httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Dagnon" <>
Subject Re: [users@httpd] Add SSL + https to Apache2 Proxied site - won't start!
Date Fri, 25 Aug 2006 20:15:17 GMT
1. Sorry about cc'ing to you personally - I did a Reply All to keep the
message and forgot to amend the headers.

2. Reproducible fix:
Finally got the secured site to server by adding to
/etc/apache2/mods-available/ssl.conf one line:
      Listen 443

3. Reproducible fix:
I eliminated the wrong-DNS dialog after accepting the certificate by
regenerating the cert.  Problem with apache2's mod_ssl ssl_faq is that it
doesn't say that the CommonName needs to be the fully qualified server

Unfortunately I may not have undone all the things I found by googling -
most of which had no immediate effects.  One of which installed Apache 1
as a by-product, which I uninstalled.

4. Problems, non-fatal:
I've added back the *:80 forwarding part to the secure site, and added a
second vhost file with another *:80 entry in it for a separate but related
website.  On startup Apache2 gives these errors:
  -      apache2: Could not determine the server's fully qualified domain
name, using for ServerName
  -      [Fri Aug...] [warn] NameVirtualHost *:80 has no VirtualHosts
But it starts up.

5. Problem, incorrect behaviour:
The Alias + Directory command which worked before the SSL seems to work
for the plain *:80 site but no longer for the newly SSL'd site.  The
secured site tries to serve it directly as content instead of Apache using
the Directory directive:
    Alias /images/ /www/sites/images/
    <Directory /www/sites/images>
        Order allow,deny
        Allow from all
I've tried copying the Alias with/without Directory into the secured
VirtualHost tags, but with no change in behaviour.  Otherwise secured
content does show up correctly on the unsecured site without a certificate
dialog as desired.

Ideas on how to correct either 4 or 5 is appreciated.  I always stop and
start apache between changes when trying them out, and force Firefox to
refresh content.  Apache's error.log shows only SIGTERM shutdown/startup
entries now, and I am using Apache2 on Ubuntu 6.



Chris Dagnon said:
> Thanks for that hint - I didn't think to check log files since it didn't
> start.  error.log said the app's log file couldn't be created so I updated
> that location to match my previous values.  Victim of cut-and-paste-itis.
> But I'm back to 'can't establish a connection to the server at...' when
> trying to reach the SSL'd site from Firefox.  With apache2's stop and
> start I continue to see:
>    apache2: Could not determine the server's fully qualified domain name,
> using for ServerName (sic)
> This is Ubuntu 6, and it automatically put a hosts entry of to
> the machine's name which explains the odd IP, but what I have for the
> VirtualHost *:443's ServerName is also sitting in the hosts file on the
> line for, just like the PHP site's name which works fine.  I
> also tried commenting out the VirtualHost *:80's entry in case there was
> forwarding confusion, but that tag actually works forwarding the http to
> https.
> The only intelligent question I can ask is: could Apache2 be confused
> because I have an https proxied to an http://localhost:3000/ ?  I wouldn't
> think so, but maybe ProxyPass/Reverse forwards the encrypted request
> instead of decrypting it and passing it along..?
> Thanks again,
> -Chris
> Joshua Slive said:
>> On 8/24/06, Chris Dagnon <> wrote:
>>> Hello all,
>>> I've been using a site configured to Proxy requests to another port for
>>> one ServerName and another on the same Apache2 directly serving PHP
>>> pages.
>>>  That's been working fine.  But now I want to add SSL to the proxied
>>> pages
>>> and it isn't going so smoothly.  I had hints from a coworker and tried
>>> integrating that with my existing vhost files, but even at the best of
>>> times Apache2 fails startup.
>> What does the error log say?
>> Joshua.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message