httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] Generating self-signed key doesn't work?
Date Wed, 31 Mar 2004 12:30:16 GMT
> -----Original Message-----
> From: Erik Andersson [mailto:erik.andersson@cybercomgroup.com]
> 
> Changing NameVirtualHost to *:80 got it to work!

Congratulations. But please consider the advice about rewriting and simplifying your config.
It makes future debugs easier if you can post a short, snappy config rather than that dreaded
default config that is 99% "comments" (they're not really comments - they're the complete
apache manual...)

Rgds,
Owen. 
> 
> I'd like to thank everyone who's been involved in this. It's 
> really great to have you people to ask when stuck.
> 
> Now I only needs learn how to configure proxypass..  ;-)
> 
> Best Regards / Erik
> 
> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com] 
> Sent: den 31 mars 2004 14:08
> To: users@httpd.apache.org
> Subject: [SPAM: ] - RE: [users@httpd] Generating self-signed 
> key doesn't work? - Email found in subject
> 
> 
> > -----Original Message-----
> > From: Erik Andersson [mailto:erik.andersson@cybercomgroup.com]
> > 
> > I replaced all of the VirtualHost tags as suggested. But when
> > haveing NameVirtualHost * and 
> > <VirtualHost *:80 > 
> >   ServerName dev1.myhost.com
> > 
> > I get a conflict:
> > 
> > [Wed Mar 31 13:19:29 2004] [error] VirtualHost *:80 -- mixing
> > * ports and non-* ports with a NameVirtualHost address is not 
> > supported, proceeding with undefined results
> 
> Now we're getting somewhere.
> 
> > 
> > I tried removing :80 from all virtualhosts but then all
> > devx-servers seemd to be running https, which is not what I 
> > wanted. As of now I only wanted to have https for the 
> > main-server and then when that works I could try to configure 
> > those servers which need https. Maybe this is part of the problem?
> 
> It's weird, so doesn't help... Usually, you define an SSL VH. 
> In fact, this whole idea of a "main server" is a bit 
> pointless once you start using VHs. IMHO, it's better to make 
> all sites VHs. Also IMHO, I never use "Include" - I always 
> have all directives in one file. While you're at it, pull all 
> your real directives out of that big default config (mv 
> httpd.conf httpd.conf_ORIGINAL; grep -v "^#" 
> httpd.conf_ORIGINAL > httpd.conf) to make it possible to read 
> it... If you did that you might not get so mixed up and be 
> able to see if your config approaches this:
> 
> # HTTP section
> Listen 80
> NameVirtualHost *:80
> 
> # HTTP site 1
> <VirtualHost *:80>
>   ServerName site1
>   ..etc.
> </VirtualHost>
> 
> # HTTP site 2
> <VirtualHost *:80>
>   ServerName site2
>   ..etc.
> </VirtualHost>
> 
> # HTTPS section
> Listen 443
> <VirtualHost *:443>
>   ServerName site_ssl
>   SSLEngine on
>   SSL directives
>   ..etc.
> </VirtualHost>
> 
> - All directives in one file
> - logical arrangement
> - minimal comments
> - all sites in VH (no "main server")
> 
> Try to rewrite your congfig along these lines and see how it goes...
> 
> > Shall I change the NameVirtualHost to *:80?
> 
> Yes. This will fix the conflict above and may just get 
> everything working...
> 
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored. 
> 
> > 
> > I have my main server, which is also the Rproxy, running on 
> port 80. I 
> > also have some other servers which I can access through the Rproxy. 
> > For example dev1.myhost.com gets redirected to 
> localhost:8085 which is 
> > another apache server. In the first step I want to access my main 
> > server with https to check if SSL is working.
> > Later on I will need to configure some of my dev-servers to 
> > be using SSL.
> > 
> > I don't know if I make any sense..
> > 
> > 
> > Best Regards / Erik Andersson
> > 
> > 
> > 
> > 
> > 
> > -----Original Message-----
> > From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> > Sent: den 31 mars 2004 11:26
> > To: users@httpd.apache.org
> > Subject: [SPAM: ] - RE: [users@httpd] Generating self-signed 
> > key doesn't work? - Email found in subject
> > 
> > 
> > > -----Original Message-----
> > > From: Erik Andersson [mailto:erik.andersson@cybercomgroup.com]
> > > 
> > > Thanks for your help. I have a few questions regarding 
> this though.
> > > 
> > > When I added the SSLLog parameters to the ssl.conf I got a error 
> > > telling me to use error log instead since SSLLog no longer was
> > supported. I am
> > > using apache 2.0.43. I did set the LogLevel to debug though.
> > 
> > Your apache version is quite important - it's worth
> > volunteering that right at the start, although I should 
> > probably have asked too... So it seems that SSLLog has been 
> > deprecated in apache 2 - fine, just look for the messages in 
> > the usual error_log.
> > 
> > > I don't understand what you mean with me being wrong using
> > myhost.com
> > > and dev2.myhost.com. If I want to access my servers using
> > > http://dev2.myhost.com aren't that the way to do it??
> > 
> > No. The <VirtualHost> tag is used by apache to define what
> > *IP address* to connect to that VH. But when a request comes 
> > in (when doing name-based VHing) the choice of VH (among many 
> > with the same IP)is made using the ServerName inside the VH. Eg, 
> > 
> > site1 and site both resolve to 192.168.1.1, so you do:
> > 
> > NameVirtualHost 192.168.1.1
> > 
> > <Virtual Host 192.168.1.1>
> >   ServerName site1
> > ...
