[no subject]

2007-10-19 Thread bfb21 
When I run an apachectl configtest, I get the errors below regarding compiling 
apache with -DEAPI.  Now mod_ssl has a configure option --with-eapi-only, and 
apache has an option "--disable-rule=EAPI=no".  But no matter what combination 
of these options I use, I still get the errors.  Any suggestions would be 
greatly appreciated.



[Fri Oct 19 11:15:33 2007] [warn] Loaded DSO libexec/mod_vhost_alias.so uses 
plain Apache 1.3 API, this module might crash under EAPI! (please recompile it 
with -DEAPI)
[Fri Oct 19 11:15:33 2007] [warn] Loaded DSO libexec/mod_log_config.so uses 
plain Apache 1.3 API, this module might crash under EAPI! (please recompile it 
with -DEAPI)
[Fri Oct 19 11:15:33 2007] [warn] Loaded DSO libexec/mod_actions.so uses plain 
Apache 1.3 API, this module might crash under EAPI! (please recompile it with 
-DEAPI)
.
.
.
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

How to build apache/mod_ssl/mod_perl together?

2007-10-17 Thread bfb21 
I can't seem to build an SSL enabled httpd binary from the sources and 
instructions listed below.  I'm basically following the instructions from the 
mod_perl instructions for SSL in the file INSTALL.simple.mod_ssl.  But this 
does not result in an SSL/mod_perl enabled httpd binary.  Can someone tell me 
what I'm doing wrong below?

-Thanks



tar zxvf apache_1.3.33.tar.gz
tar zxvf mod_ssl-2.8.24-1.3.33.tar.gz
tar zxvf openssl-0.9.6b.tar.gz
tar zxvf mod_perl-1.0-current.tar.gz


cd openssl-0.9.8b
./config
make

cd ..
cd mod_ssl-2.8.24-1.3.33

./configure \
--with-apache=../apache_1.3.33 \
--with-ssl=../openssl-0.9.8b \
--enable-module=ssl \
--enable-module=so \
--prefix=/usr/local/apache-1.3.33 

cd..
cd mod_perl-1.29

perl Makefile.PL \
 EVERYTHING=1 \
 APACHE_SRC=../apache_1.3.33/src \
 APACHE_PREFIX=/usr/local/apache-1.3.33 \
 SSL_BASE=../openssl-0.9.8b \
 USE_APACI=1 \
 PREP_HTTPD=1 \
 DO_HTTPD=1 \
 APACI_ARGS=--enable-module=ssl,--enable-module=so,--enable-module=rewrite

make 
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Re: Will these name based virtual host work with SSL?

2007-10-16 Thread bfb21 
Thanks for the info.  From what I gather I will not be able to access the 
virtual hosts via SSL since they are name based, unless I use the mod_gnutl 
apache module.  Now my question is, if I purchase only 1 SSL certificate, and I 
SSL enable the main server like:

https://www.mydomain.com/

Then of cousre, none of the virtual hosts like http://devl01.mydomain.com or
http://devl01.mydomain.com would be accessible via SSL.  Would this scneria 
work with just the main server SSL enabled and all the virtual hosts accessed 
via port 80?

-Thanks




 -- Original message --
From: Aaron Dalton <[EMAIL PROTECTED]>
> [EMAIL PROTECTED] wrote:
> > If in my httpd.conf file I have numerous virtual hosts defined with include 
> files like:
> > 
> > Include /usr/local/apache/conf/conf.d/devl00.conf
> > Include /usr/local/apache/conf/conf.d/devl01.conf
> > Include /usr/local/apache/conf/conf.d/devl02.conf
> > Include /usr/local/apache/conf/conf.d/devl03.conf
> > 
> > 
> > If I SSL enable the entire server in the main httpd.conf file, would I be 
> > able 
> to access each virtual host on port 443 like https://devl02.mydomain.com/?
> > I believe I would be able to access https://www.mydomain.com securely as 
> > well.
> > I guess the question is, can you SSL enable the entire server, and access 
> > each 
> virtual host via port 443?
> > 
> 
> This comes up so often that it is in the Apache SSL FAQ.  You may not
> have more than one SSL host on any given IP/Port combination.
> 
> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts
> 
> http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#vhosts2
> 
> -- 
> Aaron Dalton   |   Super Duper Games
> [EMAIL PROTECTED]   |   http://superdupergames.org
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  modssl-users@modssl.org
> Automated List Manager[EMAIL PROTECTED]

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Will these name based virtual host work with SSL?

2007-10-16 Thread bfb21 
If in my httpd.conf file I have numerous virtual hosts defined with include 
files like:

Include /usr/local/apache/conf/conf.d/devl00.conf
Include /usr/local/apache/conf/conf.d/devl01.conf
Include /usr/local/apache/conf/conf.d/devl02.conf
Include /usr/local/apache/conf/conf.d/devl03.conf


If I SSL enable the entire server in the main httpd.conf file, would I be able 
to access each virtual host on port 443 like https://devl02.mydomain.com/?
I believe I would be able to access https://www.mydomain.com securely as well.
I guess the question is, can you SSL enable the entire server, and access each 
virtual host via port 443?


