httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] Generating self-signed key doesn't work?
Date Wed, 31 Mar 2004 12:08:26 GMT
> -----Original Message-----
> From: Erik Andersson [mailto:erik.andersson@cybercomgroup.com]
> 
> I replaced all of the VirtualHost tags as suggested. But when 
> haveing NameVirtualHost * and 
> <VirtualHost *:80 > 
>   ServerName dev1.myhost.com
> 
> I get a conflict: 
> 
> [Wed Mar 31 13:19:29 2004] [error] VirtualHost *:80 -- mixing 
> * ports and non-* ports with a NameVirtualHost address is not 
> supported, proceeding with undefined results

Now we're getting somewhere.

> 
> I tried removing :80 from all virtualhosts but then all 
> devx-servers seemd to be running https, which is not what I 
> wanted. As of now I only wanted to have https for the 
> main-server and then when that works I could try to configure 
> those servers which need https. Maybe this is part of the problem?

It's weird, so doesn't help... Usually, you define an SSL VH. In fact, this whole idea of
a "main server" is a bit pointless once you start using VHs. IMHO, it's better to make all
sites VHs. Also IMHO, I never use "Include" - I always have all directives in one file. While
you're at it, pull all your real directives out of that big default config (mv httpd.conf
httpd.conf_ORIGINAL; grep -v "^#" httpd.conf_ORIGINAL > httpd.conf) to make it possible
to read it... If you did that you might not get so mixed up and be able to see if your config
approaches this:

# HTTP section
Listen 80
NameVirtualHost *:80

# HTTP site 1
<VirtualHost *:80>
  ServerName site1
  ..etc.
</VirtualHost>

# HTTP site 2
<VirtualHost *:80>
  ServerName site2
  ..etc.
</VirtualHost>

# HTTPS section
Listen 443
<VirtualHost *:443>
  ServerName site_ssl
  SSLEngine on
  SSL directives
  ..etc.
</VirtualHost>

- All directives in one file
- logical arrangement
- minimal comments
- all sites in VH (no "main server")

Try to rewrite your congfig along these lines and see how it goes...

> Shall I change the NameVirtualHost to *:80?

Yes. This will fix the conflict above and may just get everything working...

