Re: [gentoo-user] Can anyone tell me where I've loused-up this apache config?
Steve [Gentoo] wrote: What's wrong? If you are using the default config that comes with apache, there should be a file in /etc/apache2/modules.d/ that contains a correctly setup SSL host. You may need to add -D SSL to APACHE2_OPTS in /etc/conf.d/apache2 to enable it. You shouldn't need to add SSL stuff to the normal vhosts in the vhosts.d directory. If you no longer have the default config files, you can find them here: http://sources.gentoo.org/viewcvs.py/apache/trunk/dist/2.0/conf/ -- Michael Stewart [EMAIL PROTECTED] Gentoo Developerhttp://dev.gentoo.org/~vericgar GnuPG Key ID 0x08614788 available on http://pgp.mit.edu -- signature.asc Description: OpenPGP digital signature
[gentoo-user] Can anyone tell me where I've loused-up this apache config?
This time a bamboozling Apache/vhost/https problem. I have a working vhost configuration for several domains in apache2 (latest stable from portage - 2.0.58) and I want to support not only http services, but, for one domain name at least, I want to support an https service. The working configuration for http has a 00_default_vhost.conf file:- -- NameVirtualHost *:80 VirtualHost *:80 DocumentRoot /var/www/vlan.mydomain.net ServerName vlan.mydomain.net /VirtualHost VirtualHost *:80 ServerName temporary.mydomain.net DocumentRoot /var/www/temporary.mydomain.net /VirtualHost -- I updated this (following a how-to as closely as I could...) to this: -- NameVirtualHost *:80 NameVirtualHost *:443 VirtualHost *:80 DocumentRoot /var/www/vlan.mydomain.net ServerName vlan.mydomain.net /VirtualHost VirtualHost *:80 ServerName temporary.mydomain.net DocumentRoot /var/www/temporary.mydomain.net /VirtualHost VirtualHost *:443 DocumentRoot /var/www/ssl.mydomain.net ServerName ssl.mydomain.net SSLCipherSuite HIGH:MEDIUM SSLProtocol all -SSLv2 SSLCertificateFile /etc/apache2/ssl.crt/ssl.mydomain.net.crt SSLCertificateKeyFile /etc/apache2/ssl.crt/ssl.mydomain.key SSLCertificateChainFile /etc/apache2/ssl.crt/mydomain.crt SSLCACertificateFile /etc/apache2/ssl.crt/mydomain.crt /VirtualHost -- I believe that I've put valid crt and key files in /etc/apache2/ssl.crt/ - and I'd have expected an error message at least if this is, in fact, the fault. When I parse this configuration with apache2 and the flags from /etc/conf.d/apache2 (i.e. SSL ) this is how it goes : -- # apache2 -D SSL --lint # apache2 -D SSL -S VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: *:443 is a NameVirtualHost default server ssl.mydomain.net (/etc/apache2/vhosts.d/00_default_vhost.conf:12) port 443 namevhost ssl.mydomain.net (/etc/apache2/vhosts.d/00_default_vhost.conf:12) *:80 is a NameVirtualHost default server vlan.mydomain.net (/etc/apache2/vhosts.d/00_default_vhost.conf:24) port 80 namevhost vlan.mydomain.net (/etc/apache2/vhosts.d/00_default_vhost.conf:24) port 80 namevhost temporary.mydomain.net (/etc/apache2/vhosts.d/00_default_vhost.conf:37) Syntax OK -- Unfortunately, when I attempt to connect to the SSL service on http://ssl.mydomain.net/ using Firefox I get an immediate error : The connection was interrupted The connection to ssl.shic.dynalias.net was interrupted while the page was loading. Links (the text browser) gives the somewhat less helpful error message : Error loading https://ssl.mydomain.net/: SSL error Nothing seems to be written to /var/log/apache2/error_log or access_log. I've read reports that I must be explicit about which IP address I want to vhost on - which is undesirable as I want to serve both over Ethernet and Wireless (i.e. I have two network adaptors) - but seems to make no difference if I experimentally substitute my ethernet IP address for * in the vhost configuration. What's wrong? -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Can anyone tell me where I've loused-up this apache config?
Hi, On Tue, 03 Oct 2006 15:06:33 +0100 Steve [Gentoo] [EMAIL PROTECTED] wrote: I have a working vhost configuration for several domains in apache2 (latest stable from portage - 2.0.58) and I want to support not only http services, but, for one domain name at least, I want to support an https service. Important note here: There is _no_ name based virtual hosts when using SSL. That's simply due to that the SSL layer kicks in first, HTTP is staged after that. So NameVirtualHost *:443 does not make sense. Note that name based vhosts are a feature of HTTP (1.1). It analyzes the Hostname header in the Http request. Obviously, this is not possible to archive if an SSL connection should be established first. So basically that means you can only have one SSL server per IP. Just switch to fixed IP configuration instead (for SSL). -hwh -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Can anyone tell me where I've loused-up this apache config?
Hi, sorry, On Tue, 3 Oct 2006 16:48:50 +0200 Hans-Werner Hilse [EMAIL PROTECTED] wrote: So basically that means you can only have one SSL server per IP. should have been per IP:Port combination. -hwh -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Can anyone tell me where I've loused-up this apache config?
On Tue, 3 Oct 2006 19:25:17 +0200 Hi, sorry, On Tue, 3 Oct 2006 16:48:50 +0200 Hans-Werner Hilse [EMAIL PROTECTED] wrote: So basically that means you can only have one SSL server per IP. should have been per IP:Port combination. -hwh As Mr. Hans-Werner Hilse already explained, you have to assign a different IP address for each SSL vhost. I'll add just an example: NameVirtualHost 10.0.0.222:443 VirtualHost 10.0.0.222:443 ServerName vhost-111.example.com SSLEngine on SSLCertificateFile/path/to/certificates/vhost-111/server.crt SSLCertificateKeyFile /path/to/certificates/vhost-111/server.key /VirtualHost NameVirtualHost 10.0.0.111:443 VirtualHost10.0.0.111:443 ServerName vhost-222.example.com SSLEngine on SSLCertificateFile/path/to/certificates/vhost-222/server.crt SSLCertificateKeyFile /path/to/certificates/vhost-222/server.key /VirtualHost -- Best regards, Daniel -- gentoo-user@gentoo.org mailing list
