httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Norman Khine <nor...@khine.net>
Subject Re: [users@httpd] httpd2 vhost & ssl configuration problem
Date Tue, 26 Feb 2008 21:50:31 GMT


pat wrote:
> 
> 
> PingBad wrote:
>>
>> On Wednesday 20 February 2008 00:10, pat wrote:
>>
>> > Hello
>>
>> >
>>
>> > I have a problem with the apache2 configuration if I want to combine
>>
>> > vhost and ssl settings.
>>
>> > My apache opts: APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D LANGUAGE -D
>>
>> > SSL -D SSL_DEFAULT_VHOST -D PHP5 -D PERL -D PYTHON -D SUEXEC"
>>
>> >
>>
>> > This is my vhost config:
>>
>> > <IfDefine SSL_DEFAULT_VHOST>
>>
>> > <IfModule ssl_module>
>>
>> > <VirtualHost *:80>
>>
>> >
>>
>> > ServerName host.company.com
>>
>> >
>>
>> > DirectoryIndex index.php index.html
>>
>> > DocumentRoot "/var/www/localhost/htdocs/host-company-com"
>>
>> > ServerAlias host.company.com *.host.company.com
>>
>> > ErrorLog /var/log/apache2/vhosts/error_log
>>
>> > CustomLog /var/log/apache2/vhosts/access_log common
>>
>> >
>>
>> > <Directory "/var/www/localhost/htdocs/host-company-com">
>>
>> > SSLRequireSSL
>>
>> > Options Indexes FollowSymLinks
>>
>> > AllowOverride None
>>
>> > Order allow,deny
>>
>> > Allow from all
>>
>> > </Directory>
>>
>> > </VirtualHost>
>>
>> >
>>
>> > Now my problem is that if I connect to http://host.company.com works
>>
>> > (the content from /var/www/localhost/htdocs/host-company-com is shown),
>>
>> > but if I connect to https://host.company.com it doesn't work correctly
>>
>> > and the content from /var/www/localhost/htdocs/ (default DocumentRoot)
>>
>> > is shown.
>>
>> > Why? I want to have ssl support for my vhost "host.company.com" but
>>
>> > apache forwards to the wrong DocumentRoot.
>>
>> > Does anyone have an idea, what the problem is?
>>
>> >
>>
>> > Thank you and best regards,
>>
>> > pat
>>
>> >
>>
>> > ---------------------------------------------------------------------
>>
>> > The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>>
>> > See <URL:http://httpd.apache.org/userslist.html> for more info.
>>
>> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>
>> > " from the digest: users-digest-unsubscribe@httpd.apache.org
>>
>> > For additional commands, e-mail: users-help@httpd.apache.org
>>
>> Did you setup a VirtualHost for port 443?
>>
>> <VirtualHost *:443>
>>
>> ServerName host.company.com
>>
>> DirectoryIndex index.php index.html
>>
>> DocumentRoot "/var/www/localhost/htdocs/host-company-com"
>>
>> ServerAlias host.company.com *.host.company.com
>>
>> ErrorLog /var/log/apache2/vhosts/error_log
>>
>> CustomLog /var/log/apache2/vhosts/access_log common
>>
>> <Directory "/var/www/localhost/htdocs/host-company-com">
>>
>> SSLRequireSSL
>>
>> Options Indexes FollowSymLinks
>>
>> AllowOverride None
>>
>> Order allow,deny
>>
>> Allow from all
>>
>> </Directory>
>>
>> </VirtualHost>
>>
>> HTTP and HTTPS use 2 different ports.
>>
>> -- 
>>
>> PingBad,
>>
>> IRC Fanatic
>>
> 
> Hi PingBad
> 
> Yes. there is the "default_ssl_vhost" configured for that:
> isten 443
> 
> <VirtualHost _default_:443>
>        ServerName company.com
>        Include /etc/apache2/vhosts.d/default_vhost.include
>        ErrorLog /var/log/apache2/ssl_error_log
> ...
> </VirtualHost>
> 
> 
> But I followed your advice anyway and changed the port in the current 
> discussed config to 443. Here's the output:
> /etc/init.d/apache2 reload
> * Gracefully restarting apache2 ...
> apache2: Could not reliably determine the server's fully qualified 
> domain name, using 127.0.0.1 for ServerName
> [Wed Feb 20 02:48:02 2008] [warn] _default_ VirtualHost overlap on port 
> 443, the first has precedence                           [ ok ]
> 
> Now it has a different behavior: If I know connect to http:80 or 
> https:443, it always shows me the content of the default DocumentRoot 
> /var/www/localhost/htdocs/ instead of 
> /var/www/localhost/htdocs/host-company-com.
> 
A bit late in replying and not sure if you have solved your issues. Here 
is the way I set up my server. This works for me, also make sure you 
emerge apache with SNI support if you want to have different SSL 
certificates.

Gentoo, apache 2.2.8

# vim /etc/conf.d/apache2

APACHE2_OPTS="-D DEFAULT_VHOST -D SSL -D SSL_DEFAULT_VHOST -D PROXY ..."


# vim /etc/apache2/vhosts.d/00_default_vhost.conf

...

Listen 80
NameVirtualHost *:80

<VirtualHost _default_:80>
         ServerName localhost
         Include /etc/apache2/vhosts.d/default_vhost.include

         <IfModule mpm_peruser_module>
                 ServerEnvironment apache apache
         </IfModule>
</VirtualHost>

...


# vim /etc/apache2/vhosts.d/00_default_ssl_vhost.conf

Listen 443
NameVirtualHost *:443

<VirtualHost *:443>
         ServerName localhost
         Include /etc/apache2/vhosts.d/default_vhost.include
...
         SSLCertificateFile /etc/apache2/ssl/server_cert.pem
         SSLCertificateKeyFile /etc/apache2/ssl/server_privatekey.pem
         SSLCACertificateFile /etc/apache2/ssl/ca-bundle.crt

...
</VirtualHost>


<VirtualHost *:443>

      SSLEngine on
      SSLCipherSuite AL
      SSLCertificateFile /etc/apache2/ssl/domain2.crt 

      SSLCertificateKeyFile /etc/apache2/ssl/domain2.key
      SSLCertificateChainFile /etc/apache2/ssl/domain2.ca-bundle

      ServerName domain2:443
...

</VirtualHost>

etc...


#Here we configure domain2 to redirect to https when accessed.

#vim vim /etc/apache2/vhosts.d/domain2.conf

<VirtualHost *:80>
     ServerName domain2
     DocumentRoot "/var/www/domain2/htdocs/"
     RewriteEngine on
     RewriteCond %{SERVER_PORT} !^443$
     RewriteRule ^/cgi-bin/git.cgi 
https://%{SERVER_NAME}/cgi-bin/git.cgi$1 [L,R]
     <Directory "/var/www/domain2/htdocs">
         Options Indexes FollowSymLinks
         AllowOverride None
         Order deny,allow
         Deny from all
         Allow from xxx.xxx.xxx.xxx
     </Directory>
</VirtualHost>



Hope this helps

--
Norman

%>>> "".join( [ {'*':'@','^':'.'}.get(c,None) or chr(97+(ord(c)-83)%26) 
for c in ",adym,*)&uzq^zqf" ] )


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message