www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Neulinger, Nathan R." <nn...@umr.edu>
Subject RE: config/6695: name based vhost + port number doesn't work prop erly with multiple ports
Date Mon, 16 Oct 2000 15:00:07 GMT
The following reply was made to PR config/6695; it has been noted by GNATS.

From: "Neulinger, Nathan R." <nneul@umr.edu>
To: "'Michael Long'" <mlong@infoave.net>,
        "'apbugs@apache.org'"
	 <apbugs@apache.org>
Cc: apache-bugdb@apache.org
Subject: RE: config/6695: name based vhost + port number doesn't work prop
	 erly with multiple ports
Date: Mon, 16 Oct 2000 09:49:59 -0500

 Yes! That worked. Thank you!
 
 Y'all might consider adding a comment to the virtual hosting docs to say
 that if you are going to do named vhosts with more than one port, you need
 to specify the possible ports with multiple NameVirtualHost lines. (It also
 worked just fine using a hostname in the NVH line.)
 
 Thanks again!
 
 -- Nathan
 
 > -----Original Message-----
 > From: Michael Long [mailto:mlong@infoave.net]
 > Sent: Monday, October 16, 2000 9:49 AM
 > To: Neulinger Nathan R
 > Cc: apache-bugdb@apache.org
 > Subject: RE: config/6695: name based vhost + port number doesn't work
 > prop erly with multiple ports
 > 
 > 
 > See if this works. It worked for me under 1.3.14
 > 
 > NameVirtualHost 165.166.146.41:80
 > NameVirtualHost 165.166.146.41:8080
 > 
 > <VirtualHost ml.is.infoave.net:80>
 >  ServerName ml.is.infoave.net
 >  DocumentRoot /web/https-ml/
 > </VirtualHost>
 > 
 > <VirtualHost ml.is.infoave.net:8080>
 >  ServerName ml.is.infoave.net
 >  DocumentRoot /web/https-ml8080/
 > </VirtualHost>
 > 
 > <VirtualHost ml3.is.infoave.net:80>
 >  ServerName ml3.is.infoave.net
 >  DocumentRoot /web/https-ml3/
 > </VirtualHost>
 > 
 > <VirtualHost ml3.is.infoave.net:8080>
 >  ServerName ml3.is.infoave.net:8080
 >  DocumentRoot /web/https-ml38080/
 > </VirtualHost>
 > 
 > 
 > 
 > --On Monday, October 16, 2000 2:20 PM +0000 Neulinger Nathan R 
 > <nneul@umr.edu> wrote:
 > 
 > > The following reply was made to PR config/6695; it has been noted by
 > > GNATS.
 > >
 > > From: "Neulinger, Nathan R." <nneul@umr.edu>
 > > To: "'Michael Long'" <mlong@infoave.net>,
 > >         "'apbugs@apache.org'"
 > >	  <apbugs@apache.org>
 > > Cc: apache-bugdb@apache.org
 > > Subject: RE: config/6695: name based vhost + port number 
 > doesn't work prop
 > >	  erly with multiple ports
 > > Date: Mon, 16 Oct 2000 09:13:57 -0500
 > >
 > >  Um, That is implying that ml and ml2 are different IPs, 
 > which they are
 > >  not.
 > >
 > >  I currently have:
 > >
 > >  Listen *:80
 > >  Listen *:443
 > >
 > >  Isn't that going to give me a error the moment I put that 
 > extra listen on
 > >  there?
 > >
 > >  Yeah, like I thought:
 > >
 > >  [Mon Oct 16 09:11:54 2000] [crit] (98)Address already in 
 > use: make_sock:
 > >  could not bind to address x.x.x.x port 443.
 > >
 > >  I'm trying to do this with named vhosts remember. The 
 > named vhosts are
 > >  working just fine for all the :80's, and the first :443. 
 > But the second
 > >  :443 doesn't work properly, it just sends back the first :443.
 > >
 > >  -- Nathan
 > >
 > >  > -----Original Message-----
 > >  > From: Michael Long [mailto:mlong@infoave.net]
 > >  > Sent: Monday, October 16, 2000 9:13 AM
 > >  > To: Neulinger Nathan R
 > >  > Cc: apache-bugdb@apache.org
 > >  > Subject: RE: config/6695: name based vhost + port number 
