[rt-users] _default_ VirtualHost overlap on port 443, the first has precedence
* I have managed to get it all set up and RT running OK with named virtual host over http. However, I am having problems with getting them to work over https. When I set a virtual host name, it always serves the first listed domain. See settings below. https:firstone serves the correct folder, but https:rt serves firstone's documents my settings: VirtualHost *:443 DocumentRoot C:/Development/firstone ServerName firstone ServerAdmin webmas...@localhost ErrorLog logs/ssl/error.log TransferLog logs/ssl/access.log SSLEngine on...etc /VirtualHost VirtualHost *:443 ServerName rt.hostname.com DocumentRoot /data/rt3/share/html AddDefaultCharset UTF-8 PerlModule Apache::DBI PerlRequire /data/rt3/bin/webmux.pl Location /NoAuth/images SetHandler default /Location ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn Directory / SSLRequireSSL /Directory SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/sslcertificate/server.crt SSLCertificateKeyFile /etc/sslcertificate/server.key /VirtualHost while restarting apache I get a warning _default_ VirtualHost overlap on port 443, the first has precedence Any suggestions??? Thanks in advance, rq * ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] _default_ VirtualHost overlap on port 443, the first has precedence
Each SSL site pretty much needs to be on it's own IP address, the reasoning is the cert negotiation isn't name based header as apache would. The only other way would be to have them on different ports but then you'd have to specify the port when going to the site. testwreq wreq wrote: * I have managed to get it all set up and RT running OK with named virtual host over http. However, I am having problems with getting them to work over https. When I set a virtual host name, it always serves the first listed domain. See settings below. https:firstone serves the correct folder, but https:rt serves firstone's documents my settings: VirtualHost *:443 DocumentRoot C:/Development/firstone ServerName firstone ServerAdmin webmas...@localhost ErrorLog logs/ssl/error.log TransferLog logs/ssl/access.log SSLEngine on...etc /VirtualHost VirtualHost *:443 ServerName rt.hostname.com http://rt.hostname.com DocumentRoot /data/rt3/share/html AddDefaultCharset UTF-8 PerlModule Apache::DBI PerlRequire /data/rt3/bin/webmux.pl Location /NoAuth/images SetHandler default /Location ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn Directory / SSLRequireSSL /Directory SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/sslcertificate/server.crt SSLCertificateKeyFile /etc/sslcertificate/server.key /VirtualHost while restarting apache I get a warning _default_ VirtualHost overlap on port 443, the first has precedence Any suggestions??? Thanks in advance, rq * ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] _default_ VirtualHost overlap on port 443, the first has precedence
Actually, I should have mentioned before that our rt installation is on a different IP. On Fri, Aug 21, 2009 at 11:09 AM, Curtis Bruneau curt...@vianet.ca wrote: Each SSL site pretty much needs to be on it's own IP address, the reasoning is the cert negotiation isn't name based header as apache would. The only other way would be to have them on different ports but then you'd have to specify the port when going to the site. testwreq wreq wrote: * I have managed to get it all set up and RT running OK with named virtual host over http. However, I am having problems with getting them to work over https. When I set a virtual host name, it always serves the first listed domain. See settings below. https:firstone serves the correct folder, but https:rt serves firstone's documents my settings: VirtualHost *:443 DocumentRoot C:/Development/firstone ServerName firstone ServerAdmin webmas...@localhost ErrorLog logs/ssl/error.log TransferLog logs/ssl/access.log SSLEngine on...etc /VirtualHost VirtualHost *:443 ServerName rt.hostname.com http://rt.hostname.com DocumentRoot /data/rt3/share/html AddDefaultCharset UTF-8 PerlModule Apache::DBI PerlRequire /data/rt3/bin/webmux.pl Location /NoAuth/images SetHandler default /Location ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn Directory / SSLRequireSSL /Directory SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/sslcertificate/server.crt SSLCertificateKeyFile /etc/sslcertificate/server.key /VirtualHost while restarting apache I get a warning _default_ VirtualHost overlap on port 443, the first has precedence Any suggestions??? Thanks in advance, rq * ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] _default_ VirtualHost overlap on port 443, the first has precedence
