httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Phil Dibowitz <p...@ipom.com>
Subject Odd Virtual Host Problem
Date Mon, 24 Jun 2002 17:27:05 GMT
Good morning everyone.

First let me say I was humored by the last line of the welcome message to this 
list (I did read it!!) =)

Second, I'm having a bit of an odd VirtualHost problem. I have a string of 
VirtualHosts defined, first each one as an port-80 redirect to port 443, then 
the 443 definition. They all work - except one. They're all the same except 
for IP address, and name.

The one that doesn't work is actually using the "default" SSL VirtualHost 
configuration instead of it's own (i.e. using a the default docroot and 
certificate). I'm not quite sure why since they don't share the same name ir 
UO - infact the "defualt" as you'll see below, only has a "ServerName" of an 
IP address. It's noteworthy that the VirtualHost failing has the same domain 
name as that of the server.

I've abbreviated all of our domain names. They all reflect the real domain 
names so that there is hopefully, no confusing. But management, atleast for 
the moment, doesn't want our IP's and Domains in their full being posted. I've 
also taken out the middle two octets of the IP's - but by leaving the first 
and last octet, I hope again to eliminate confusion.

So the VirtualHosts are by IP and have names defined:
mail.mp.net
mail.se.com
mail.qf.com

There are more, but I've included 3 for the purposes of this post. The first 
two work, while the last one uses the default SSL VirtualHost definition. The 
hostname of the box is actually bonanza.qf.com. All 4 hosts have completely 
seperate IP addresses as you'll see in the configs below.

I hate sending really long emails, so I'm going to include what I think is 
helpful from my configs and try not to put everything.

As a final short summary of the problem: anytime anyone goes to 66.xx.xx.15 
they get the 66.xx.xx.91 index page, the 66.xx.xx.91 SSL Certificate, and the 
66.xx.xx.91 server signature (if they choose a nonexistant page, for example).

Here is the relative parts of httpd.conf:

-------------BEING HTTPD.CONF-------------------------

ServerName 66.xx.xx.91
DocumentRoot "/home/htdocs/pub"
UseCanonicalName Off

# ...

<IfDefine SSL>

##
## SSL Virtual Host Context
##

NameVirtualHost 66.xx.xx.91:443
<VirtualHost 66.xx.xx.91:443>
DocumentRoot "/home/htdocs/pub"
ServerName 66.xx.xx.91
ServerAdmin drewman@se.com
ServerAlias 66.xx.xx.91
ErrorLog /usr/local/apache_ssl_124/logs/error_log
TransferLog /usr/local/apache_ssl_124/logs/access_log

<Directory "/home/htdocs/pub/horde">
         SSLRequireSSL
         Options FollowSymLinks MultiViews
         AllowOverride AuthConfig
         Order allow,deny
         Allow from all
</Directory>

<Directory "/home/htdocs/pub/passwd">
         SSLRequireSSL
         Options FollowSymLinks MultiViews
         AllowOverride AuthConfig
         Order allow,deny
         Allow from all
</Directory>

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache_ssl_124/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache_ssl_124/conf/ssl.key/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
     SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache_ssl_124/cgi-bin">
     SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
          nokeepalive ssl-unclean-shutdown \
          downgrade-1.0 force-response-1.0

CustomLog /usr/local/apache_ssl_124/logs/ssl_request_log \
           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>


####################################
#### WEB-MAIL
####

## NOTE: Each host has a VirtualHost for port 80
## That redirects to port 443. The real config
## is in the 443 virtual host.

##
## MP.NET
##
NameVirtualHost 66.xx.xx.16:80
<VirtualHost 66.xx.xx.16:80>
   ServerName mail.mp.net
   RewriteEngine On
   RewriteCond %(HTTP_USER_AGENT)        MSIE
   RewriteRule ^/(.*)    https://mail.mp.net:443/$1 [L]
   RewriteCond %(HTTP_USER_AGENT)        Mozilla.5
   RewriteRule ^/(.*)    https://mail.mp.net:443/$1 [L]
   Redirect     /       https://mail.mp.net/
</VirtualHost>

NameVirtualHost 66.xx.xx.16:443
<VirtualHost 66.xx.x.16:443>
      ServerName mail.mp.net
      ServerAlias 66.xx.xx.16
      ServerAdmin drewman@se.com
      ErrorLog logs/mail.mp.net-error_log
      CustomLog logs/mail.mp.net-access_log common
      DocumentRoot /home/htdocs/pub/horde
<Directory "/home/htdocs/pub/horde">
         SSLRequireSSL
         Options FollowSymlinks MultiViews
         AllowOverride AuthConfig
         Order allow,deny
         Allow from all
</Directory>
      SSLEngine on
      SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
      SSLCertificateFile /usr/local/share/courier-imap/imapd.pem.66.xx.xx.16
      SSLCertificateKeyFile /usr/local/share/courier-imap/imapd.pem.66.xx.xx.16
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
     SSLOptions +StdEnvVars
</Files>
      SetEnvIf User-Agent ".*MSIE.*" \
      nokeepalive ssl-unclean-shutdown \
      downgrade-1.0 force-response-1.0
</VirtualHost>

