httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob De Langhe <rob.delan...@telindus.be>
Subject RE: [users@httpd] SSL and Virtual hosts
Date Tue, 11 May 2004 19:48:18 GMT
Hi,

by occasion, I have just been searching for the past few days on this very
same problem, and got it entirely to work :

Apache-2 acting as reverse proxy with SSL, forwarding HTTPS to multiple
virtual hosts :

Solaris-9
httpd version 2.0.47, compiled as proxy
openSSL version 0.9.7c
configured with straight forward proxy off
virtual hosts with the 'NameVirtualHost' directive (only once)
listening on port 443
SSL-enabled
a single certificate, created on `uname -n` 
the 'Servername' of the http is `uname -n`
multiple <VirtualHost *:443> sections, each with their own 'Servername' =
symbolicname.mydomain.com, and multiple ServerAlias'es, all forwarding its
HTTPS connections per virtual host to 'https://symbolicname/' using the
ProxyPassReverse directives

Rob

-----Original Message-----
From: Joey Hewitt [mailto:joey@joeyhewitt.com] 
Sent: Tuesday, May 11, 2004 8:24 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] SSL and Virtual hosts


Quoting Milan Andric <mandric@eecs.berkeley.edu>:

> On Tue, May 11, 2004 at 08:10:52AM -0400, Darryl Cook wrote:
> > I ran into a problem which I need your help with.   I am running Mailman
> > over Apache 2.x successfully with ssl support.  Today I merged all 
> > of our web pages over to that machine and ran into the following 
> > problem....in our httpd.conf file we have a couple of virtual hosts 
> > defined so that two different departments have their own web area.  
> > This is no problem by itself when ssl support is not included but 
> > when you include ssl support with it, you get the error :
> >
> > Tue May 11 08:09:27 2004] [error] VirtualHost _default_:443 -- 
> > mixing * ports and non-* ports with a NameVirtualHost address is not 
> > supported, proceeding with undefined results
> >
> > What happens is that it ignores the virtual hosts and serves from the
> > default pages.   Anyone know why and how to combine ssl and virtual
> > hosts on the same machine.
>
> you need to do IP based vhosting as opposed to name based virtual 
> hosting. if you search the maillist archive you'll find more info 
> about it.  one solution is to assign more than one ip to the network 
> card, aka ip aliasing.
>

I'm not sure about the implications of SSL certificates and this issue, but
I was seeing this error you described while trying to do something similar.
I think the trick was to have 2 NameVirtualHost directives -- one for port
80 and the other for port 443.  See my vhosts file at
http://www.joeyhewitt.com/chunked_bug/vhosts/vhosts.conf to see how I did
it.

Just beware that I only use SSL to secure my little personal web page's
webmail, i.e. I don't expect any browser other than my own with my own root
CA imported in, to be able to authenticate the server correctly.  Maybe it's
not a good idea to serve over HTTP *and* HTTP/SSL on the same server using
virtual hosts...  HTH, ==Joey

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info. To
unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Visit us at the Telecom cITy Fair - The largest IT Fair in Belgium!
25, 26, 27 May - Brussels Expo

Get your free tickets here!



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message