httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Dagnon" <chris.dag...@isthmusgroup.com>
Subject Re: [users@httpd] Add SSL + https to Apache2 Proxied site - won't start!
Date Fri, 25 Aug 2006 20:15:17 GMT
1. Sorry about cc'ing to you personally - I did a Reply All to keep the
message and forgot to amend the headers.

2. Reproducible fix:
Finally got the secured site to server by adding to
/etc/apache2/mods-available/ssl.conf one line:
      Listen 443

3. Reproducible fix:
I eliminated the wrong-DNS dialog after accepting the certificate by
regenerating the cert.  Problem with apache2's mod_ssl ssl_faq is that it
doesn't say that the CommonName needs to be the fully qualified server
name!

Unfortunately I may not have undone all the things I found by googling -
most of which had no immediate effects.  One of which installed Apache 1
as a by-product, which I uninstalled.


4. Problems, non-fatal:
I've added back the *:80 forwarding part to the secure site, and added a
second vhost file with another *:80 entry in it for a separate but related
website.  On startup Apache2 gives these errors:
  -      apache2: Could not determine the server's fully qualified domain
name, using 127.0.0.1 for ServerName
  -      [Fri Aug...] [warn] NameVirtualHost *:80 has no VirtualHosts
But it starts up.


5. Problem, incorrect behaviour:
The Alias + Directory command which worked before the SSL seems to work
for the plain *:80 site but no longer for the newly SSL'd site.  The
secured site tries to serve it directly as content instead of Apache using
the Directory directive:
    Alias /images/ /www/sites/images/
    <Directory /www/sites/images>
        Order allow,deny
        Allow from all
    </Directory>
I've tried copying the Alias with/without Directory into the secured
VirtualHost tags, but with no change in behaviour.  Otherwise secured
content does show up correctly on the unsecured site without a certificate
dialog as desired.


Ideas on how to correct either 4 or 5 is appreciated.  I always stop and
start apache between changes when trying them out, and force Firefox to
refresh content.  Apache's error.log shows only SIGTERM shutdown/startup
entries now, and I am using Apache2 on Ubuntu 6.

Thanks!

-Chris


Chris Dagnon said:
> Thanks for that hint - I didn't think to check log files since it didn't
> start.  error.log said the app's log file couldn't be created so I updated
> that location to match my previous values.  Victim of cut-and-paste-itis.
>
> But I'm back to 'can't establish a connection to the server at...' when
> trying to reach the SSL'd site from Firefox.  With apache2's stop and
> start I continue to see:
>
>    apache2: Could not determine the server's fully qualified domain name,
> using 127.0.1.1 for ServerName (sic)
>
> This is Ubuntu 6, and it automatically put a hosts entry of 127.0.1.1 to
> the machine's name which explains the odd IP, but what I have for the
> VirtualHost *:443's ServerName is also sitting in the hosts file on the
> line for 127.0.0.1, just like the PHP site's name which works fine.  I
> also tried commenting out the VirtualHost *:80's entry in case there was
> forwarding confusion, but that tag actually works forwarding the http to
> https.
>
> The only intelligent question I can ask is: could Apache2 be confused
> because I have an https proxied to an http://localhost:3000/ ?  I wouldn't
> think so, but maybe ProxyPass/Reverse forwards the encrypted request
> instead of decrypting it and passing it along..?
>
> Thanks again,
>
> -Chris
>
>
> Joshua Slive said:
>> On 8/24/06, Chris Dagnon <chris.dagnon@isthmusgroup.com> wrote:
>>> Hello all,
>>>
>>> I've been using a site configured to Proxy requests to another port for
>>> one ServerName and another on the same Apache2 directly serving PHP
>>> pages.
>>>  That's been working fine.  But now I want to add SSL to the proxied
>>> pages
>>> and it isn't going so smoothly.  I had hints from a coworker and tried
>>> integrating that with my existing vhost files, but even at the best of
>>> times Apache2 fails startup.
>>
>> What does the error log say?
>>
>> Joshua.
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message