On Tue, Sep 6, 2011 at 7:26 PM, Leen Besselink <[email protected]>wrote:
> On 09/06/2011 10:40 AM, Jordan Tomkinson wrote: > > Hi list, > > > > Im using Apache 2.2.0 with Peruser 0.4.0rc2 compiled in and having > > trouble with ssl vhosts > > I use a wildcard ssl certificate for *.mydomain.tld with virtualhost > > entries for different subdomains. > > > > something like: > > > > <VirtualHost x.x.x.x:443> > > ServerName sub1.mydomain.tld > > SSLEngine On > > SSLCertificateFile /path/to/my/wildcard.crt > > SSLCertificateKeyFile /path/to/my/wildcard.key > > KeepAlive on > > DocumentRoot /path/to/mydomain/sub1/html > > > > <IfModule peruser.c> > > <Processor apache-ssl> > > User apache > > Group apache > > </Processor> > > ServerEnvironment apache-ssl > > </IfModule> > > > > </VirtualHost> > > > > Repeating for sub2, sub3, sub4 of .mydomain.tld etc.. > > > > This all works fine when each vhost is using the same > > ServerEnvironment, but this means I cannot Chroot vhosts into unique > > directories. > > When I change the ServerEnvironment, apache hangs on the connection > > with nothing being written to the error_log > > > > I originally thought this was related to > > http://www.peruser.org/trac/peruser/ticket/2 but perhaps I'm wrong. > > > > Any ideas?? > > > > Just a quick check: > - you use one certficate for different Vhost, probably ok > - each Vhost has atleast one seperate IP-address ? > - you want to have different ServerEnvironment/Chroot for each VHost > > If you don't have different IP-addresses, you might have problems with a > vanilla Apache as well. > > Because SNI-support is limited in browsers and webservers: > http://en.wikipedia.org/wiki/Server_Name_Indication > SNI is not a problem because we use a wildcard ssl certificate - this is the correct way to do multiple ssl vhosts bound to a single IP in apache. the CN of our certificate is set to *.ourdomain.tld, apache has a single virtual host (the default) which sends the certificate, the other vhost entries simply specify additional ServerName and DocumentRoot options. It works fine in both vanilla apache and with mod-peruser - but only with the same ServerEnvironment - see http://www.peruser.org/trac/peruser/ticket/3 for the same issue On a side note: has anyone noticed the incredible amount of SPAM links on the peruser.org wiki / trac website? is there no active webmaster ?? > > > Regards, > > > > Jordan Tomkinson > > Systems Administrator > > Moodle HQ > > _______________________________________________ > Peruser mailing list > [email protected] > http://www.telana.com/mailman/listinfo/peruser >
_______________________________________________ Peruser mailing list [email protected] http://www.telana.com/mailman/listinfo/peruser