Try naming the virtual hosts. *:443 means any domain that resolves to that machine will get the first one, since it matches. Curtis may also be right (never tried two https sites on the same box), but try having the first one be VirtualHost firstone:443 and the second one VirtualHost rt:443 and see if it works for you. On 8/21/09 11:13 AM, testwreq wreq testw...@gmail.com wrote: Actually, I should have mentioned before that our rt installation is on a different IP. On Fri, Aug 21, 2009 at 11:09 AM, Curtis Bruneau curt...@vianet.ca wrote: Each SSL site pretty much needs to be on it's own IP address, the reasoning is the cert negotiation isn't name based header as apache would. The only other way would be to have them on different ports but then you'd have to specify the port when going to the site. testwreq wreq wrote: * I have managed to get it all set up and RT running OK with named virtual host over http. However, I am having problems with getting them to work over https. When I set a virtual host name, it always serves the first listed domain. See settings below. https:firstone serves the correct folder, but https:rt serves firstone's documents my settings: VirtualHost *:443 DocumentRoot C:/Development/firstone ServerName firstone ServerAdmin webmas...@localhost ErrorLog logs/ssl/error.log TransferLog logs/ssl/access.log SSLEngine on...etc /VirtualHost VirtualHost *:443 ServerName rt.hostname.com http://rt.hostname.com/ http://rt.hostname.com http://rt.hostname.com/ http://rt.hostname.com lt;http://rt.hostname.com/ DocumentRoot /data/rt3/share/html AddDefaultCharset UTF-8 PerlModule Apache::DBI PerlRequire /data/rt3/bin/webmux.pl Location /NoAuth/images SetHandler default /Location ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn Directory / SSLRequireSSL /Directory SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/sslcertificate/server.crt SSLCertificateKeyFile /etc/sslcertificate/server.key /VirtualHost while restarting apache I get a warning _default_ VirtualHost overlap on port 443, the first has precedence Any suggestions??? Thanks in advance, rq * ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com http://wiki.bestpractical.com/ Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com http://rtbook.bestpractical.com/ ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Drew Barnes Applications Analyst Network Resources Dept. Raymond Walters College ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] _default_ VirtualHost overlap on port 443, the first has precedence
I tried VirtualHost firstone:443 and the second one Virtual Host rt:443 but still https://rt.hostname.com goes to https;//firstone While restarting apache, the warning message now was: [Fri Aug 21 11:20:23 2009] [warn] VirtualHost firstname:443 overlaps with VirtualHost rt.hostname.com:443, the first has precedence, perhaps you need a NameVirtualHost directive Not sure what NameVirtualHost directive is On Fri, Aug 21, 2009 at 11:17 AM, Drew Barnes barne...@ucrwcu.rwc.uc.eduwrote: Try naming the virtual hosts. *:443 means any domain that resolves to that machine will get the first one, since it matches. Curtis may also be right (never tried two https sites on the same box), but try having the first one be VirtualHost firstone:443 and the second one VirtualHost rt:443 and see if it works for you. On 8/21/09 11:13 AM, testwreq wreq testw...@gmail.com wrote: Actually, I should have mentioned before that our rt installation is on a different IP. On Fri, Aug 21, 2009 at 11:09 AM, Curtis Bruneau curt...@vianet.ca wrote: Each SSL site pretty much needs to be on it's own IP address, the reasoning is the cert negotiation isn't name based header as apache would. The only other way would be to have them on different ports but then you'd have to specify the port when going to the site. testwreq wreq wrote: * I have managed to get it all set up and RT running OK with named virtual host over http. However, I am having problems with getting them to work over https. When I set a virtual host name, it always serves the first listed domain. See settings below. https:firstone serves the correct folder, but https:rt serves firstone's documents my settings: VirtualHost *:443 DocumentRoot C:/Development/firstone ServerName firstone ServerAdmin webmas...@localhost ErrorLog logs/ssl/error.log TransferLog logs/ssl/access.log SSLEngine on...etc /VirtualHost VirtualHost *:443 ServerName rt.hostname.com http://rt.hostname.com/http://rt.hostname.com/ http://rt.hostname.com http://rt.hostname.com/http://rt.hostname.com+%3chttp//rt.hostname.com/ DocumentRoot /data/rt3/share/html AddDefaultCharset UTF-8 PerlModule Apache::DBI PerlRequire /data/rt3/bin/webmux.pl Location /NoAuth/images SetHandler default /Location ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn Directory / SSLRequireSSL /Directory SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/sslcertificate/server.crt SSLCertificateKeyFile /etc/sslcertificate/server.key /VirtualHost while restarting apache I get a warning _default_ VirtualHost overlap on port 443, the first has precedence Any suggestions??? Thanks in advance, rq * ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com http://wiki.bestpractical.com/ http://wiki.bestpractical.com/ Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com http://rtbook.bestpractical.com/http://rtbook.bestpractical.com/ -- ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com -- Drew Barnes Applications Analyst Network Resources Dept. Raymond Walters College ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] _default_ VirtualHost overlap on port 443, the first has precedence
On Fri, Aug 21, 2009 at 11:09, Curtis Bruneaucurt...@vianet.ca wrote: Each SSL site pretty much needs to be on it's own IP address, the reasoning is the cert negotiation isn't name based header as apache would. The only other way would be to have them on different ports but then you'd have to specify the port when going to the site. In practice yes, but technically no. SNI allows https to do name-based virtual hosts, although mod_ssl (and older browsers) do not support it. For this reason we use mod_gnutls. http://www.outoforder.cc/projects/apache/mod_gnutls/sni/ -- Cambridge Energy Alliance: Save money. Save the planet. ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com