httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: SSL problem?
Date Thu, 11 Jul 2002 08:47:14 GMT
Please see comments below.

Rgds,

Owen Boyle

>From: Caio James [mailto:caio@intric.com]
>Sent: Donnerstag, 11. Juli 2002 09:54
>To: users@httpd.apache.org
>Subject: SSL problem?
>
>
>RH72 on a P4 1.7Ghz/40Gb/256MB
>
>I've compiled Apache/1.3.26, mod_perl/1.27, PHP/4.2.1 w/ mysql support,
>DAV/1.0.3, mod_ssl/2.8.10 (OpenSSL 0.9.6b).
>
>I am trying to do Name-Based Virtual Hosts on the same box as 
>IP-Based SSL
>Virtual Hosts. We currently do this on an RH7 box with Apache 
>1.3.19 without
>any issue. I want to do the same on this new server, however I want a
>compiled version of apache, not one that is "stock" with the 
>OS. I've heard
>stock versions can have unforseen holes in them (someone 
>please correct me
>if I'm wrong on this).
>
>I understand that each SSL host has to be on an independent IP from the
>Name-Based Hosting IP because of the way SSL encryption works.
>
>Here is my problem in a nutshell:
>
>When I add virtual hosts that use a single IP on the server, I have no
>problems starting apache and the server runs correctly. Here 
>is a snip from
>my httpd.conf file:
>
>/***|SNIP|***\
><VirtualHost 10.0.205.132>
>DocumentRoot /home/foo/www/
>ServerName foo.com
>ServerAlias www.foo.com
></VirtualHost>
>
><VirtualHost 10.0.205.132>
>DocumentRoot /home/foobar/www/
>ServerName foobar.com
>ServerAlias www.foobar.com
></VirtualHost>
>\***|SNIP|***/
>
>The IPs and domains have been changed to protect the innocent, 
>of course. My
>problem is, that when I add a new VirtualHost on a different 
>IP, Apache will
>not successfully start up. Here is a snip of what I added:
>
>/***|SNIP|***\
><VirtualHost 10.0.205.135>
>DocumentRoot /home/bar/www/
>ServerName bar.foo.com
></VirtualHost>
>\***|SNIP|***/
>
>I then set the error logging to debug mode and tried to start 
>the server
>again. Here is the error I found in the error_log:
>
>/***|SNIP|***\
>[Thu Jul 11 00:42:09 2002] [info] removed PID file
>/usr/local/apache/logs/httpd.pid (pid=2787)
>[Thu Jul 11 00:42:09 2002] [notice] caught SIGTERM, shutting down
>[Thu Jul 11 00:42:17 2002] [info] mod_unique_id: using ip addr 
>10.0.205.132

I have no experience of this module but it looks a bit wierd. Why do you think you need it?
Could it be causing the problem? Could you try not loading it and restarting?

>[Thu Jul 11 00:42:18 2002] [crit] (99)Cannot assign requested address:
>make_sock: could not bind to address 10.0.205.135 port 80

This is the crux of your problem - apache cannot take control of port 80 on address 10.0.205.135.
This is because another process is using it. There could be a couple of reasons for this:

- could be a zombie process is stuck in the process table from a previous apache run and it
is still bound to the port. If so, a reboot will clear it.

- you are running another instance of apache on this port/ip. To test, try to telnet to that
port;

$ telnet 10.0.205.135 80

and see what happens. 

I say this because most Liniux distros come with a bundled apache (usually in /etc/httpd or
/sbin/httpd) which starts automatically at boot - are you sure you don't have one lurking
in the background?

>[Thu Jul 11 00:42:39 2002] [info] mod_unique_id: using ip addr 
>10.0.205.132
>[Thu Jul 11 00:42:40 2002] [info] mod_unique_id: using ip addr 
>10.0.205.132
>[Thu Jul 11 00:42:40 2002] [info] created shared memory segment #360449
>[Thu Jul 11 00:42:41 2002] [notice] Apache/1.3.26 (Unix) mod_perl/1.27
>PHP/4.2.1 DAV/1.0.3 mod_ssl/2.8.10 OpenSSL/0.9.6b configured 
>-- resuming
>normal operations
>[Thu Jul 11 00:42:41 2002] [info] Server built: Jul  6 2002 19:14:58
>[Thu Jul 11 00:42:41 2002] [notice] Accept mutex: sysvsem 
>(Default: sysvsem)

Are you sure apache is not running? What does "ps -ef ¦ grep httpd" reveal?

>\***|SNIP|***/
>
>The command I am using to start apache currently is apachectl 
>startssl. I
>have also tried using httpd -DSSL to start apache but received the same
>error in the log. I currently do not have ANY SSL VirtualHosts 
>configured
>other than the default SSL server created by apache at compile time:
>
>/***|SNIP|***\
><VirtualHost _default_:443 >
>DocumentRoot /usr/local/apache/htdocs
>ServerAdmin root@barfoo.com
>ErrorLog /usr/local/apache/logs/error_log
>TransferLog /usr/local/apache/logs/access_log
>SSLEngine on
>SSLCipherSuite 
>ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
>SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
><Files ~ "\.(cgi|shtml|phtml|php3?)$">
>    SSLOptions +StdEnvVars
></Files>
><Directory "/usr/local/apache/cgi-bin">
>    SSLOptions +StdEnvVars
></Directory>
>SetEnvIf User-Agent ".*MSIE.*" \
>         nokeepalive ssl-unclean-shutdown \
>         downgrade-1.0 force-response-1.0
>CustomLog /usr/local/apache/logs/ssl_request_log \
>          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
></VirtualHost>
>\***|SNIP|***/
>
>I would definitely appreciate any help someone could give me 
>in getting this
>server up and running. I need to get this up by Friday or I 
>will be delaying
>my vacation until this gets up and DNS records transferred over.
>
>Thanks Again.
>
>Caio
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message