httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Erik Andersson" <erik.anders...@cybercomgroup.com>
Subject [users@httpd] RE: [SPAM: ] - RE: [users@httpd] Generating self-signed key doesn't work? - Email found in subject
Date Wed, 31 Mar 2004 11:46:22 GMT
Thanks again for trying to help and I am sorry for not posting the version, thought I had done
that already.

I replaced all of the VirtualHost tags as suggested. But when haveing NameVirtualHost * and

<VirtualHost *:80 > 
  ServerName dev1.myhost.com

I get a conflict: 

[Wed Mar 31 13:19:29 2004] [error] VirtualHost *:80 -- mixing * ports and non-* ports with
a NameVirtualHost address is not supported, proceeding with undefined results

I tried removing :80 from all virtualhosts but then all devx-servers seemd to be running https,
which is not what I wanted. As of now I only wanted to have https for the main-server and
then when that works I could try to configure those servers which need https. Maybe this is
part of the problem?

I have my main server, which is also the Rproxy, running on port 80.
I also have some other servers which I can access through the Rproxy. For example dev1.myhost.com
gets redirected to localhost:8085 which is another apache server.
In the first step I want to access my main server with https to check if SSL is working. 
Later on I will need to configure some of my dev-servers to be using SSL.

I don't know if I make any sense..

Shall I change the NameVirtualHost to *:80?

Best Regards / Erik Andersson





-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com] 
Sent: den 31 mars 2004 11:26
To: users@httpd.apache.org
Subject: [SPAM: ] - RE: [users@httpd] Generating self-signed key doesn't work? - Email found
in subject


> -----Original Message-----
> From: Erik Andersson [mailto:erik.andersson@cybercomgroup.com]
> 
> Thanks for your help. I have a few questions regarding this though.
> 
> When I added the SSLLog parameters to the ssl.conf I got a
> error telling
> me to use error log instead since SSLLog no longer was supported. I am
> using apache 2.0.43. I did set the LogLevel to debug though.

Your apache version is quite important - it's worth volunteering that right at the start,
although I should probably have asked too... So it seems that SSLLog has been deprecated in
apache 2 - fine, just look for the messages in the usual error_log.

> I don't understand what you mean with me being wrong using myhost.com 
> and dev2.myhost.com. If I want to access my servers using 
> http://dev2.myhost.com aren't that the way to do it??

No. The <VirtualHost> tag is used by apache to define what *IP address* to connect to
that VH. But when a request comes in (when doing name-based VHing) the choice of VH (among
many with the same IP)is made using the ServerName inside the VH. Eg, 

site1 and site both resolve to 192.168.1.1, so you do:

NameVirtualHost 192.168.1.1

<Virtual Host 192.168.1.1>
  ServerName site1
...

<Virtual Host 192.168.1.1>
  ServerName site2
...

It is not the VH tag which distinguishes NBVHs, it is the ServerName.

If you put a domain name in a VH tag, it will still work because apache will translate the
DN into an IP by looking up DNS. But, if DNS is not up (maybe you're booting, or lost the
network), apache will hang at this point and you'll have a stuck apache.

> 
> I replaced NameVirtualHost 192.168.100.250 with NameVirtualHost * and 
> got a lot of errors: [Wed Mar 31 10:36:12 2004] [warn] VirtualHost 
> myhost.com:0 overlaps with
> VirtualHost dev1.myhost.com:0, the first has precedence, perhaps you
> need a NameVirtualHost directive
> [Wed Mar 31 10:36:12 2004] [warn] NameVirtualHost *:0 has no
> VirtualHosts
> 
> *sigh* This is taking all of my time and I seem to be stuck..

Didn't you change your VHs to use * or IP? If you continue with domain names, you will get
problems and I can't help.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> Regards / Erik
> 
> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> Sent: den 30 mars 2004 16:55
> To: users@httpd.apache.org
> Subject: [SPAM: ] - RE: [users@httpd] Generating self-signed 
> key doesn't
> work? - Email found in subject
> 
> 
> > -----Original Message-----
> > From: Erik Andersson [mailto:erik.andersson@cybercomgroup.com]
> > 
> > Yes. I restarted the server after applying the changes. The server 
> > responds with http on both port 80 and 443.
> 
> I don't think your SSL VH is starting up. I think your
> requests on port
> 443 are being answered by one of your name-based VHs. Please try the
> following to tidy things up:
> 
> - remove <IfDefine SSL> and </IfDefine SSL> from ssl.conf so SSL 
> directives are always loaded.
> - remove <IfModule ssl_module> and </IfModule> from httpd.conf so 
> mod_ssl.so is always loaded.
> - in ssl.conf, in the SSL VH, add
> 
> 	SSLLog logs/ssl_log
> 	SSLLogLevel debug
> 
> 	to activate verbose SSL logging
> 
> - in httpd.conf, replace
> 
> 	NameVirtualHost 192.168.100.250
> 
> 	with
> 
> 	NameVirtualHost *
> 
> - in httpd.conf, replace
> 
> 	<VirtualHost myhost.com>
> 	and
> 	<VirtualHost dev2.myhost.com>
> 
> 	with
> 
> 	<VirtualHost *:80>
> 
> 	(this was wrong anyway - you're not supposed to use FQDNS with VH. 
> Use only IPs or wildcards.)
> 		
> - restart the server and look in logs/ssl_log to see what is
> generated.
> Also look in the error log after start up or if startup fails. 
> 
> - try a HEAD request to see what is loaded in the running server:
> 
> 	telnet localhost 80
> 	HEAD / HTTP/1.0 <rtn><rtn>
> 
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen-
bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature.
It is not related to the exchange or business activities of the SWX Group. Le présent e-mail
est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.

This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. No confidentiality or privilege is waived or lost by any
mistransmission. If you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system. Please also immediately
destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail communications through their
networks. Any views expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorised to state them to be the views of
the sender's company. 



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html>
for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message