Date: Thu, 29 Jun 2006 15:06:29 +0100
From: Pid <p@xxxxxxxxxxx>
To: Dave Henderson <dhenderson@xxxxxxxxxxxxxxxx>
Subject: Re: [users@httpd] apache and ssl
I don't think you gain anything by separating the IPs if they're
actually on one physical connection.
(reply to the list only please)
Dave Henderson wrote:
> I do have two NameVirtualHost definitions:
>
> NameVirtualHost 192.168.0.12:80
> NameVirtualHost 192.168.0.13:443
>
> On my firewall, I have port 80 traffic going to 192.168.0.12 and 443
> traffic going to 192.168.0.13. Both ip's are used on the same server by
> way of assigning multiple ip addresses to one nic. Should I change my
> vhost definitions to use on the 192.168.0.12 ip address instead of using
> the two shown above?
>
> Thanks,
> Dave
>
>
>
> */Pid/* wrote:
>
> Does anyone else think that this is wrong?
>
> SSLCertificateFile /etc/apache2/ssl/certs/sitename.com.crt
> SSLCertificateKeyFile /etc/apache2/ssl/keys/sitename.com.key
> >> SSLCACertificateFile /etc/apache2/ssl/root/sitename.com.crt
>
> It looks like you're telling it that the Certificate Authority is the
> same file as the Certificate itself. I could be wrong tho.
>
>
>
> As regards to the VHost defs: it depends what you've got in front of the
> server in the way of DNS or loadbalancers.
>
> