ce face mituc este ok, anume apache asculta DOAR pe portul 443.
o sa ma obosesc sa copiez citeva paragrafe din "Professional Apache" by Peter
Wainwright (buy this book ;-)
"
SSL does not work corectly with name-based virtual hosts, for the simple
reason that SSL comes between TCP/IP connection and Apache's view of it.
An IP nased connection identifies the virtual host at the IP level, so
Apache can know which virtual host is required before client sends anything.
Name-based hosts don't know which host the client wants until it sends a
request. For this work, mod_ssl would have to know whether or not to
estabilish SSL session before Apache has determined which host is wanted
(and therefore whether SSL is allowed or required) - clearly impossible.
The end result is that if we want to use named virtual hosts and SSL, we can
do so, but only if we separate them into different configurations and start
up 2 separate instances of Apache, one for normal hosts and one for SSL
hosts. The two Apaches can still serve the same IP address, so long as one
uses 'Listen 443' directive to switch attention to SSL port. This way, only
the SSL enabled Apache will get connection from SSL clients, so there is no
ambiguity. We can also remove mod_ssl from one of the servers to save memory.
"
On Tue, Sep 25, 2001 at 12:11:04AM +0300, Tarhon-Onu Victor wrote:
>
> On Mon, 24 Sep 2001 [EMAIL PROTECTED] wrote:
>
> > pot vedea si eu un httpd.conf?
> > eventual inlocuieste adresele IP cu altceva.
> > am tot incercat dupa ureche, dar niente.
>
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl .crl
>
> SSLLog logs/ssl_engine_log
> SSLLogLevel error
>
> Listen 443
> NameVirtualHost ip_server
> NameVirtualHost ip_server:443
> # ~~ nu-s neaparat necesare dar il stii pe apache ca injura ca vaca
> # aiurea cite odata...
>
> <VirtualHost ip_server:443>
> ServerName nume.server1
>
> SSLEngine on
> SSLCertificateFile /home/httpd/virtuals/nume.server1/ssl/nume_server1.crt
> SSLCertificateKeyFile /home/httpd/virtuals/nume.server1/ssl/nume.server1.key
> SSLVerifyClient none
> SSLVerifyDepth 10
> </VirtualHost>
>
> <VirtualHost ip_server:443>
> ServerName nume.server2
>
> SSLEngine on
> SSLCertificateFile /home/httpd/virtuals/nume_server2/ssl/nume.server2.crt
> SSLCertificateKeyFile /home/httpd/virtuals/nume.server2/ssl/nume.server2.key
> SSLVerifyClient none
> SSLVerifyDepth 10
> </VirtualHost>
>
> ...si asa mai departe pina la ServerName nume.serverN.
>
> Nota1: Optiunile pe directoare s-au scos din aceste exemple, so feel free
> to put any.
>
> Nota2: Lucrez pe sisteme RedHat (no flame intended, insa exemplul de
> script modificat e original de pe RedHat si e foarte usor adaptabil
> oriunde). Pentru a usura munca si pentru a scuti numarul de muscaturi pe
> secunda din bordurile din fata cladirii si din colturile meselor din
> incapere s-au facut urmatoarele ajustari asupa lui /etc/rc.d/init.d/httpd:
>
> tty_name=`/usr/bin/tty`;
> .
> .
> .
> echo -n "Starting httpd: "
> (sleep 2; writevt $tty_name "passphrase_server1
> ") &
> (sleep 2; writevt $tty_name "passphrase_server2
> ") &
> (sleep 3; writevt $tty_name "passphrase_server2
> ") &
> .
> .
> .
> (sleep indeajuns; writevt $tty_name "passphrase_serverN
> ") &
> # daemon httpd `moduleargs`
> nice -0 httpd `moduleargs` 2>&1 1>/dev/null && success "$base startup" ||
>failure "$base startup";
>
--
___
<o-o> Viorel ANGHEL <vang @ lug.ro>
[`-']
-"-"- In Linux We Trust.
---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
unsubscribe from this list.