> > 
> > <Virtual Host 192.168.1.1>
> >   ServerName site2
> > ...
> > 
> > It is not the VH tag which distinguishes NBVHs, it is the 
> ServerName.
> > 
> > If you put a domain name in a VH tag, it will still work
> > because apache will translate the DN into an IP by looking up 
> > DNS. But, if DNS is not up (maybe you're booting, or lost the 
> > network), apache will hang at this point and you'll have a 
> > stuck apache.
> > 
> > > 
> > > I replaced NameVirtualHost 192.168.100.250 with
> > NameVirtualHost * and
> > > got a lot of errors: [Wed Mar 31 10:36:12 2004] [warn] VirtualHost
> > > myhost.com:0 overlaps with
> > > VirtualHost dev1.myhost.com:0, the first has precedence, 
> perhaps you
> > > need a NameVirtualHost directive
> > > [Wed Mar 31 10:36:12 2004] [warn] NameVirtualHost *:0 has no
> > > VirtualHosts
> > > 
> > > *sigh* This is taking all of my time and I seem to be stuck..
> > 
> > Didn't you change your VHs to use * or IP? If you continue
> > with domain names, you will get problems and I can't help.
> > 
> > Rgds,
> > Owen Boyle
> > Disclaimer: Any disclaimer attached to this message may be ignored.
> > 
> > > 
> > > Regards / Erik
> > > 
> > > -----Original Message-----
> > > From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> > > Sent: den 30 mars 2004 16:55
> > > To: users@httpd.apache.org
> > > Subject: [SPAM: ] - RE: [users@httpd] Generating self-signed
> > > key doesn't
> > > work? - Email found in subject
> > > 
> > > 
> > > > -----Original Message-----
> > > > From: Erik Andersson [mailto:erik.andersson@cybercomgroup.com]
> > > > 
> > > > Yes. I restarted the server after applying the changes.
> > The server
> > > > responds with http on both port 80 and 443.
> > > 
> > > I don't think your SSL VH is starting up. I think your 
> requests on 
> > > port 443 are being answered by one of your name-based VHs. Please 
> > > try the following to tidy things up:
> > > 
> > > - remove <IfDefine SSL> and </IfDefine SSL> from ssl.conf so SSL
> > > directives are always loaded.
> > > - remove <IfModule ssl_module> and </IfModule> from httpd.conf
so 
> > > mod_ssl.so is always loaded.
> > > - in ssl.conf, in the SSL VH, add
> > > 
> > > 	SSLLog logs/ssl_log
> > > 	SSLLogLevel debug
> > > 
> > > 	to activate verbose SSL logging
> > > 
> > > - in httpd.conf, replace
> > > 
> > > 	NameVirtualHost 192.168.100.250
> > > 
> > > 	with
> > > 
> > > 	NameVirtualHost *
> > > 
> > > - in httpd.conf, replace
> > > 
> > > 	<VirtualHost myhost.com>
> > > 	and
> > > 	<VirtualHost dev2.myhost.com>
> > > 
> > > 	with
> > > 
> > > 	<VirtualHost *:80>
> > > 
> > > 	(this was wrong anyway - you're not supposed to use
> > FQDNS with VH.
> > > Use only IPs or wildcards.)
> > > 		
> > > - restart the server and look in logs/ssl_log to see what is 
> > > generated. Also look in the error log after start up or 
> if startup 
> > > fails.
> > > 
> > > - try a HEAD request to see what is loaded in the running server:
> > > 
> > > 	telnet localhost 80
> > > 	HEAD / HTTP/1.0 <rtn><rtn>
> > > 
> > > Rgds,
> > > Owen Boyle
> > > Disclaimer: Any disclaimer attached to this message may 
> be ignored.
> > > 
> > > 
> > 
> ---------------------------------------------------------------------
> > > The official User-To-User support forum of the Apache HTTP Server 
> > > Project. See <URL:http://httpd.apache.org/userslist.html> 
> for more 
> > > info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > > For additional commands, e-mail: users-help@httpd.apache.org
> > > 
> > > 
> > Diese E-mail ist eine private und persönliche Kommunikation.
> > Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der 
> > SWX Gruppe. This e-mail is of a private and personal nature. 
> > It is not related to the exchange or business activities of 
> > the SWX Group. Le présent e-mail est un message privé et 
> > personnel, sans rapport avec l'activité boursière du Groupe SWX.
> > 
> > This message is for the named person's use only. It may
> > contain confidential, proprietary or legally privileged 
> > information. No confidentiality or privilege is waived or 
> > lost by any mistransmission. If you receive this message in 
> > error, please notify the sender urgently and then immediately 
> > delete the message and any copies of it from your system. 
> > Please also immediately destroy any hardcopies of the 
> > message. You must not, directly or indirectly, use, disclose, 
> > distribute, print, or copy any part of this message if you 
> > are not the intended recipient. The sender's company reserves 
> > the right to monitor all e-mail communications through their 
> > networks. Any views expressed in this message are those of 
> > the individual sender, except where the message states 
> > otherwise and the sender is authorised to state them to be 
> > the views of the sender's company. 
> > 
> > 
> > 
> > 
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP
> > Server Project. See 
> > <URL:http://httpd.apache.org/userslist.html> for more info. 
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> > 
> > 
> > 
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP
> > Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> > 
> > 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project. See 
> <URL:http://httpd.apache.org/userslist.html> for more info. 
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message