> -----Original Message----- > From: kloomis [mailto:kloomis@xxxxxxxxxxxxxxxx] > Sent: Freitag, 3. März 2006 05:52 > To: users@xxxxxxxxxxxxxxxx > Subject: Re: [users@httpd] Virtual Hosts Problem .. more > > At 01:57 PM 3/1/2006 -0500, I wrote: > > Well, I've been able to configure my httpd.conf to serve two > secure virtualhosts and the first page of a non-secure host, > but not the following pages of the non-secure site. > > The docs say I can't use name based virtual hosts with SSL, > but it's working for the SSL sites, but it might be breaking > the non-secured site? Does anyone know how to set this up? > > Here's my current config: (I've annotated it to try to > explain what I'm trying to do) > > ### Section 3: Virtual Hosts > > # I'm trying to serve secure and non-secure websites > NameVirtualHost *:80 > NameVirtualHost *:443 > > # The current users of this site all use the ip address to get to it. > # This config works. > <VirtualHost 123.456.789.123:443> > ServerAdmin webAdmin@xxxxxxxxxxx > DocumentRoot /var/www/html/sgimis/pages > ServerName 123.456.789.123:443 > </VirtualHost> > > # This site will be accessed by a FQDN > # It is working with this config > <VirtualHost *:443> > ServerAdmin webAdmin@xxxxxxxxxxx > DocumentRoot /var/www/html/newsgimis > ServerName itr.example.com > </VirtualHost> I guess you are missing out all the SSL directives, esp. the certificate... Anyway, your setup is not really working in a strict SSL sense. What is happening is that the SSL session is established using the cert from the first VH. Once the SSL channel is open, apache can then decrypt the request and so see the Host header. Then it can assign the request to the correct VH so name-based SSL "seems" to work. The problem is that the cert is always coming from the first VH, so request for the site contained in the 2nd VH will produce a browser warning that the site domain name doesn't match the cert. Thus, you don't have authentication, even though you have encryption. Maybe you don't care about authentication? Maybe that's OK if you have a development set up or a limited use for SSL btu for serious commercial SSL, authentication is just as important as encryption... > > # This is the "main" domain site. > <VirtualHost *:80> > ServerAdmin webAdmin@xxxxxxxxxxx > DocumentRoot /var/www/html > ServerName example.com > </VirtualHost> > > # This one is a Drupal CMS PHP, MySQL site > # This is the one that's not working properly. > # I get to the index, but not any follow-on pages > <VirtualHost *:80> > ServerAdmin webAdmin@xxxxxxxxxxx > DocumentRoot /var/www/html/tty > ServerName tty.example.com > </VirtualHost> Could be a dozen things... your snippet is too terse to tell what you've done wrong (could even be the HTML source). If you post the real URL, we can have a look.. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. > > #This is another Drupal site > <VirtualHost *:80> > ServerAdmin webAdmin@xxxxxxxxxxx > DocumentRoot /var/www/html/sgine > ServerName sgine.example.com > </VirtualHost> > > Any help would be much appreciated. I find httpd to be a mystery. > > Thanks, > > Ken > > > > > Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX. This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|