Setting up VirtualHost with SSL

Thu, 30 Jan 2003 13:15:16 -0800 

I'm learning how to use SSL with virtual host. So far, I've figured out how to
make it work. What I'm curious about is if there's a way to nest the SSL options
into the main VirtualHost directive.

Here's my current config:
----------
<VirtualHost www.openadventures.org>
  ServerAdmin     [EMAIL PROTECTED]
  NameVirtualHost 216.161.174.139
  ServerName      www.openadventures.org
  User            apache
  Group           apache
  DocumentRoot    /httpd/openadventures/public_html
  CustomLog       /var/log/httpd/openadventures_access_log Combined
  Options         ExecCgi Includes
  ScriptAlias     /cgi-bin/ /httpd/openadventures/public_html/cgi-bin/
  <Directory /httpd/openadventures/public_html/xj/permacool/>
    Options         None
    AllowOverride   AuthConfig
    AuthName        "Perma-Cool"
    AuthType        Basic
    AuthDBUserFile **********
    require user **********
  </Directory>
</VirtualHost>
<IfDefine HAVE_SSL>
  <VirtualHost www.openadventures.org:443>
    ServerName      www.openadventures.org
    SSLEngine       on
    DocumentRoot    /httpd/openadventures/public_html/
    ErrorLog        /var/log/httpd/openadventures_error_log
    TransferLog     /var/log/httpd/openadventures_transfer_log
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile      /etc/httpd/conf/ssl.crt/server.crt
    SSLCertificateKeyFile   /etc/httpd/conf/ssl.key/server.key
    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
      SSLOptions +StdEnvVars
    </Files>
    <Directory "/httpd/openadventures/public_html/">
      Options Indexes FollowSymLinks
      AllowOverride All
      Order allow,deny
      Allow from all
      SSLOptions +StdEnvVars
    </Directory>
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
    CustomLog /var/log/httpd/openadventures_ssl_request_log "%t %h
%{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  </VirtualHost>
</IfDefine>
----------

This is the only way I've been able to get it to work. I'm looking to make
things more managable, easier to follow, and very refined.

Is there a better way to set this up?

Tom Smith
[EMAIL PROTECTED]
http://www.openadventures.org/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to