www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Long <ml...@infoave.net>
Subject RE: config/6695: name based vhost + port number doesn't work prop erly with multiple ports
Date Mon, 16 Oct 2000 14:49:05 GMT
See if this works. It worked for me under 1.3.14

NameVirtualHost 165.166.146.41:80
NameVirtualHost 165.166.146.41:8080

<VirtualHost ml.is.infoave.net:80>
 ServerName ml.is.infoave.net
 DocumentRoot /web/https-ml/
</VirtualHost>

<VirtualHost ml.is.infoave.net:8080>
 ServerName ml.is.infoave.net
 DocumentRoot /web/https-ml8080/
</VirtualHost>

<VirtualHost ml3.is.infoave.net:80>
 ServerName ml3.is.infoave.net
 DocumentRoot /web/https-ml3/
</VirtualHost>

<VirtualHost ml3.is.infoave.net:8080>
 ServerName ml3.is.infoave.net:8080
 DocumentRoot /web/https-ml38080/
</VirtualHost>



--On Monday, October 16, 2000 2:20 PM +0000 Neulinger Nathan R 
<nneul@umr.edu> wrote:

> The following reply was made to PR config/6695; it has been noted by
> GNATS.
>
> From: "Neulinger, Nathan R." <nneul@umr.edu>
> To: "'Michael Long'" <mlong@infoave.net>,
>         "'apbugs@apache.org'"
>	  <apbugs@apache.org>
> Cc: apache-bugdb@apache.org
> Subject: RE: config/6695: name based vhost + port number doesn't work prop
>	  erly with multiple ports
> Date: Mon, 16 Oct 2000 09:13:57 -0500
>
>  Um, That is implying that ml and ml2 are different IPs, which they are
>  not.
>
>  I currently have:
>
>  Listen *:80
>  Listen *:443
>
>  Isn't that going to give me a error the moment I put that extra listen on
>  there?
>
>  Yeah, like I thought:
>
>  [Mon Oct 16 09:11:54 2000] [crit] (98)Address already in use: make_sock:
>  could not bind to address x.x.x.x port 443.
>
>  I'm trying to do this with named vhosts remember. The named vhosts are
>  working just fine for all the :80's, and the first :443. But the second
>  :443 doesn't work properly, it just sends back the first :443.
>
>  -- Nathan
>
>  > -----Original Message-----
>  > From: Michael Long [mailto:mlong@infoave.net]
>  > Sent: Monday, October 16, 2000 9:13 AM
>  > To: Neulinger Nathan R
>  > Cc: apache-bugdb@apache.org
>  > Subject: RE: config/6695: name based vhost + port number doesn't work
>  > prop erly with multiple ports
>  >
>  >
>  > You're right. What you need to do is define a listen
>  > directive for each
>  > virtualhost you have, like this:
>  >
>  > Listen ml.is.infoave.net:80
>  > Listen ml.is.infoave.net:8080
>  > Listen ml2.is.infoave.net:80
>  > Listen ml2.is.infoave.net:8080
>  >
>  > NameVirtualHost ml.is.infoave.net
>  > NameVirtualHost ml2.is.infoave.net
>  >
>  > <VirtualHost ml.is.infoave.net:80>
>  >  ServerName ml.is.infoave.net
>  >  DocumentRoot /web/https-ml/
>  > </VirtualHost>
>  >
>  > <VirtualHost ml.is.infoave.net:8080>
>  >  ServerName ml.is.infoave.net
>  >  DocumentRoot /web/https-ml8080/
>  > </VirtualHost>
>  >
>  > <VirtualHost ml2.is.infoave.net:80>
>  >  ServerName ml2.is.infoave.net
>  >  DocumentRoot /web/https-ml2/
>  > </VirtualHost>
>  >
>  > <VirtualHost ml2.is.infoave.net:8080>
>  >  ServerName ml2.is.infoave.net
>  >  DocumentRoot /web/https-ml28080/
>  > </VirtualHost>
>  >
>  > --On Monday, October 16, 2000 8:50 AM -0500 Neulinger Nathan R
>  > <nneul@umr.edu> wrote:
>  >
>  > > I know that, I don't care about the certificate mismatch in this
>  > > circumstance. (The only time it is being used is for a
>  > test/development
>  > > host, where the certificate is not really relevant.)
>  > >
>  > > The problem is, the server isn't sending back the correct vhost,
>  > > regardless of the certificate issue. I believe the same
>  > problem would
>  > > occur if SSL wasn't involved at all. Pretend I had port
>  > 8080 instead of
>  > > 443.
>  > >
>  > > -- Nathan
>  > >
>  > >> -----Original Message-----
>  > >> From: Michael Long [mailto:mlong@infoave.net]
>  > >> Sent: Monday, October 16, 2000 8:50 AM
>  > >> To: nneul@umr.edu
>  > >> Cc: apache-bugdb@apache.org
>  > >> Subject: Re: config/6695: name based vhost + port number
>  > doesn't work
>  > >> properly with multiple ports
>  > >>
>  > >>
>  > >> Hi,
>  > >>
>  > >> SSL can't do multiple name-based hosts. You can either do one
>  > >> name-based