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> I have my main server, which is also the Rproxy, running on port 80.
> I also have some other servers which I can access through the 
> Rproxy. For example dev1.myhost.com gets redirected to 
> localhost:8085 which is another apache server.
> In the first step I want to access my main server with https 
> to check if SSL is working. 
> Later on I will need to configure some of my dev-servers to 
> be using SSL.
> 
> I don't know if I make any sense..
> 
> 
> Best Regards / Erik Andersson
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com] 
> Sent: den 31 mars 2004 11:26
> To: users@httpd.apache.org
> Subject: [SPAM: ] - RE: [users@httpd] Generating self-signed 
> key doesn't work? - Email found in subject
> 
> 
> > -----Original Message-----
> > From: Erik Andersson [mailto:erik.andersson@cybercomgroup.com]
> > 
> > Thanks for your help. I have a few questions regarding this though.
> > 
> > When I added the SSLLog parameters to the ssl.conf I got a
> > error telling
> > me to use error log instead since SSLLog no longer was 
> supported. I am
> > using apache 2.0.43. I did set the LogLevel to debug though.
> 
> Your apache version is quite important - it's worth 
> volunteering that right at the start, although I should 
> probably have asked too... So it seems that SSLLog has been 
> deprecated in apache 2 - fine, just look for the messages in 
> the usual error_log.
> 
> > I don't understand what you mean with me being wrong using 
> myhost.com 
> > and dev2.myhost.com. If I want to access my servers using 
> > http://dev2.myhost.com aren't that the way to do it??
> 
> No. The <VirtualHost> tag is used by apache to define what 
> *IP address* to connect to that VH. But when a request comes 
> in (when doing name-based VHing) the choice of VH (among many 
> with the same IP)is made using the ServerName inside the VH. Eg, 
> 
> site1 and site both resolve to 192.168.1.1, so you do:
> 
> NameVirtualHost 192.168.1.1
> 
> <Virtual Host 192.168.1.1>
>   ServerName site1
> ...
> 
> <Virtual Host 192.168.1.1>
>   ServerName site2
> ...
> 
> It is not the VH tag which distinguishes NBVHs, it is the ServerName.
> 
> If you put a domain name in a VH tag, it will still work 
> because apache will translate the DN into an IP by looking up 
> DNS. But, if DNS is not up (maybe you're booting, or lost the 
> network), apache will hang at this point and you'll have a 
> stuck apache.
> 
> > 
> > I replaced NameVirtualHost 192.168.100.250 with 
> NameVirtualHost * and 
> > got a lot of errors: [Wed Mar 31 10:36:12 2004] [warn] VirtualHost 
> > myhost.com:0 overlaps with
> > VirtualHost dev1.myhost.com:0, the first has precedence, perhaps you
> > need a NameVirtualHost directive
> > [Wed Mar 31 10:36:12 2004] [warn] NameVirtualHost *:0 has no
> > VirtualHosts
> > 
> > *sigh* This is taking all of my time and I seem to be stuck..
> 
> Didn't you change your VHs to use * or IP? If you continue 
> with domain names, you will get problems and I can't help.
> 
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored. 
> 
> > 
> > Regards / Erik
> > 
> > -----Original Message-----
> > From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> > Sent: den 30 mars 2004 16:55
> > To: users@httpd.apache.org
> > Subject: [SPAM: ] - RE: [users@httpd] Generating self-signed 
> > key doesn't
> > work? - Email found in subject
> > 
> > 
> > > -----Original Message-----
> > > From: Erik Andersson [mailto:erik.andersson@cybercomgroup.com]
> > > 
> > > Yes. I restarted the server after applying the changes. 
> The server 
> > > responds with http on both port 80 and 443.
> > 
> > I don't think your SSL VH is starting up. I think your
> > requests on port
> > 443 are being answered by one of your name-based VHs. Please try the
> > following to tidy things up:
> > 
> > - remove <IfDefine SSL> and </IfDefine SSL> from ssl.conf so SSL 
> > directives are always loaded.
> > - remove <IfModule ssl_module> and </IfModule> from httpd.conf so 
> > mod_ssl.so is always loaded.
> > - in ssl.conf, in the SSL VH, add
> > 
> > 	SSLLog logs/ssl_log
> > 	SSLLogLevel debug
> > 
> > 	to activate verbose SSL logging
> > 
> > - in httpd.conf, replace
> > 
> > 	NameVirtualHost 192.168.100.250
> > 
> > 	with
> > 
> > 	NameVirtualHost *
> > 
> > - in httpd.conf, replace
> > 
> > 	<VirtualHost myhost.com>
> > 	and
> > 	<VirtualHost dev2.myhost.com>
> > 
> > 	with
> > 
> > 	<VirtualHost *:80>
> > 
> > 	(this was wrong anyway - you're not supposed to use 
> FQDNS with VH. 
> > Use only IPs or wildcards.)
> > 		
> > - restart the server and look in logs/ssl_log to see what is
> > generated.
> > Also look in the error log after start up or if startup fails. 
> > 
> > - try a HEAD request to see what is loaded in the running server:
> > 
> > 	telnet localhost 80
> > 	HEAD / HTTP/1.0 <rtn><rtn>
> > 
> > Rgds,
> > Owen Boyle
> > Disclaimer: Any disclaimer attached to this message may be ignored.
> > 
> > 
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> > 
> > 
> Diese E-mail ist eine private und persönliche Kommunikation. 
> Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der 
> SWX Gruppe. This e-mail is of a private and personal nature. 
> It is not related to the exchange or business activities of 
> the SWX Group. Le présent e-mail est un message privé et 
> personnel, sans rapport avec l'activité boursière du Groupe SWX.
> 
> This message is for the named person's use only. It may 
> contain confidential, proprietary or legally privileged 
> information. No confidentiality or privilege is waived or 
> lost by any mistransmission. If you receive this message in 
> error, please notify the sender urgently and then immediately 
> delete the message and any copies of it from your system. 
> Please also immediately destroy any hardcopies of the 
> message. You must not, directly or indirectly, use, disclose, 
> distribute, print, or copy any part of this message if you 
> are not the intended recipient. The sender's company reserves 
> the right to monitor all e-mail communications through their 
> networks. Any views expressed in this message are those of 
> the individual sender, except where the message states 
> otherwise and the sender is authorised to state them to be 
> the views of the sender's company. 
> 
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project. See 
> <URL:http://httpd.apache.org/userslist.html> for more info. 
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message