-Thanks
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Re: Please help with http -> https redirection

2007-10-16 Thread bfb21 
So from what I'm gathering, if I have several virtual hosts defined in my 
httpd.conf file (Using Include) then in order to secure them via SSL, each one 
would have to have it's own IP address?  So for example, each of these virtual 
host containers in each .conf file included begins with:



Include /usr/local/apache/conf/conf.d/devl00.conf
Include /usr/local/apache/conf/conf.d/devl01.conf
Include /usr/local/apache/conf/conf.d/devl02.conf
Include /usr/local/apache/conf/conf.d/devl03.conf


Now what I did to get the devl02 virtual host working with SSL was told it to 
listen on port 443, and read in all the SSL config stuff in a file I named 
ssl.conf like this:




  Include conf/conf.d/ssl.include



After doing that I can browse to https://devl02.mydomain.com/.

-Thanks


 -- Original message --
From: Andrew Hougie <[EMAIL PROTECTED]>
> Do your name-based secure virtual hosts work on their own - does 
> https://devl02.mydomain.com/ actually work - I thought name-based secure 
> virtual hosts were impossible/difficult.
> 
> I did find at 
> http://www.g-loaded.eu/2007/08/10/ssl-enabled-name-based-apache-virtual-hosts-wi
> th-mod_gnutls/ 
> an indication of a new technique for making name-based secure virtual 
> hosts with SNI - is that what you're using?
> 
> Best wishes
> Andrew
> 
> On 16/10/2007 03:12, Bernard Barton wrote:
> > These are name based virtual hosts.  Numerous hosts, only one IP
> > address.  So each of the included .conf files below such as devl00.conf
> > and devl01.conf begin with something like this:
> > 
> > 
> > 
> > ServerName  devl02.mydomain.net
> > ServerAdmin [EMAIL PROTECTED]
> > LogLevel debug
> > 
> > 
> > So I can access https://devl02.mydomain.com/ directly, but if I try and
> > redirect from http://devl02.mydomain.com to the https URL of the same
> > name, I get the default insecure web site, which is defined in the
> > httpd.conf file.
> > 
> > -Thanks
> > 
> > 
> > 
> > Cliff Woolley wrote:
> >> Are these IP-based virtual hosts or name-based virtual hosts?  See
> >> http://httpd.apache.org/docs/2.0/vhosts/name-based.html
> >>
> >> --Cliff
> >>
> >>
> >> On 10/15/07, *Bernard Barton* <[EMAIL PROTECTED]
> >> > wrote:
> >>
> >> In my main httpd.conf file, I have numerous include files which
> >> include
> >> virtual hosts like so:
> >>
> >> Include /usr/local/apache/conf/conf.d/devl00.conf
> >> Include /usr/local/apache/conf/conf.d/devl01.conf
> >> Include /usr/local/apache/conf/conf.d/devl02.conf
> >>
> >>
> >> So if I access http://devl02.mydomain.com/ then I see the virtual host
> >> defined
> >> in devl02.conf, etc.  In the devl02.conf file, I have enabled
> >> SSL.  I CAN
> >> access the secure site https://devl02.mydomain.com/.  However,
> >> when I now
> >> access the non-secure site of http://devl02.mydomain.com, the main
> >> server
> >> web site is displayed, and not the virtual host.  What I'm trying
> >> to do
> >> is a
> >>
> >>RedirectPermanent / https://cj-devl02.mydomain.net/
> >>
> >> But when I do this I get errors that I posted previously about
> >> cookies not
> >> being enabled.  So I guess the questions is, having the "Include"
> >> statements
> >> above, and knowing that each include file like devl08.conf is a
> >> virtual host
> >> container with SSL enabled, how do I redirect from the port 80
> >> version to
> >> the SSL enabled port 443 version like:
> >>
> >> http://cj-devl02.mydomain.net/  -->  
> >> https://cj-devl02.mydomain.net/
> >>
> >> FYI, I've tried including .conf files, and also pasting the
> >> contents of my
> >> .conf files into an email, but they evidently are rejected by the
> >> mailing list.
> >>
> >> __
> >> Apache Interface to OpenSSL (mod_ssl)  
> >> www.modssl.org 
> >> User Support Mailing List  
> >> modssl-users@modssl.org 
> >> Automated List
> >> Manager[EMAIL PROTECTED]
> >> 
> >>
> >>
> > 
> > __
> > Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> > User Support Mailing List  modssl-users@modssl.org
> > Automated List Manager[EMAIL PROTECTED]
> 
> -- 
> Andrew Hougie
> Grinton
> 5 Aldenham Grove
> Radlett
> Herts WD7 7BW

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]