httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <icici...@gmail.com>
Subject Re: [users@httpd] Port 80 and 443 Running Name Based Virtual Host on a Single IP Address - need an example
Date Wed, 05 May 2010 02:30:36 GMT
Well you can give a go to the following configuration:


Make the end of the httpd.conf look like this:

==SNIP==
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

NameVirtualHost IP_ADDRESS:80
<VirtualHost IP_ADDRESS:80>
DocumentRoot "/usr/local/apache2/htdocs"
ServerName example2.com
ServerAlias www.example2.com
ServerAdmin you@example2.com

ErrorLog "|/usr/local/apache2/bin/rotatelogs
/usr/local/apache2/logs/error_log.%Y-%m-%d-%H_%M_%S 86400"
CustomLog "|/usr/local/apache2/bin/rotatelogs
/usr/local/apache2/logs/access_log.%Y-%m-%d-%H_%M_%S 86400" common
LogLevel info

</VirtualHost>


This should include the SSL virtual server configuration (note the "Include
conf/extra/httpd-ssl.conf" line) and create virtual host on port 80.


For the SSL host on port 443, make the conf/extra/httpd-ssl.conf file look
like:

==SNIP==
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLSessionCache        "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

SSLMutex  "file:/usr/local/apache2/logs/ssl_mutex"

NameVirtualHost IP_ADDRESS:443
<VirtualHost IP_ADDRESS:443>
DocumentRoot "/usr/local/apache2/htdocs"
ServerName  example1.com
ServerAlias www.example1.com
ServerAdmin you@example1.com
ErrorLog "|/usr/local/apache2/bin/rotatelogs
/usr/local/apache2/logs/error_log.%Y-%m-%d-%H_%M_%S 86400"
CustomLog "|/usr/local/apache2/bin/rotatelogs
/usr/local/apache2/logs/access_log.%Y-%m-%d-%H_%M_%S 86400" common
LogLevel info

SSLEngine on
#SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/www.example1.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.crt/unencrypted.key
SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/intermediatecrt.crt

#SSLVerifyClient require
#SSLVerifyDepth  10

#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#CustomLog "/usr/local/apache2/logs/ssl_request_log" \
#          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
==SNIP==

I'm assuming you are running apache2 on Unix/Linux and it's been installed
in /usr/local/apache2 directory. I also assume that you have the knowledge
of creating self generated certificate and/or installing third party
certificate from a legal body (like Verisign etc). Please note that you
might want to change some of the config settings for the SSL or the file
names of the logs or the path where the certificate is going to be
installed.

If any more help needed, or something not working please let me know :)

Igor


On Wed, May 5, 2010 at 11:11 AM, Wang, Mary Y <mary.y.wang@boeing.com>wrote:

> Hi,
>
> How do I declare a port 80 and port 443 name-based virtual host on a single
> IP address?
> For example:
> I've two aliases (CNAMES)  are pointing to same machine in DNS.  I want
> www.example1.com to be main server configuration.
> www.example1.com ->  port 443
> www.example2.com -> port 80
>
> and both of them are on single IP.
>
> Can someone give me example?
>
> Thanks
> Mary
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message