httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Henderson <dhender...@digital-pipe.com>
Subject Fwd: Re: [users@httpd] apache and ssl
Date Thu, 29 Jun 2006 18:30:35 GMT
I found out that I had to add multiple NameVirtualHost definitions like the following:
  
  NameVirtualHost 192.168.0.12:80
  NameVirtualHost 192.168.0.12:443
  
  and I also changed the virtual host section to use 192.168.0.12 instead  of the 192.168.0.13
ip address.  Tried to go back to the ssl page  and..... it still failed.  I am pulling my
hair out!  This is  so frustrating!  Does anyone have any more information to share  with
me?
  
  Thanks,
  Dave
  
  

Dave Henderson <dhenderson@digital-pipe.com> wrote:  Date: Thu, 29 Jun 2006 07:30:50
-0700 (PDT)
From: Dave Henderson <dhenderson@digital-pipe.com>
To: users@httpd.apache.org
Subject: Re: [users@httpd] apache and ssl

  Ok, if I try to separate them, I will have to modify my NameVirtualHost definition file
to something like:
  
  NameVirtualHost: 192.168.0.12:*
  or
  NameVirtualHost: 192.168.0.12
  
  but if I do that, I get error messages when I try to stop and restart the server:
  
  [Thu Jun 29 10:27:31 2006] [error] VirtualHost 192.168.0.12:80 --  mixing * ports and non-*
ports with a NameVirtualHost address is not  supported, proceeding with undefined results
  
  Do I need to modify my "Listen" definition to be something like:
  
  Listen 192.168.0.12:80
  Listen 192.168.0.12:443
  
  Thanks,
  Dave
  
  (Sorry for direct response, I didn't know you were being sent an email as well)

Pid <p@pidster.com> wrote:  Date: Thu, 29 Jun 2006 15:06:29 +0100
From: Pid <p@pidster.com>
To:   Dave Henderson <dhenderson@digital-pipe.com>
Subject: Re: [users@httpd] apache and ssl

  I don't think you gain anything by separating the IPs if they're
actually on one physical connection.

(reply to the list only please)



Dave Henderson wrote:
> I do have two NameVirtualHost definitions:
> 
> NameVirtualHost 192.168.0.12:80
> NameVirtualHost 192.168.0.13:443
> 
> On my firewall, I have port 80 traffic going to 192.168.0.12 and 443
> traffic going to 192.168.0.13.  Both ip's are used on the same server by
> way of assigning multiple ip addresses to one nic.  Should I change my
> vhost definitions to use on the 192.168.0.12 ip address instead of using
> the two shown above?
> 
> Thanks,
> Dave
> 
> 
> 
> */Pid /* wrote:
> 
>     Does anyone else think that this is wrong?
> 
>       SSLCertificateFile /etc/apache2/ssl/certs/sitename.com.crt
>     SSLCertificateKeyFile /etc/apache2/ssl/keys/sitename.com.key
>     >> SSLCACertificateFile /etc/apache2/ssl/root/sitename.com.crt
> 
>     It looks like you're telling it that the Certificate Authority is the
>     same file as the Certificate itself. I could be wrong tho.
> 
> 
> 
>     As regards to the VHost defs: it depends what you've got in front of the
>     server in the way of DNS or loadbalancers.
> 
>     Your domain name can only resolve to point at one IP address (unless
>     you're using load balancers or proxies etc etc). So any request for the
>     SSL port of demo.sitename.com is going to arrive at the same IP as the
>     port 80 connection.
> 
>     http://demo.sitename.com > IP1
>     https://demo.sitename.com > Still IP1
> 
> 
>     (Have you set   "NameVirtualHost" or not?)
> 
> 
> 
>     Dave Henderson wrote:
>     > I am wondering if the virtual host definitions are wrong. Can I do the
>     > following (even though the ServerName options have the same
>     value)? Can
>     > I use the IP addresses like I have done below?
>     >
>     >
>     >
>     > ServerAdmin webmaster@sitename.com
>     > ServerName demo.sitename.com
>     > DocumentRoot /var/www/sitename.com/demo
>     >
>     > # This should be changed to whatever you set DocumentRoot to.
>     >
>     > Options Indexes Includes
>     > AllowOverride Options
>     > Order allow,deny
>     > Allow from all
>     >
>     > ErrorLog /var/log/apache2/sitename.com/demo/error.log
>     > CustomLog /var/log/apache2/sitename.com/demo/access.log common
>       > CustomLog /var/log/apache2/sitename.com/demo/referer.log referer
>     > CustomLog /var/log/apache2/sitename.com/demo/agent.log agent
>     >
>     > # Possible values: debug, info, notice, warn, error, crit,
>     > alert, emerg.
>     > LogLevel warn
>     >
>     > ServerSignature On
>     >
>     >
>     >
>     >
>     > ServerAdmin webmaster@sitename.com
>     > ServerName demo.sitename.com
>     > DocumentRoot /var/www/sitename.com/demo/ssl
>     >
>     > # SSL specifications
>     > SSLEngine On
>     > SSLCertificateFile /etc/apache2/ssl/certs/sitename.com.crt
>     > SSLCertificateKeyFile /etc/apache2/ssl/keys/sitename.com.key
>     > SSLCACertificateFile /etc/apache2/ssl/root/sitename.com.crt
>     > SSLCipherSuite SSLv2:+HIGH:+MEDIUM
>     > SetEnvIf User-Agent   ".*MSIE.*" nokeepalive ssl-unclean-shutdown
>     >
>     > # SSLVerifyClient require
>     > # SSLVerifyDepth 1
>     > # CustomLog /var/log/apache2/ssl \ "%t %h %{SSL_PROTOCOL}x
>     > %{SSL_CIPHER}x$
>     > #
>     > # SSLCipherSuite SSLv2:+HIGH:+MEDIUM
>     > # SSLVerifyClient require
>     > # SSLVerifyDepth 1
>     > #
>     >
>     > # This should be changed to whatever you set DocumentRoot to.
>     >
>     > Options Indexes Includes
>     > AllowOverride Options
>     > Order allow,deny
>     > Allow from all
>     >
>     > ErrorLog /var/log/apache2/sitename.com/demo/error.log
>     > CustomLog /var/log/apache2/sitename.com/demo/access.log common
>     > CustomLog /var/log/apache2/sitename.com/demo/referer.log referer
>     > CustomLog   /var/log/apache2/sitename.com/demo/agent.log agent
>     >
>     > # Possible values: debug, info, notice, warn, error, crit,
>     > alert, emerg.
>     > LogLevel warn
>     >
>     > ServerSignature On
>     >
>     >
> 
>     ---------------------------------------------------------------------
>     The official User-To-User support forum of the Apache HTTP Server
>     Project.
>     See for more info.
>     To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>     " from the digest: users-digest-unsubscribe@httpd.apache.org
>     For additional commands, e-mail: users-help@httpd.apache.org
> 
> 




Mime
View raw message