httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Erik Andersson" <erik.anders...@cybercomgroup.com>
Subject [users@httpd] RE: [SPAM: ] - RE: [users@httpd] Generating self-signed key doesn't work? - Email found in subject
Date Wed, 31 Mar 2004 12:15:38 GMT
Changing NameVirtualHost to *:80 got it to work!

I'd like to thank everyone who's been involved in this. It's really great to have you people
to ask when stuck.

Now I only needs learn how to configure proxypass..  ;-)

Best Regards / Erik

-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com] 
Sent: den 31 mars 2004 14:08
To: users@httpd.apache.org
Subject: [SPAM: ] - RE: [users@httpd] Generating self-signed key doesn't work? - Email found
in subject


> -----Original Message-----
> From: Erik Andersson [mailto:erik.andersson@cybercomgroup.com]
> 
> I replaced all of the VirtualHost tags as suggested. But when
> haveing NameVirtualHost * and 
> <VirtualHost *:80 > 
>   ServerName dev1.myhost.com
> 
> I get a conflict:
> 
> [Wed Mar 31 13:19:29 2004] [error] VirtualHost *:80 -- mixing
> * ports and non-* ports with a NameVirtualHost address is not 
> supported, proceeding with undefined results

Now we're getting somewhere.

> 
> I tried removing :80 from all virtualhosts but then all
> devx-servers seemd to be running https, which is not what I 
> wanted. As of now I only wanted to have https for the 
> main-server and then when that works I could try to configure 
> those servers which need https. Maybe this is part of the problem?

It's weird, so doesn't help... Usually, you define an SSL VH. In fact, this whole idea of
a "main server" is a bit pointless once you start using VHs. IMHO, it's better to make all
sites VHs. Also IMHO, I never use "Include" - I always have all directives in one file. While
you're at it, pull all your real directives out of that big default config (mv httpd.conf
httpd.conf_ORIGINAL; grep -v "^#" httpd.conf_ORIGINAL > httpd.conf) to make it possible
to read it... If you did that you might not get so mixed up and be able to see if your config
approaches this:

# HTTP section
Listen 80
NameVirtualHost *:80

# HTTP site 1
<VirtualHost *:80>
  ServerName site1
  ..etc.
</VirtualHost>

# HTTP site 2
<VirtualHost *:80>
  ServerName site2
  ..etc.
</VirtualHost>

# HTTPS section
Listen 443
<VirtualHost *:443>
  ServerName site_ssl
  SSLEngine on
  SSL directives
  ..etc.
</VirtualHost>

- All directives in one file
- logical arrangement
- minimal comments
- all sites in VH (no "main server")

Try to rewrite your congfig along these lines and see how it goes...

> Shall I change the NameVirtualHost to *:80?

Yes. This will fix the conflict above and may just get everything working...

