httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] Virtual Hosts Problem .. more
Date Fri, 03 Mar 2006 08:54:16 GMT
> -----Original Message-----
> From: kloomis [mailto:kloomis@it-resources.com] 
> Sent: Freitag, 3. März 2006 05:52
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Virtual Hosts Problem .. more
> 
> At 01:57 PM 3/1/2006 -0500, I wrote:
> 
> Well, I've been able to configure my httpd.conf to serve two 
> secure virtualhosts and the first page of a non-secure host, 
> but not the following pages of the non-secure site.
> 
> The docs say I can't use name based virtual hosts with SSL, 
> but it's working for the SSL sites, but it might be breaking 
> the non-secured site?  Does anyone know how to set this up?
> 
> Here's my current config: (I've annotated it to try to 
> explain what I'm trying to do)
> 
> ### Section 3: Virtual Hosts
> 
> # I'm trying to serve secure and non-secure websites
> NameVirtualHost *:80
> NameVirtualHost *:443
> 
> # The current users of this site all use the ip address to get to it.
> # This config works.
> <VirtualHost 123.456.789.123:443>
>     ServerAdmin webAdmin@example.com
>     DocumentRoot /var/www/html/sgimis/pages
>     ServerName 123.456.789.123:443
> </VirtualHost>
> 
> # This site will be accessed by a FQDN
> # It is working with this config
> <VirtualHost *:443>
>     ServerAdmin webAdmin@example.com
>     DocumentRoot /var/www/html/newsgimis
>     ServerName itr.example.com
> </VirtualHost>

I guess you are missing out all the SSL directives, esp. the certificate... Anyway, your setup
is not really working in a strict SSL sense. What is happening is that the SSL session is
established using the cert from the first VH. Once the SSL channel is open, apache can then
decrypt the request and so see the Host header. Then it can assign the request to the correct
VH so name-based SSL "seems" to work.

The problem is that the cert is always coming from the first VH, so request for the site contained
in the 2nd VH will produce a browser warning that the site domain name doesn't match the cert.
Thus, you don't have authentication, even though you have encryption. Maybe you don't care
about authentication? Maybe that's OK if you have a development set up or a limited use for
SSL btu for serious commercial SSL, authentication is just as important as encryption... 

> 
> # This is the "main" domain site.
> <VirtualHost *:80>
>    ServerAdmin webAdmin@example.com
>    DocumentRoot /var/www/html
>    ServerName example.com
> </VirtualHost>
> 
> # This one is a Drupal CMS PHP, MySQL site
> # This is the one that's not working properly.
> # I get to the index, but not any follow-on pages
> <VirtualHost *:80>
>    ServerAdmin webAdmin@example.com
>    DocumentRoot /var/www/html/tty
>    ServerName tty.example.com
> </VirtualHost>

Could be a dozen things... your snippet is too terse to tell what you've done wrong (could
even be the HTML source). If you post the real URL, we can have a look..

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> 
> #This is another Drupal site
> <VirtualHost *:80>
>    ServerAdmin webAdmin@example.com
>    DocumentRoot /var/www/html/sgine
>    ServerName sgine.example.com
> </VirtualHost>
> 
> Any help would be much appreciated.  I find httpd to be a mystery.
> 
> Thanks,
> 
> Ken
> 
> 
> 
> 
> 
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen-
bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature.
It is not related to the exchange or business activities of the SWX Group. Le présent e-mail
est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. No confidentiality or privilege is waived or lost by any
mistransmission. If you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system. Please also immediately
destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail communications through their
networks. Any views expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorised to state them to be the views of
the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message