Re: SOME QUESTIONS ABOUT APACHE+MOD_SSL

Thu, 31 Aug 2000 01:10:10 -0700 

hi,


--- Giuliano Cocchi <[EMAIL PROTECTED]>
wrote:
> Hi all.
> 
> I have apache 1.3.12 + openssl 0.9.5a + modssl
> 2.6.6.
> I have setted up my apache + ssl correctly,
> registered my certificate and
> tested my own site.
> All works !

i've the same system setting as yours


> But now my problem is that i must configure many
> name based virtual host (some
> with ssl other without).
> Reading the FAQS, i noticed that even if i use name
> based virtual host, i
> cannot sign one certificate per site, but i can use
> port based. OK.
> After writing the directive for virtual host, i have
> encountered some problem
> and i have some questions.
> 
> I have vhost via http and https and i want that my
> realhost is reacheable via http and https.
> Using the directives, i created my realhost
> (http+https), vhost1
> (https:443), vhost2 (https:444), vhost3 (http:80),
> vhost4 (http:80).
> For my realhost i have created 2 directory (one for
> http and one for https)
> When i access http://vhost3 all was ok.
> Trying to access https://vhost3, apache connect to
> my realhost via HTTPS.

that's why u can't implement namevirtualhost with the
same port. this is what i presumed happened:
when u go to https://vhost3 without any port, apache
will default to port 443, since the ip addr of
vhost3=vhost1 ,it'll map to ip:443 which will be your
vhost1!

> I think that the system must give an error to the
> client, but this is not true.
> The same thing appen when i connect to
> https://vhost1 and then http://vhost1,
> but in this case apache give me the realhost via
> HTTP.
of this this should happen!!otherwise why set up http
& https???


> 
> Someone have hints for me?
> 
> Another questions..........
> Can i use name based virtual host on the same port
> 443 for all my vhost.
> I think that i must use only one certificate in this
> case........
> 
> Bye.
> 

nope, answered above!

> 
> MY CONFIG FILES:
> 
> 1)httpd.conf:
> ServerType standalone  
> port 80
> User nobody
> Group nobody  
> ServerAdmin xxxxx@xxxxxxx
> ServerName realhost
> DocumentRoot /wwwroot/html
> <Directory />
>       Options FollowSymLinks
>       AllowOverride None
> </Directory> 
> <Directory "/wwwroot/html">
>     Options Indexes Includes FollowSymLinks
>     AllowOverride None
>     Order allow,deny
>     Allow from all
> </Directory>      
> DirectoryIndex index.html index.htm index.shtml
> index.cgi
> AccessFileName .htaccess
> UseCanonicalName On 
> HostnameLookups Off
> IndexOptions FancyIndexing
> Include conf/ssl/ssl.conf
> Include conf/ssl/ssl.vhost.conf 
> 
> 
> 
> 2)ssl.conf:
> Listen 192.168.1.2:80
> Listen 192.168.1.2:443 
> Listen 192.168.1.2:444
> Listen 192.168.1.2:445
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl      .crl  
> SSLPassPhraseDialog  builtin
> SSLSessionCache                dbm:logs/ssl_scache
> SSLSessionCacheTimeout  300 
> SSLMutex  file:logs/ssl_mutex 
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> 
> 
> 
> 3)ssl.vhost.conf
> 
> NameVirtualHost 192.168.1.2
> 
> <VirtualHost realhost:443>
> DocumentRoot /wwwroot/https/html
> ServerName realhost
> ServerAdmin root@realhost
> ErrorLog logs/ssl-error_log
> TransferLog logs/ssl-access_log      
> SSLEngine on 
> SSLCertificateFile conf/ssl/server.crt 
> SSLCertificateKeyFile conf/ssl/server.key
> </VirtualHost>
> 
> <VirtualHost vhost1:444>
> DocumentRoot /wwwroot/html/vhost1
> ServerName vhost1
> ServerAdmin root@vhost1
> ErrorLog logs/ssl-error_log
> TransferLog logs/ssl-access_log      
> SSLEngine on 
> SSLCertificateFile conf/ssl/vhost1.crt 
> SSLCertificateKeyFile conf/ssl/vhost1.key
> </VirtualHost>
> 
> <VirtualHost vhost2:445>
> DocumentRoot /wwwroot/html/vhost2
> ServerName vhost2
> ServerAdmin root@vhost2
> ErrorLog logs/ssl-error_log
> TransferLog logs/ssl-access_log      
> SSLCertificateFile conf/ssl/vhost2.crt 
> SSLCertificateKeyFile conf/ssl/vhost2.key
> SSLEngine on 
> </VirtualHost>
> 
> <VirtualHost realhost:80>
> DocumentRoot /wwwroot/http/html
> ServerName realhost
> ServerAdmin root@realhost
> ErrorLog logs/ssl-error_log
> TransferLog logs/ssl-access_log      
> SSLEngine off
> </VirtualHost>
> 
> <VirtualHost vhost3:80>
> DocumentRoot /wwwroot/html/vhost3
> ServerName vhost3
> ServerAdmin root@vhost3
> ErrorLog logs/ssl-error_log
> TransferLog logs/ssl-access_log      
> SSLEngine off
> </VirtualHost>
> 
> <VirtualHost vhost4:80>
> DocumentRoot /wwwroot/html/vhost4
> ServerName vhost4
> ServerAdmin root@vhost4
> ErrorLog logs/ssl-error_log
> TransferLog logs/ssl-access_log      
> SSLEngine off
> </VirtualHost>
> 
> 
> 
>
______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)               
>    www.modssl.org
> User Support Mailing List                     
> [EMAIL PROTECTED]
> Automated List Manager                           
[EMAIL PROTECTED]


=====
0Oo~~:o)
Smile! You'r Alive!!!

Q:What's peacefulness?
A:What's confusion? Peacefulness is the end of confusion.

o.0.Oo.o May there be peace in every step we take :o):tk

__________________________________________________
Do You Yahoo!?
Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to