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> I have my main server, which is also the Rproxy, running on port 80. I 
> also have some other servers which I can access through the Rproxy. 
> For example dev1.myhost.com gets redirected to localhost:8085 which is 
> another apache server. In the first step I want to access my main 
> server with https to check if SSL is working.
> Later on I will need to configure some of my dev-servers to 
> be using SSL.
> 
> I don't know if I make any sense..
> 
> 
> Best Regards / Erik Andersson
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> Sent: den 31 mars 2004 11:26
> To: users@httpd.apache.org
> Subject: [SPAM: ] - RE: [users@httpd] Generating self-signed 
> key doesn't work? - Email found in subject
> 
> 
> > -----Original Message-----
> > From: Erik Andersson [mailto:erik.andersson@cybercomgroup.com]
> > 
> > Thanks for your help. I have a few questions regarding this though.
> > 
> > When I added the SSLLog parameters to the ssl.conf I got a error 
> > telling me to use error log instead since SSLLog no longer was
> supported. I am
> > using apache 2.0.43. I did set the LogLevel to debug though.
> 
> Your apache version is quite important - it's worth
> volunteering that right at the start, although I should 
> probably have asked too... So it seems that SSLLog has been 
> deprecated in apache 2 - fine, just look for the messages in 
> the usual error_log.
> 
> > I don't understand what you mean with me being wrong using
> myhost.com
> > and dev2.myhost.com. If I want to access my servers using
> > http://dev2.myhost.com aren't that the way to do it??
> 
> No. The <VirtualHost> tag is used by apache to define what
> *IP address* to connect to that VH. But when a request comes 
> in (when doing name-based VHing) the choice of VH (among many 
> with the same IP)is made using the ServerName inside the VH. Eg, 
> 
> site1 and site both resolve to 192.168.1.1, so you do:
> 
> NameVirtualHost 192.168.1.1
> 
> <Virtual Host 192.168.1.1>
>   ServerName site1
> ...
> 
> <Virtual Host 192.168.1.1>
>   ServerName site2
> ...
> 
> It is not the VH tag which distinguishes NBVHs, it is the ServerName.
> 
> If you put a domain name in a VH tag, it will still work
> because apache will translate the DN into an IP by looking up 
> DNS. But, if DNS is not up (maybe you're booting, or lost the 
> network), apache will hang at this point and you'll have a 
> stuck apache.
> 
> > 
> > I replaced NameVirtualHost 192.168.100.250 with
> NameVirtualHost * and
> > got a lot of errors: [Wed Mar 31 10:36:12 2004] [warn] VirtualHost
> > myhost.com:0 overlaps with
> > VirtualHost dev1.myhost.com:0, the first has precedence, perhaps you
> > need a NameVirtualHost directive
> > [Wed Mar 31 10:36:12 2004] [warn] NameVirtualHost *:0 has no
> > VirtualHosts
> > 
> > *sigh* This is taking all of my time and I seem to be stuck..
> 
> Didn't you change your VHs to use * or IP? If you continue
> with domain names, you will get problems and I can't help.
> 
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.
> 
> > 
> > Regards / Erik
> > 
> > -----Original Message-----
> > From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> > Sent: den 30 mars 2004 16:55
> > To: users@httpd.apache.org
> > Subject: [SPAM: ] - RE: [users@httpd] Generating self-signed
> > key doesn't
> > work? - Email found in subject
> > 
> > 
> > > -----Original Message-----
> > > From: Erik Andersson [mailto:erik.andersson@cybercomgroup.com]
> > > 
> > > Yes. I restarted the server after applying the changes.
> The server
> > > responds with http on both port 80 and 443.
> > 
> > I don't think your SSL VH is starting up. I think your requests on 
> > port 443 are being answered by one of your name-based VHs. Please 
> > try the following to tidy things up:
> > 
> > - remove <IfDefine SSL> and </IfDefine SSL> from ssl.conf so SSL
> > directives are always loaded.
> > - remove <IfModule ssl_module> and </IfModule> from httpd.conf so 
> > mod_ssl.so is always loaded.
> > - in ssl.conf, in the SSL VH, add
> > 
> > 	SSLLog logs/ssl_log
> > 	SSLLogLevel debug
> > 
> > 	to activate verbose SSL logging
> > 
> > - in httpd.conf, replace
> > 
> > 	NameVirtualHost 192.168.100.250
> > 
> > 	with
> > 
> > 	NameVirtualHost *
> > 
> > - in httpd.conf, replace
> > 
> > 	<VirtualHost myhost.com>
> > 	and
> > 	<VirtualHost dev2.myhost.com>
> > 
> > 	with
> > 
> > 	<VirtualHost *:80>
> > 
> > 	(this was wrong anyway - you're not supposed to use
> FQDNS with VH.
> > Use only IPs or wildcards.)
> > 		
> > - restart the server and look in logs/ssl_log to see what is 
> > generated. Also look in the error log after start up or if startup 
> > fails.
> > 
> > - try a HEAD request to see what is loaded in the running server:
> > 
> > 	telnet localhost 80
> > 	HEAD / HTTP/1.0 <rtn><rtn>
> > 
> > Rgds,
> > Owen Boyle
> > Disclaimer: Any disclaimer attached to this message may be ignored.
> > 
> > 
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP Server 
> > Project. See <URL:http://httpd.apache.org/userslist.html> for more 
> > info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> > 
> > 
> Diese E-mail ist eine private und persönliche Kommunikation.
> Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der 
> SWX Gruppe. This e-mail is of a private and personal nature. 
> It is not related to the exchange or business activities of 
> the SWX Group. Le présent e-mail est un message privé et 
> personnel, sans rapport avec l'activité boursière du Groupe SWX.
> 
> This message is for the named person's use only. It may
> contain confidential, proprietary or legally privileged 
> information. No confidentiality or privilege is waived or 
> lost by any mistransmission. If you receive this message in 
> error, please notify the sender urgently and then immediately 
> delete the message and any copies of it from your system. 
> Please also immediately destroy any hardcopies of the 
> message. You must not, directly or indirectly, use, disclose, 
> distribute, print, or copy any part of this message if you 
> are not the intended recipient. The sender's company reserves 
> the right to monitor all e-mail communications through their 
> networks. Any views expressed in this message are those of 
> the individual sender, except where the message states 
> otherwise and the sender is authorised to state them to be 
> the views of the sender's company. 
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project. See 
> <URL:http://httpd.apache.org/userslist.html> for more info. 
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html>
for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message