Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 97304 invoked from network); 4 Oct 2010 20:03:02 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 4 Oct 2010 20:03:02 -0000 Received: (qmail 88824 invoked by uid 500); 4 Oct 2010 20:02:57 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 88491 invoked by uid 500); 4 Oct 2010 20:02:56 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 88482 invoked by uid 99); 4 Oct 2010 20:02:56 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Oct 2010 20:02:56 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of i.galic@brainsware.org designates 188.40.115.121 as permitted sender) Received: from [188.40.115.121] (HELO mail.brainsware.org) (188.40.115.121) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 Oct 2010 20:02:51 +0000 Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.brainsware.org (Postfix) with ESMTP id 6438E1DE331 for ; Mon, 4 Oct 2010 20:02:30 +0000 (UTC) X-Virus-Scanned: amavisd-new at brainsware.org Received: from mail.brainsware.org ([127.0.0.1]) by localhost (mail.brainsware.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2VyjZN4YaDW7 for ; Mon, 4 Oct 2010 20:02:24 +0000 (UTC) Received: from mail.brainsware.org (mail.brainsware.org [188.40.115.121]) by mail.brainsware.org (Postfix) with ESMTP id F0D8E1DE32E for ; Mon, 4 Oct 2010 20:02:24 +0000 (UTC) Date: Mon, 4 Oct 2010 20:02:24 +0000 (UTC) From: =?utf-8?Q?Igor_Gali=C4=87?= To: users@httpd.apache.org Message-ID: <1276073176.4002.1286222544826.JavaMail.root@iris> In-Reply-To: <895294969.3999.1286222532690.JavaMail.root@iris> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_4001_14386520.1286222544826" X-Originating-IP: [91.130.162.37] X-Mailer: Zimbra 6.0.5_GA_2213.DEBIAN5_64 (ZimbraWebClient - FF3.0 (Linux)/6.0.5_GA_2213.DEBIAN5_64) Subject: Re: [users@httpd] Options for multiple SSL domains on 1 server ------=_Part_4001_14386520.1286222544826 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable ----- "Rainer Jung" wrote: > On 04.10.2010 21:00, Igor Gali=C4=87 wrote: > > > > ----- "Grant" wrote: > > > >>>> The "virtualhost for each SSL host" is what I mean by separate > >>>> apache2 > >>>> configs. I'd like to be able to define different domain names > on > >> the > >>>> fly within my perl scripts without changing apache2 config.=20 > Maybe > >>>> we're just not there yet? > >>> > >>> You can also use things like mod_macro to enable that kind of > >> flexibility. > >> > >> I looked at mod_macro but it seems to essentially be a framework > for > >> setting and reading variable values within the apache2 config > files. > >> What I'd like to do is allow new SSL domains to be defined from > the > >> web in an automatic fashion without the need for SSH access. At > this > >> point I'm thinking something that generates a new vhost config > file > >> for each domain name would be perfect. It could use a template > for > >> each file and just change the IP address and SSL certificate/key > >> references. Does something like this exist? > > > > Aaaha... > > > > An (SSL) VHost is just a couple of lines.. depending on your setup > > either the IP/Cert/ServerName (IP Based) or only the ServerName > > (SubjectAltName) > > > > One way or the other, you can define a pattern: > > > > > > > > > > ServerName $servername > > DocumentRoot /srv/web/$servername/htdocs > > SSLEngine On > > SSLCertificateChainFile /etc/pki/ssl/$servername.pem > > ErrorLog /var/log/httpd/$servername/error_log > > > > > > > > > > , and then > > > > Use SSLVhost servername IP > > > > In some or the other file. That's one line you have to add -- and > then you do an > > apachectl graceful. >=20 > I vaguely remember some kind of limitation concerning mod_macro and=20 > VirtualHost. I think you can define the contents of the VirtualHost=20 > container by a macro, but not the container itself, so e.g. >=20 > > ServerName $servername > DocumentRoot /srv/web/$servername/htdocs > SSLEngine On > SSLCertificateChainFile /etc/pki/ssl/$servername.pem > ErrorLog /var/log/httpd/$servername/error_log > >=20 > and then >=20 > > SSLVHost name1 > >=20 > > SSLVHost name2 > >=20 > ... >=20 > I could be wrong though. i.galic@pheme ~ % bw_apachectl.sh vhosts esotericsystems.at /bin/sh: Illegal option -p /bin/sh: Illegal option -p [Mon Oct 04 20:00:18 2010] [warn] module dir_module is already loaded, skip= ping VirtualHost configuration: 127.0.0.1:8001 is a NameVirtualHost default server www.esotericsystems.at (macro 'StaticWWWVHostAlias'= (defined on line 49 of /etc/bw/apache/extra/macro.conf) used on line 17 of= /etc/bw/apache/vhosts/esotericsystems.at/httpd.conf:1) port 8001 namevhost www.esotericsystems.at (macro 'StaticWWWVHostA= lias' (defined on line 49 of /etc/bw/apache/extra/macro.conf) used on line = 17 of /etc/bw/apache/vhosts/esotericsystems.at/httpd.conf:1) port 8001 namevhost