So from what I'm gathering, if I have several virtual hosts defined in my
httpd.conf file (Using Include) then in order to secure them via SSL, each one
would have to have it's own IP address? So for example, each of these virtual
host containers in each .conf file included begins with:
<VirtualHost 172.25.251.47>
Include /usr/local/apache/conf/conf.d/devl00.conf
Include /usr/local/apache/conf/conf.d/devl01.conf
Include /usr/local/apache/conf/conf.d/devl02.conf
Include /usr/local/apache/conf/conf.d/devl03.conf
Now what I did to get the devl02 virtual host working with SSL was told it to
listen on port 443, and read in all the SSL config stuff in a file I named
ssl.conf like this:
<VirtualHost 172.25.251.47:443>
<IfDefine SSL>
Include conf/conf.d/ssl.include
</IfDefine>
After doing that I can browse to https://devl02.mydomain.com/.
-Thanks
-------------- Original message ----------------------
From: Andrew Hougie <[EMAIL PROTECTED]>
> Do your name-based secure virtual hosts work on their own - does
> https://devl02.mydomain.com/ actually work - I thought name-based secure
> virtual hosts were impossible/difficult.
>
> I did find at
> http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-wi
> th-mod_gnutls/
> an indication of a new technique for making name-based secure virtual
> hosts with SNI - is that what you're using?
>
> Best wishes
> Andrew
>
> On 16/10/2007 03:12, Bernard Barton wrote:
> > These are name based virtual hosts. Numerous hosts, only one IP
> > address. So each of the included .conf files below such as devl00.conf
> > and devl01.conf begin with something like this:
> >
> >
> > <VirtualHost 172.35.241.47>
> > ServerName devl02.mydomain.net
> > ServerAdmin [EMAIL PROTECTED]
> > LogLevel debug
> >
> >
> > So I can access https://devl02.mydomain.com/ directly, but if I try and
> > redirect from http://devl02.mydomain.com to the https URL of the same
> > name, I get the default insecure web site, which is defined in the
> > httpd.conf file.
> >
> > -Thanks
> >
> >
> >
> > Cliff Woolley wrote:
> >> Are these IP-based virtual hosts or name-based virtual hosts? See
> >> http://httpd.apache.org/docs/2.0/vhosts/name-based.html
> >>
> >> --Cliff
> >>
> >>
> >> On 10/15/07, *Bernard Barton* <[EMAIL PROTECTED]
> >> <mailto:[EMAIL PROTECTED]>> wrote:
> >>
> >> In my main httpd.conf file, I have numerous include files which
> >> include
> >> virtual hosts like so:
> >>
> >> Include /usr/local/apache/conf/conf.d/devl00.conf
> >> Include /usr/local/apache/conf/conf.d/devl01.conf
> >> Include /usr/local/apache/conf/conf.d/devl02.conf
> >>
> >>
> >> So if I access http://devl02.mydomain.com/ then I see the virtual host
> >> defined
> >> in devl02.conf, etc. In the devl02.conf file, I have enabled
> >> SSL. I CAN
> >> access the secure site https://devl02.mydomain.com/. However,
> >> when I now
> >> access the non-secure site of http://devl02.mydomain.com, the main
> >> server
> >> web site is displayed, and not the virtual host. What I'm trying
> >> to do
> >> is a
> >>
> >> RedirectPermanent / https://cj-devl02.mydomain.net/
> >>
> >> But when I do this I get errors that I posted previously about
> >> cookies not
> >> being enabled. So I guess the questions is, having the "Include"
> >> statements
> >> above, and knowing that each include file like devl08.conf is a
> >> virtual host
> >> container with SSL enabled, how do I redirect from the port 80
> >> version to
> >> the SSL enabled port 443 version like:
> >>
> >> http://cj-devl02.mydomain.net/ ------>
> >> https://cj-devl02.mydomain.net/
> >>
> >> FYI, I've tried including .conf files, and also pasting the
> >> contents of my
> >> .conf files into an email, but they evidently are rejected by the
> >> mailing list.
> >>
> >> ______________________________________________________________________
> >> Apache Interface to OpenSSL (mod_ssl)
> >> www.modssl.org <http://www.modssl.org>
> >> User Support Mailing List
> >> modssl-users@modssl.org <mailto:modssl-users@modssl.org>
> >> Automated List
> >> Manager [EMAIL PROTECTED]
> >> <mailto:[EMAIL PROTECTED]>
> >>
> >>
> >
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List modssl-users@modssl.org
> > Automated List Manager [EMAIL PROTECTED]
>
> --
> Andrew Hougie
> Grinton
> 5 Aldenham Grove
> Radlett
> Herts WD7 7BW
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager [EMAIL PROTECTED]