>  > >> host, or do multiple ip-based hosts.
>  > >>
>  > >> From http://www.modssl.org/docs/2.6/ssl_faq.html:
>  > >> The reason is very technical. Actually it's some sort of a
>  > >> chicken and egg
>  > >> problem: The SSL protocol layer stays below the HTTP protocol
>  > >> layer and
>  > >> encapsulates HTTP. When an SSL connection (HTTPS) is established
>  > >> Apache/mod_ssl has to negotiate the SSL protocol
>  > parameters with the
>  > >> client. For this mod_ssl has to consult the configuration of
>  > >> the virtual
>  > >> server (for instance it has to look for the cipher suite,
>  > the server
>  > >> certificate, etc.). But in order to dispatch to the correct
>  > >> virtual server
>  > >> Apache has to know the Host HTTP header field. For this the
>  > >> HTTP request
>  > >> header has to be read. This cannot be done before the SSL
>  > >> handshake is
>  > >> finished. But the information is already needed at the SSL
>  > >> handshake phase.
>  > >> Bingo!
>  > >>
>  > >> --On Monday, October 16, 2000 1:39 PM +0000 Nathan Neulinger
>  > >> <nneul@umr.edu> wrote:
>  > >>
>  > >> >
>  > >> >> Number:         6695
>  > >> >> Category:       config
>  > >> >> Synopsis:       name based vhost + port number doesn't
>  > >> work properly
>  > >> >> with multiple ports Confidential:   no
>  > >> >> Severity:       serious
>  > >> >> Priority:       medium
>  > >> >> Responsible:    apache
>  > >> >> State:          open
>  > >> >> Quarter:
>  > >> >> Keywords:
>  > >> >> Date-Required:
>  > >> >> Class:          sw-bug
>  > >> >> Submitter-Id:   apache
>  > >> >> Arrival-Date:   Mon Oct 16 06:40:00 PDT 2000
>  > >> >> Closed-Date:
>  > >> >> Last-Modified:
>  > >> >> Originator:     nneul@umr.edu
>  > >> >> Release:        1.3.12+mod_ssl
>  > >> >> Organization:
>  > >> > apache
>  > >> >> Environment:
>  > >> > linux 2.2.16, rh62
>  > >> >> Description:
>  > >> > I've been using
>  > >> >
>  > >> > NameVirtualHost hostname
>  > >> > <VirtualHost hostname1:80>
>  > >> > </VirtualHost>
>  > >> > <VirtualHost hostname1:443>
>  > >> > </VirtualHost>
>  > >> > <VirtualHost hostname2:80>
>  > >> > </VirtualHost>
>  > >> > <VirtualHost hostname3:80>
>  > >> > </VirtualHost>
>  > >> >
>  > >> > and this has worked fine for a long time and many apache versions
>  > >> >
>  > >> > but when I try to add
>  > >> > <VirtualHost hostname2:443>
>  > >> > </VirtualHost>
>  > >> >
>  > >> > The second vhost with port 443 just acts as if the port
>  > >> number isn't even
>  > >> > there, I get the first vhost:443 instead. I know it's
>  > >> working at least
>  > >> > that much, since SSL is enabled on that port.
>  > >> >
>  > >> > Is this a configuration problem or a bug?
>  > >> >> How-To-Repeat:
>  > >> >
>  > >> >> Fix:
>  > >> > Seems like the namevhost stuff is just matching on name,
>  > but not on
>  > >> > name:port.
>  > >> >> Release-Note:
>  > >> >> Audit-Trail:
>  > >> >> Unformatted:
>  > >> >  [In order for any reply to be added to the PR database,
>  > you need]
>  > >> >  [to include <apbugs@Apache.Org> in the Cc line and make
>  > sure the]
>  > >> >  [subject line starts with the report component and
>  > number, with ]
>  > >> >  [or without any 'Re:' prefixes (such as "general/1098:"
>  > or      ]
>  > >> >  ["Re: general/1098:").  If the subject doesn't match
>  > this       ]
>  > >> >  [pattern, your message will be misfiled and ignored.
>  > The       ]
>  > >> >  ["apbugs" address is not added to the Cc line of
>  > messages from  ]
>  > >> >  [the database automatically because of the potential
>  > for mail   ]
>  > >> >  [loops.  If you do not include this Cc, your reply may
>  > be ig-   ]
>  > >> >  [nored unless you are responding to an explicit request
>  > from a  ]
>  > >> >  [developer.  Reply only with text; DO NOT SEND
>  > ATTACHMENTS!     ]
>  > >> >
>  > >> >
>  > >> >
>  > >>
>  > >>
>  > >>
>  > >> Michael Long
>  > >> Senior Systems Analyst
>  > >> Info Avenue Internet Services, LLC
>  > >>
>  >
>  >
>  >
>  > Michael Long
>  > Senior Systems Analyst
>  > Info Avenue Internet Services, LLC
>  >



Michael Long
Senior Systems Analyst
Info Avenue Internet Services, LLC

Mime
View raw message