blag.esotericsystems.at (/etc/bw/apache/vhosts= /esotericsystems.at/httpd.conf:19) port 8001 namevhost pheme.esotericsystems.at (/etc/bw/apache/vhost= s/esotericsystems.at/pheme.conf:2) port 8001 namevhost customers.esotericsystems.at (/etc/bw/apache/v= hosts/esotericsystems.at/customers.conf:2) port 8001 namevhost bombground.esotericsystems.at (macro 'PHPVHost= ' (defined on line 65 of /etc/bw/apache/extra/macro.conf) used on line 46 o= f /etc/bw/apache/vhosts/esotericsystems.at/httpd.conf:1) port 8001 namevhost halas.esotericsystems.at (macro 'PHPVHost' (de= fined on line 65 of /etc/bw/apache/extra/macro.conf) used on line 47 of /et= c/bw/apache/vhosts/esotericsystems.at/httpd.conf:1) Syntax OK i.galic@pheme ~ % With /etc/bw/apache/extra/macro.conf -- see attachment. >=20 > Regards, >=20 > Rainer bye --=20 Igor Gali=C4=87 Tel: +43 (0) 664 886 22 883 Mail: i.galic@brainsware.org URL: http://brainsware.org/ ------=_Part_4001_14386520.1286222544826 Content-Type: application/octet-stream; name=macro.conf Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=macro.conf # vim: set ft=apache: LoadModule macro_module /opt/bw/libexec/apache/mod_macro.so # include base config Include /etc/bw/apache/httpd.conf ServerTokens Prod LoadModule dir_module libexec/apache/mod_dir.so DirectoryIndex index.html LoadModule mime_magic_module libexec/apache/mod_mime_magic.so MIMEMagicFile /etc/bw/apache/magic Include /etc/bw/apache/extra/mpm-backend.conf # listen to UID Listen 127.0.0.1:$port User $domain Group $domain ServerName $domain # supply PID and lock file PidFile "/var/bwlog/$domain/pid" LockFile "/var/bwlog/$domain/lock" ErrorLog "|/opt/bw/bin/rotatelogs /var/bwlog/$domain/error_log.%Y%m%d 86400" Options +MultiViews Allow from All AllowOverride None NameVirtualHost 127.0.0.1:$port ServerName $parent_protocol://$sub.$domain:$parent_port DocumentRoot /srv/web/$domain/$sub/htdocs ServerName $parent_protocol://$domain:$parent_port ServerAlias www.$domain DocumentRoot /srv/web/$domain/www/htdocs ServerName $parent_protocol://www.$domain:$parent_port ServerAlias www.$domain ServerAlias $server_alias DocumentRoot /srv/web/$domain/www/htdocs ServerName $parent_protocol://$sub.$domain:$parent_port ServerAlias $server_alias DocumentRoot /srv/web/$domain/$sub/htdocs ServerName $parent_protocol://$sub.$domain:$parent_port DocumentRoot /srv/web/$domain/$sub/htdocs php_admin_value open_basedir /srv/web/$domain/$sub/:/opt/bw/share/pear/:/srv/web/esotericsystems.at/footer.php php_admin_value session.save_path /srv/web/$domain/$sub/session php_admin_value upload_tmp_dir /srv/web/$domain/$sub/tmp/ ServerName $parent_protocol://$domain:$parent_port ServerAlias www.$domain DocumentRoot /srv/web/$domain/www/htdocs php_admin_value open_basedir /srv/web/$domain/www/:/opt/bw/share/pear/ php_admin_value session.save_path /srv/web/$domain/www/session php_admin_value upload_tmp_dir /srv/web/$domain/www/tmp/ ServerName $parent_protocol://$sub.$domain:$parent_port ServerAlias $server_alias DocumentRoot /srv/web/$domain/$sub/htdocs php_admin_value open_basedir /srv/web/$domain/$sub/:/opt/bw/share/pear/ php_admin_value session.save_path /srv/web/$domain/$sub/session php_admin_value upload_tmp_dir /srv/web/$domain/$sub/tmp/ ServerName $parent_protocol://www.$domain:$parent_port ServerAlias www.$domain ServerAlias $server_alias DocumentRoot /srv/web/$domain/www/htdocs php_admin_value open_basedir /srv/web/$domain/www/:/opt/bw/share/pear/ php_admin_value session.save_path /srv/web/$domain/www/session php_admin_value upload_tmp_dir /srv/web/$domain/www/tmp/ ServerName $hostname:80 ProxyPassMatch ^/(?!error/)(.*) http://127.0.0.1:$port/$1 disablereuse=on ProxyPassReverse / http://127.0.0.1:$port/ ServerName $hostname:443 GnuTLSEnable On GnuTLSCertificateFile "/etc/bw/certs/server.$hostname.cert" GnuTLSKeyFile "/etc/bw/certs/private.$hostname.key" GnuTLSPriorities SECURE:!ANON-DH:!MD5 ProxyPassMatch ^/(?!error/)(.*) http://127.0.0.1:$port/$1 disablereuse=on ProxyPassReverse / http://127.0.0.1:$port/ ServerName $hostname:443 SSLEngine On SSLCertificateFile "/etc/bw/certs/server.$hostname.cert" SSLCertificateKeyFile "/etc/bw/certs/private.$hostname.key" ProxyPassMatch ^/(?!error/)(.*) http://127.0.0.1:$port/$1 disablereuse=on ProxyPassReverse / http://127.0.0.1:$port/ ServerName $hostname:80 ServerAlias $server_alias ProxyPassMatch ^/(?!error/)(.*) http://127.0.0.1:$port/$1 disablereuse=on ProxyPassReverse / http://127.0.0.1:$port/ ServerName $hostname:80 RedirectPermanent $sourcepath $protocol://$targethost$targetpath ServerName $hostname:80 ServerAlias $server_alias RedirectPermanent $sourcepath $protocol://$targethost$targetpath ------=_Part_4001_14386520.1286222544826 Content-Type: text/plain; charset=us-ascii --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org ------=_Part_4001_14386520.1286222544826--