NameVirtualHost 66.xx.xx.14:80
<VirtualHost 66.xx.xx.14:80>
   ServerName mail.se.com
   RewriteEngine On
   RewriteCond %(HTTP_USER_AGENT)        MSIE
   RewriteRule ^/(.*)    https://mail.se.com:443/$1 [L]
   RewriteCond %(HTTP_USER_AGENT)        Mozilla.5
   RewriteRule ^/(.*)    https://mail.se.com:443/$1 [L]
   Redirect      /       https://mail.se.com/
</VirtualHost>

##
## SE.com
##
NameVirtualHost 66.xx.xx.14:80
<VirtualHost 66.xx.xx.14:80>
   #SSLDisableSSL
   ServerName mail.se.com
   RewriteEngine On
   RewriteCond %(HTTP_USER_AGENT)        MSIE
   RewriteRule ^/(.*)    https://mail.se.com:443/$1 [L]
   RewriteCond %(HTTP_USER_AGENT)        Mozilla.5
   RewriteRule ^/(.*)    https://mail.se.com:443/$1 [L]
   Redirect      /       https://mail.se.com/
</VirtualHost>

NameVirtualHost 66.xx.xx.14:443
<VirtualHost 66.xx.xx.14:443>
      ServerName mail.se.com
      ServerAlias 66.xx.xx.14
      ServerAdmin drewman@se.com
      ErrorLog logs/mail.se.com-error_log
      CustomLog logs/mail.se.com-access_log common
      DocumentRoot /home/htdocs/pub/horde
<Directory "/home/htdocs/pub/horde">
         SSLRequireSSL
         Options FollowSymlinks MultiViews
         AllowOverride AuthConfig
         Order allow,deny
         Allow from all
</Directory>
      SSLEngine on
      SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
      SSLCertificateFile /usr/local/share/courier-imap/imapd.pem.66.xx.xx.14
      SSLCertificateKeyFile /usr/local/share/courier-imap/imapd.pem.66.xx.xx.14
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
     SSLOptions +StdEnvVars
</Files>
      SetEnvIf User-Agent ".*MSIE.*" \
      nokeepalive ssl-unclean-shutdown \
      downgrade-1.0 force-response-1.0
</VirtualHost>

##
## QF -- THIS ONE DOESN"T WORK!
##
NameVirtualHost 66.xx.xx.15:80
<VirtualHost 66.x.xx.15:80>
   ServerName mail.qf.com
   ServerAlias 66.xx.xx.15
   ErrorLog logs/mail.qf.com-error_log
   CustomLog logs/mail.qf.com-access_log common
   DocumentRoot /home/htdocs/pub/horde/
   RewriteEngine On
   RewriteCond %(HTTP_USER_AGENT)        MSIE
   RewriteRule ^/(.*)    https://mail.qf.com:443/$1 [L]
   RewriteCond %(HTTP_USER_AGENT)        Mozilla.5
   RewriteRule ^/(.*)    https://mail.qf.com:443/$1 [L]
   Redirect      /       https://mail.qf.com/
</VirtualHost>

NameVirtualHost 66.xx.xx.15:443
<VirtualHost 66.xx.xx.15:443>
      ServerName mail.qf.com
      ServerAlias 66.xx.xx.15
      ServerAdmin drewman@se.com
      ErrorLog logs/mail.qf.com-error_log
      CustomLog logs/mail.qf.com-access_log common
      DocumentRoot /home/htdocs/pub/horde/
<Directory "/home/htdocs/pub/horde/">
         SSLRequireSSL
         Options FollowSymlinks MultiViews
         AllowOverride AuthConfig
         Order allow,deny
         Allow from all
</Directory>
      SSLEngine on
      SSLCipherSuite 
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
      SSLCertificateFile /usr/local/share/courier-imap/imapd.pem.66.xx.xx.15
      SSLCertificateKeyFile /usr/local/share/courier-imap/imapd.pem.66.xx.xx.15
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
     SSLOptions +StdEnvVars
</Files>
      SetEnvIf User-Agent ".*MSIE.*" \
      nokeepalive ssl-unclean-shutdown \
      downgrade-1.0 force-response-1.0
</VirtualHost>

</IfDefine>

-----------END HTTPD.CONF---------------------------------------

If I can provide any more information please let me know.

Phil
-- 
"They that can give up essential liberty to obtain a little temporary safety 
deserve neither liberty nor safety."
-Benjamin Franklin, 1759


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message