-Original Message-
From: Tom Bartling [mailto:[EMAIL PROTECTED]
If you'd care to post your config or send it directly, I'll
have a look and see if there's anything wrong with it.
There are several minor problems with your config which, taken together, may be adding
up to the confusing behaviour you are seeing. If you work through the following it may
improve matters:
General Strategy:
- Since your server has two IP addresses, use default IP addressing (i.e. listen to
all active IPs).
- Since you need VirtualHosting, use this throughout (i.e. lose the idea of a main
server).
- Aim for multiple name-based VHs on port 80 and one single SSL VH on port 443.
Details:
1) Don't use Port and Listen. These two directives are very similar and Listen
is preferred (Port is deprecated): Remove all Port directives.
2) Don't use domain names in Listens or VHs since this makes your config dependent on
DNS. Use default:
Listen secure.mintecommerce.com:443 - Listen 443
VirtualHost secure.mintecommerce.com:443 - VirtualHost *:443
(NB - the only thing which should define the SSL VH is the port number).
3) Move main server into first VH container. At the moment, this has only a
ServerName - this is odd and I've no idea what apache would do in this case (I guess
you expect it to default to the main server - I wouldn't count on it). You can
achieve this simply by moving the main DocumentRoot into this VH:
VirtualHost *
ServerName www.mintecommerce.com
DocumentRoot /usr/local/www/data
/VirtualHost
the other directives can remain outside where they will apply globally as appropriate.
4) To complete the encapsulation of HTTP and HTTPS, add port 80 to all HTTP VHs:
VirtualHost * - VirtualHost *:80
(already done this for the SSL VH in (2) above).
Now try a restart without SSL and check the name-based VHs all work, including the
main server. If that's OK, restart with SSL and test https://www.mintecommerce.com/.
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
- Original Message -
From: Boyle Owen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, May 28, 2003 3:31 AM
Subject: RE: unknown protocol
Plain text please...
It looks like you are not succeeding in starting an SSL VH.
Looking at your config, there is no obvious error, although I
don't know
why you put the Listen 80 inside the IfDefine - this would mean that
even plain HTTP wouldn't work unless you started with SSL.
Just to be clear how it works, apachectl startssl causes the apache
control script to execute httpd -DSSL. This starts apache with the
environment variable SSL defined. So when apache finds an
IfDefine SSL
container, it evaluates the condition as true and so reads the
directives inside. This is the canonical way of selecting SSL.
Of course, you don't need to bother with all of this. If you
put the SSL
VH outside the IfDefine SSL block (or just remove the IfDefine SSL
tags) then the SSL VH and its directives will fire up in a normal
apachectl start.
You might try this - just make sure you have a single VH on
port 443 and
a Listen 443 and it should startup. Be careful you don't have a plain
HTTP VH on port 443 - it could supersede the SSL VH. To test, what
happens if you make a plain HTTP request to port 443 (it shouldn't
work!)
About the PHP warning - when you recompiled apache to include mod_ssl,
it patched the apache API to extend it to allow hooks into the OpenSSL
library (EAPI = Extended API). Since the PHP module was
compiled before
this, it is expecting the standard API. Probably it will continue to
work since the EAPI is a superset of the API but you never
know if there
will be a conflict in some call somewhere (you'll get a seg fault if
there is). The safest thing to do is to recompile mod_php against the
new API.
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
-Original Message-
From: Tom Bartling [mailto:[EMAIL PROTECTED]
Sent: Mittwoch, 28. Mai 2003 07:51
To: [EMAIL PROTECTED]
Subject: unknown protocol
Hi,
I am new to the list and relatively new to administering SSL,
so please
forgive me if this is not the right place to ask this question.
I am having trouble getting SSL to work. I'm on FreeBSD 4.5
Stable with
apache+mod_ssl-1.3.27+2.8.14 and openssl-0.9.7a_2.
Everything seems to have installed okay and I can run
apachectl startssl
without any problems, but I can't get SSL to actually work. When I try
to go the url via https, it immediately displays the dreaded
this page
cannot be displayed message. When I run apachectl
configtest, it spits
out the following:
apachectl configtest
[Tue May 27 23:20:56 2003] [warn] Loaded DSO libexec/apache/libphp4.so
uses plain Apache 1.3 API, this module might crash under EAPI! (please
recompile it with -DEAPI)
Syntax OK
PHP works without any problems, so I'm not concerned about that at the
moment. The manual