHost>

This is httpd 2.2.21 btw

Cheers

Tom

Mime
View raw message