httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pat <...@ng-lab.org>
Subject Re: [users@httpd] httpd2 vhost & ssl configuration problem
Date Wed, 20 Feb 2008 08:22:25 GMT
Okay, I was already wondering if there is a problem with more then one 
VH and SSL all on the same port (443).
It looks like I have to make the whole server ssl then?

Yes, SSLRequireSSL gives me a 403 denied access.

Boyle Owen wrote:
>> -----Original Message-----
>> From: pat [mailto:pat@ng-lab.org] 
>> Sent: Tuesday, February 19, 2008 1:19 PM
>> To: users@httpd.apache.org
>> Subject: Re: [users@httpd] httpd2 vhost & ssl configuration problem
>>
>> Hello Boyle
>>
>> Just the default ssl vhost is on port 443:
>>     Listen 443
>>
>>     <VirtualHost _default_:443>
>>             ServerName company.com
>>             Include /etc/apache2/vhosts.d/default_vhost.include
>>             ...
>>     </VirtualHost>
>>     
>
> So this is the VH that serves any HTTPS requests. Remember that SSL
> cannot be name-based so you can only have one SSL VH per ip:port.
>
> The simplest thing is just to put the required docroot in here.
>
>   
>> Hm okay. What I want is that someone can connect on http:80 and gets 
>> forwarded to https:443, because there is directory based ssl forced.
>>     
>
> Do you mean SSLRequireSSL? That doesn't forward or redirect or anything
> - it just denies access if the protocol is not HTTPS. Is this working -
> do you get a 403?
>
>
>   
>> Should I use default_vhost.conf as template for that? I used 
>> default_ssl_vhost.conf for that... (I am using gentoo)
>>     
>
> Personally, I'm a one-big-monolithic-config guy. I never use included
> configs and know nothing about how gentoo set things up.
>
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored. 
>   
>> Regards,
>> pat
>>
>>
>> Boyle Owen wrote:
>>     
>>>> -----Original Message-----
>>>> From: pat [mailto:pat@ng-lab.org] 
>>>> Sent: Tuesday, February 19, 2008 12:11 PM
>>>> To: users@httpd.apache.org
>>>> Subject: [users@httpd] httpd2 vhost & ssl configuration problem
>>>>
>>>> Hello
>>>>
>>>> I have a problem with the apache2 configuration if I want 
>>>>         
>> to combine 
>>     
>>>> vhost and ssl settings.
>>>> My apache opts: APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D 
>>>>         
>> LANGUAGE -D 
>>     
>>>> SSL -D SSL_DEFAULT_VHOST -D PHP5 -D PERL -D PYTHON -D SUEXEC"
>>>>
>>>> This is my vhost config:
>>>> <IfDefine SSL_DEFAULT_VHOST>
>>>> <IfModule ssl_module>
>>>> <VirtualHost *:80>
>>>>     
>>>>         
>>> Do you have a VH on port 443?
>>>
>>>
>>> NB: SSL is a separate port-based VH, not an extra attribute you tack
>>> onto a plain HTTP VH.
>>>
>>> Rgds,
>>> Owen Boyle
>>> Disclaimer: Any disclaimer attached to this message may be ignored. 
>>>
>>>   
>>>       
>>>>       ServerName host.company.com
>>>>
>>>>       DirectoryIndex index.php index.html
>>>>       DocumentRoot "/var/www/localhost/htdocs/host-company-com"
>>>>       ServerAlias host.company.com *.host.company.com
>>>>       ErrorLog /var/log/apache2/vhosts/error_log
>>>>       CustomLog /var/log/apache2/vhosts/access_log common
>>>>
>>>>       <Directory "/var/www/localhost/htdocs/host-company-com">
>>>>               SSLRequireSSL
>>>>               Options Indexes FollowSymLinks
>>>>               AllowOverride None
>>>>               Order allow,deny
>>>>               Allow from all
>>>>       </Directory>
>>>> </VirtualHost>
>>>>
>>>> Now my problem is that if I connect to 
>>>>         
>> http://host.company.com works 
>>     
>>>> (the content from /var/www/localhost/htdocs/host-company-com 
>>>> is shown), 
>>>> but if I connect to https://host.company.com it doesn't work 
>>>> correctly 
>>>> and the content from /var/www/localhost/htdocs/ (default 
>>>> DocumentRoot) 
>>>> is shown.
>>>> Why? I want to have ssl support for my vhost 
>>>>         
>> "host.company.com" but 
>>     
>>>> apache forwards to the wrong DocumentRoot.
>>>> Does anyone have an idea, what the problem is?
>>>>
>>>> Thank you and best regards,
>>>> pat
>>>>
>>>>
>>>>         
>> ---------------------------------------------------------------------
>>     
>>>> The official User-To-User support forum of the Apache HTTP 
>>>> Server Project.
>>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>>
>>>>     
>>>>         
>>>  
>>>  
>>> This message is for the named person's use only. It may 
>>>       
>> contain confidential, proprietary or legally privileged 
>> information. If you receive this message in error, please 
>> notify the sender urgently and then immediately delete the 
>> message and any copies of it from your system. Please also 
>> immediately destroy any hardcopies of the message. The 
>> sender's company reserves the right to monitor all e-mail 
>> communications through their networks.
>>     
>>>       
>> ---------------------------------------------------------------------
>>     
>>> The official User-To-User support forum of the Apache HTTP 
>>>       
>> Server Project.
>>     
>>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>> For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>>   
>>>       
>> -- 
>> Patrick Grieshaber
>> http://www.ng-lab.org
>> sysspoof@ng-lab.org
>> pgr@ng-lab.org
>>
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP 
>> Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>     
>  
>  
> This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. If you receive this message in error, please notify the
sender urgently and then immediately delete the message and any copies of it from your system.
Please also immediately destroy any hardcopies of the message. The sender's company reserves
the right to monitor all e-mail communications through their networks.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>   


-- 
Patrick Grieshaber
http://www.ng-lab.org
sysspoof@ng-lab.org
pgr@ng-lab.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message