 > doesn't work
 > >  > prop erly with multiple ports
 > >  >
 > >  >
 > >  > You're right. What you need to do is define a listen
 > >  > directive for each
 > >  > virtualhost you have, like this:
 > >  >
 > >  > Listen ml.is.infoave.net:80
 > >  > Listen ml.is.infoave.net:8080
 > >  > Listen ml2.is.infoave.net:80
 > >  > Listen ml2.is.infoave.net:8080
 > >  >
 > >  > NameVirtualHost ml.is.infoave.net
 > >  > NameVirtualHost ml2.is.infoave.net
 > >  >
 > >  > <VirtualHost ml.is.infoave.net:80>
 > >  >  ServerName ml.is.infoave.net
 > >  >  DocumentRoot /web/https-ml/
 > >  > </VirtualHost>
 > >  >
 > >  > <VirtualHost ml.is.infoave.net:8080>
 > >  >  ServerName ml.is.infoave.net
 > >  >  DocumentRoot /web/https-ml8080/
 > >  > </VirtualHost>
 > >  >
 > >  > <VirtualHost ml2.is.infoave.net:80>
 > >  >  ServerName ml2.is.infoave.net
 > >  >  DocumentRoot /web/https-ml2/
 > >  > </VirtualHost>
 > >  >
 > >  > <VirtualHost ml2.is.infoave.net:8080>
 > >  >  ServerName ml2.is.infoave.net
 > >  >  DocumentRoot /web/https-ml28080/
 > >  > </VirtualHost>
 > >  >
 > >  > --On Monday, October 16, 2000 8:50 AM -0500 Neulinger Nathan R
 > >  > <nneul@umr.edu> wrote:
 > >  >
 > >  > > I know that, I don't care about the certificate 
 > mismatch in this
 > >  > > circumstance. (The only time it is being used is for a
 > >  > test/development
 > >  > > host, where the certificate is not really relevant.)
 > >  > >
 > >  > > The problem is, the server isn't sending back the 
 > correct vhost,
 > >  > > regardless of the certificate issue. I believe the same
 > >  > problem would
 > >  > > occur if SSL wasn't involved at all. Pretend I had port
 > >  > 8080 instead of
 > >  > > 443.
 > >  > >
 > >  > > -- Nathan
 > >  > >
 > >  > >> -----Original Message-----
 > >  > >> From: Michael Long [mailto:mlong@infoave.net]
 > >  > >> Sent: Monday, October 16, 2000 8:50 AM
 > >  > >> To: nneul@umr.edu
 > >  > >> Cc: apache-bugdb@apache.org
 > >  > >> Subject: Re: config/6695: name based vhost + port number
 > >  > doesn't work
 > >  > >> properly with multiple ports
 > >  > >>
 > >  > >>
 > >  > >> Hi,
 > >  > >>
 > >  > >> SSL can't do multiple name-based hosts. You can either do one
 > >  > >> name-based
 > >  > >> host, or do multiple ip-based hosts.
 > >  > >>
 > >  > >> From http://www.modssl.org/docs/2.6/ssl_faq.html:
 > >  > >> The reason is very technical. Actually it's some sort of a
 > >  > >> chicken and egg
 > >  > >> problem: The SSL protocol layer stays below the HTTP protocol
 > >  > >> layer and
 > >  > >> encapsulates HTTP. When an SSL connection (HTTPS) is 
 > established
 > >  > >> Apache/mod_ssl has to negotiate the SSL protocol
 > >  > parameters with the
 > >  > >> client. For this mod_ssl has to consult the configuration of
 > >  > >> the virtual
 > >  > >> server (for instance it has to look for the cipher suite,
 > >  > the server
 > >  > >> certificate, etc.). But in order to dispatch to the correct
 > >  > >> virtual server
 > >  > >> Apache has to know the Host HTTP header field. For this the
 > >  > >> HTTP request
 > >  > >> header has to be read. This cannot be done before the SSL
 > >  > >> handshake is
 > >  > >> finished. But the information is already needed at the SSL
 > >  > >> handshake phase.
 > >  > >> Bingo!
 > >  > >>
 > >  > >> --On Monday, October 16, 2000 1:39 PM +0000 Nathan Neulinger
 > >  > >> <nneul@umr.edu> wrote:
 > >  > >>
