httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Dagnon" <chris.dag...@isthmusgroup.com>
Subject [users@httpd] Add SSL + https to Apache2 Proxied site - won't start!
Date Fri, 25 Aug 2006 00:27:22 GMT
Hello all,

I've been using a site configured to Proxy requests to another port for
one ServerName and another on the same Apache2 directly serving PHP pages.
 That's been working fine.  But now I want to add SSL to the proxied pages
and it isn't going so smoothly.  I had hints from a coworker and tried
integrating that with my existing vhost files, but even at the best of
times Apache2 fails startup.

I have been looking through the how-to
(http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html) , but this page
never says anything about host files (it only uses the httpd.conf file)
nor using port 443 so I'm less sure how relevant it is.  The
ssl_faq.html's Certificates' portion does clearly explain how to create
the certificates themselves.  That part seems fine.

I did add the ssl and rewrite modules, relieving those early errors. 
Configuration-wise the advice I've gotten makes it looks like I need to
first add a rewrite for the http requests:

NameVirtualHost *:80
<VirtualHost *:80>
     ServerAdmin webmaster@dummy-host.example.com
     ServerName site1.domain.com
     RewriteEngine on
     RewriteRule ^/$ https://site1.domain.com [R,L]
     CustomLog logs/site1-80_log combined
     ErrorLog logs/site1-80_error
</VirtualHost>

And then add a couple parts to my Proxied VirtualHost to process it
correctly:

NameVirtualHost *:443
<VirtualHost *:443>
    ServerAdmin webmaster@localhost
    ServerName site1.domain.com
    ProxyPassReverse   / http://localhost:3000/
    ProxyPass          / http://localhost:3000/
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
    SSLCertificateFile /etc/ssl/server.crt
    SSLCertificateKeyFile /etc/ssl/server.pem
    CustomLog logs/site1-443_log combined
    ErrorLog logs/site1-443_error
</VirtualHost>

A related question is: should the Alias/Directory/Location entries
following these need to be changed?  They should all be https content, so
the above tags should take care of that, correct?

The /etc/hosts file has this entry since we want both this secured portion
and a separate unsecured portion in a separate vhost file:
  127.0.0.1   localhost   site1.domain.com   domain.com

I am unsure what else is relevant here.  If there are suggestions or
questions I can answer, please let me know.


Thanks for your insights,

-Chris

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message