Re: https on vs

[redirect]

we are using 6.2 but we found that using either the redirector or ipchains to redirect (probably not much different to iptables) that this just changes the tcp headers (from 80 to whatever - say 8082) but it didn't change the http headers - so if applied to SSL connections redirector and or iptables would receive a connection for 443 - it would change the tcp header to 8443 leaving the http header at 443 - thus when it hits the VS nothing is listening on 443 so it doesn't and default to the main site - so you are getting a page when trying http://my.vsserver.com:8443   hang on this ain't making sense to me anymore...if it makes any sense to anyone let me know and I will explain in detail our config - but we have it working and VS's listening on 80 - so I can't see why this wouldn't work with 443...   Eddie ----- Original Message ----- From: Esparza, Dan To: [EMAIL PROTECTED] Sent: Wednesday, August 15, 2001 9:07 PM Subject: RE: https on vs OK... but if I connect to my.vsserver.com:8443 I wouldn't be going through any redirector, right?  Shouldn't I then be able to go to https://my.vsserver.com:8443 and bring up an SSL secured version of the page?  I can't.  I can however bring up http://my.vsserver.com:8443 just fine (note the lack of an 's' in http here).    Is this a good test?  Can I give you any other information about my machine?   Thanks, Dan -----Original Message----- From: Tim Sellar [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 15, 2001 12:42 PM To: [EMAIL PROTECTED] Subject: RE: https on vs There are some possible issues here. The RH6.2 skel will be implementing vsdredirect (the 80:8080,443:8443 port redirector) which for various unavoidable reasons drops the client IP and may therefore be preventing any SSL authentication from taking place. Because you are hosting on RH7.1 The port redirection should already be being carried out by iptables, so you possibly have two mechanisms attempting to do redirection. You should disable vsdredirect, the unfortunately inferior redirector, by commenting out both 'vsdredirect' entries in /etc/rc within your virtual server and rebooting the vs. That should ensure that only iptables is being involved for any port redirection. It may even fix your problem...   Tim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Esparza, Dan Sent: 15 August 2001 20:22 To: [EMAIL PROTECTED] Subject: RE: https on vs I apologize.    I should clarify:  I do see this entry (and others that are using IfModule syntax to see if SSL support is enabled).  What I don't see is a LoadModule statement or an AddModule statement for ssl support.  It seems that the <IfModule mod_ssl.c> sections wouldn't get executed if this wasn't added -- am I smoking crack?  (Always a possibility...)    It also seems that the <IfDefine SSL> sections get executed -- because there is one <IfDefine SSL> block that isn't wrapped by a <IfModule mod_ssl.c> block -- this is the block that tells apache to Listen on 8443.  This appears to get executed, because the vsdredirect works (it redirects 443 traffic to 8443), and the server is responding with normal http traffic on 443 -- which (it seems to me) would be expected if mod_ssl hasn't been loaded.   Again, am I smoking crack (or perhaps something stronger)?  Would anyone be interested in smoking with me?  Are these questions baffling anyone yet?  Would you like more of an explanation?   Thanks, Dan "Tim Sellar is my hero" Esparza -----Original Message----- From: Tim Sellar [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 15, 2001 12:02 PM To: [EMAIL PROTECTED] Subject: RE: https on vs I am looking at the httpd.conf provided with freeVSD and it contains the following entries:   <IfModule mod_ssl.c> SSLEngine off SSLPassPhraseDialog  builtin SSLSessionCache         dbm:/home/web/log/ssl_scache SSLSessionCacheTimeout  300 SSLMutex  file:/home/web/log/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLLog /home/web/log/ssl_engine_log SSLLogLevel error </IfModule>   Are you saying such an entry is not present in the httpd.conf provided within the freevsd-skel-1.4.9-1rh6.tar.bz2?   You can check within your vs, or in the skel itself (/home/vsd/skel/skel/etc/httpd/conf/httpd.conf)   Tim   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Esparza, Dan Sent: 15 August 2001 18:25 To: [EMAIL PROTECTED] Subject: https on vs Is there a special trick to getting https to work with a virtual machine?  I'm using freevsd-1.4.9-2rh71.i386.rpm on RedHat 7.1, with the freevsd-skel-1.4.9-1rh6.tar.bz2 skel.  Yes, I realize that this is a RedHat 6.2 skel on RedHat 7.1 (and let me know if this is the culprit), and yes I realize that this is 1.4.9-2 using a 1.4.9-1 skel (also let me know if this is the culprit).   I've checked http, ftp, ssh (had to make a few small tweaks), and telnet -- and they all seem to work fine for the VS.  (Kudos, folks -- this was a LOT easier than I thought it would be).  I notice that an ssl module reference doesn't appear anywhere in httpd.conf -- is there documentation that talks about if this needs to be added somewhere, or if there is something special I need to do for https.  If I do a ps -ef on the main host machine I see there are vsdredirect's for ports 80 and 443 -- and these appear to work -- but 443 is serving normal HTTP content.  (In other words, https://my.vsserver.com doesn't work, but http://my.vsserver.com:443 actually brings up the page.  I realize this shouldn't be the case.)   Any help would be appreciated.   Thanks, Dan