 > >  > >> >
 > >  > >> >> Number:         6695
 > >  > >> >> Category:       config
 > >  > >> >> Synopsis:       name based vhost + port number doesn't
 > >  > >> work properly
 > >  > >> >> with multiple ports Confidential:   no
 > >  > >> >> Severity:       serious
 > >  > >> >> Priority:       medium
 > >  > >> >> Responsible:    apache
 > >  > >> >> State:          open
 > >  > >> >> Quarter:
 > >  > >> >> Keywords:
 > >  > >> >> Date-Required:
 > >  > >> >> Class:          sw-bug
 > >  > >> >> Submitter-Id:   apache
 > >  > >> >> Arrival-Date:   Mon Oct 16 06:40:00 PDT 2000
 > >  > >> >> Closed-Date:
 > >  > >> >> Last-Modified:
 > >  > >> >> Originator:     nneul@umr.edu
 > >  > >> >> Release:        1.3.12+mod_ssl
 > >  > >> >> Organization:
 > >  > >> > apache
 > >  > >> >> Environment:
 > >  > >> > linux 2.2.16, rh62
 > >  > >> >> Description:
 > >  > >> > I've been using
 > >  > >> >
 > >  > >> > NameVirtualHost hostname
 > >  > >> > <VirtualHost hostname1:80>
 > >  > >> > </VirtualHost>
 > >  > >> > <VirtualHost hostname1:443>
 > >  > >> > </VirtualHost>
 > >  > >> > <VirtualHost hostname2:80>
 > >  > >> > </VirtualHost>
 > >  > >> > <VirtualHost hostname3:80>
 > >  > >> > </VirtualHost>
 > >  > >> >
 > >  > >> > and this has worked fine for a long time and many 
 > apache versions
 > >  > >> >
 > >  > >> > but when I try to add
 > >  > >> > <VirtualHost hostname2:443>
 > >  > >> > </VirtualHost>
 > >  > >> >
 > >  > >> > The second vhost with port 443 just acts as if the port
 > >  > >> number isn't even
 > >  > >> > there, I get the first vhost:443 instead. I know it's
 > >  > >> working at least
 > >  > >> > that much, since SSL is enabled on that port.
 > >  > >> >
 > >  > >> > Is this a configuration problem or a bug?
 > >  > >> >> How-To-Repeat:
 > >  > >> >
 > >  > >> >> Fix:
 > >  > >> > Seems like the namevhost stuff is just matching on name,
 > >  > but not on
 > >  > >> > name:port.
 > >  > >> >> Release-Note:
 > >  > >> >> Audit-Trail:
 > >  > >> >> Unformatted:
 > >  > >> >  [In order for any reply to be added to the PR database,
 > >  > you need]
 > >  > >> >  [to include <apbugs@Apache.Org> in the Cc line and make
 > >  > sure the]
 > >  > >> >  [subject line starts with the report component and
 > >  > number, with ]
 > >  > >> >  [or without any 'Re:' prefixes (such as "general/1098:"
 > >  > or      ]
 > >  > >> >  ["Re: general/1098:").  If the subject doesn't match
 > >  > this       ]
 > >  > >> >  [pattern, your message will be misfiled and ignored.
 > >  > The       ]
 > >  > >> >  ["apbugs" address is not added to the Cc line of
 > >  > messages from  ]
 > >  > >> >  [the database automatically because of the potential
 > >  > for mail   ]
 > >  > >> >  [loops.  If you do not include this Cc, your reply may
 > >  > be ig-   ]
 > >  > >> >  [nored unless you are responding to an explicit request
 > >  > from a  ]
 > >  > >> >  [developer.  Reply only with text; DO NOT SEND
 > >  > ATTACHMENTS!     ]
 > >  > >> >
 > >  > >> >
 > >  > >> >
 > >  > >>
 > >  > >>
 > >  > >>
 > >  > >> Michael Long
 > >  > >> Senior Systems Analyst
 > >  > >> Info Avenue Internet Services, LLC
 > >  > >>
 > >  >
 > >  >
 > >  >
 > >  > Michael Long
 > >  > Senior Systems Analyst
 > >  > Info Avenue Internet Services, LLC
 > >  >
 > 
 > 
 > 
 > Michael Long
 > Senior Systems Analyst
 > Info Avenue Internet Services, LLC
 > 

Mime
View raw message