under linux2032, apache1.3.9, IP based virts
I think I'm getting too much into httpd.conf (and a bit over my head..)
Q1: is the initial setup to listen 80 and listen443 needed if I define both
under <virtual> headers? (not currently done).
Q2: what do I need in my dns setup and httpd.conf to have a secure server
run under a different hostname and re-direct all https calls to it.
Q3: what do my <virtual host> directives need to be?
Q4: in defining a virtual host to be run on both ports, can I use the
<ifDefineSSL> tags within the non-ssl virt and then use Listen 80 and Listen
443 to allow both ssl and non-ssl. (result- less cluttered apache.conf)
http://www.evg.org should work as non-ssl on port 80
https://www.evg.org should re-direct to https://ssl.evg.org (and run ONLY on
port 443)
http://ssl.evg.org should require ssl and redirect to https://ssl.evg.org
---
from /var/named/evg.org
@ IN SOA evg.org. gus.evg.org. (
[....]
IN NS evg.org.
IN NS jb.com.
@ IN A 207.189.171.33
www IN A 207.189.171.33
ssl IN A 207.189.171.33
ftp IN CNAME evg.org.
telnet IN CNAME evg.org.
I assume I need to remove the DNS A ssl and create a seperate ip address
for it..just the same as I would if I were creating a fully seperate virtual
domain.
--etc--
Currently, apache is setup to run evg.org on ports 80 and 443 (80 as
non-virtual).
httpd.conf main section.
----------
# Port: The port to which the standalone server listens. For
# ports < 1023, you will need httpd to be run as root initially.
Port 80
## SSL Support
<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
# User/Group: The name (or #number) of the user/group to run httpd as.
User web
Group www
ServerAdmin [EMAIL PROTECTED]
ServerName www.evg.org
DocumentRoot "/usr/local/apache/htdocs"
[...]
httpd.conf virtual section..
----------
<IfDefine SSL>
<VirtualHost _default_:443>
DocumentRoot /usr/local/apache/htdocs
ServerName ssl.evg.org
ServerAdmin [EMAIL PROTECTED]
ErrorLog /usr/local/apache/logs/error_log
TransferLog /usr/local/apache/logs/access_log
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
SSLCACertificatePath /usr/local/apache/conf/ssl.crt
SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle.crt
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /usr/local/apache/logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x
%(SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
# other virtual hosts
# 207.189.171.34 - www.2buddies.com port 80
# 207.189.171.34 - www.2buddies.com port 443
# 2BUDDIES SSL
<VirtualHost 207.189.171.34:443>
DocumentRoot /home/2buddies/www
ServerName www.2buddies.com
ServerAdmin [EMAIL PROTECTED]
ErrorLog /usr/local/apache/logs/2buddies-ssl-error.log
TransferLog /usr/local/apache/logs/2buddies-ssl-access.log
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/2buddies.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/2buddies.key
SSLCACertificatePath /usr/local/apache/conf/ssl.crt
SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle.crt
</VirtualHost>
---
# 2BUDDIES NON-SSL
<VirtualHost 207.189.171.34:80>
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /home/2buddies/www
ServerName www.2buddies.com
ErrorLog /usr/local/apache/logs/2buddies-error.log
</VirtualHost>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
