httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zac Stevens <...@cryptocracy.com>
Subject Re: Problem between http and https
Date Wed, 31 Jul 2002 07:44:56 GMT
Hi Edward,

Here's my ideas of what you may need to fix things.  This is not tested,
but is probably closer to the solution than where you are so far.

I suspect that the way you have the SSL vhost configured (with regards to
the IfDefine's) is not as nice as it could be, but I haven't worked with it
enough to suggest improvements.  It won't break anything though.

A couple of other points..

You've got the webmail and www vhosts pointing to the same DocumentRoot,
which probably isn't what you want.  

I'm not sure that defining ErrorLog and TransferLog to the same thing in
each virtualhost is a good idea.  If you want them all logging to the same
place, you can just put those two directives in your main configuration -
ie, before the first VirtualHost part.  If you leave it out of the
VirtualHost blocks, they will all just log to the same location.

While you've defined CustomLog in the SSL virtualhost, you haven't used it
anywhere.

These issues are all dealt with in various how-to's, and while I don't have
any links handy you can probably figure these out with further reading.


Now, to get you on your way...


# webmail.mydomain.com, SSL
<VirtualHost 192.168.200.1:443>
DocumentRoot "/usr/local/apache/htdocs"
ServerName webmail.mydomain.com
ServerAdmin root@mydomain.com
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log

<IfDefine SSL>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog /usr/local/apache/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</IfDefine>
</VirtualHost>

# webmail.mydomain.com, non-SSL
# redirects all requests to https://webmail.mydomain.com/
<VirtualHost 192.168.200.1:80>
DocumentRoot "/usr/local/apache/htdocs"
ServerName webmail.mydomain.com
ServerAdmin root@mydomain.com
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log

RewriteEngine on
RewriteLog /www/var/log/https_rewrite_log
RewriteLogLevel 1
RewriteCond %{443}      !^443$
RewriteRule ^/(.*)              https://%{webmail.mydomain.com}/$1 [L,R]
</VirtualHost>

# www.mydomain.com, non-SSL
<VirtualHost 192.168.200.1:80>
DocumentRoot "/usr/local/apache/htdocs"
ServerName www.mydomain.com
ServerAdmin root@mydomain.com
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log
</VirtualHost>



Hope that helps,


Zac


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message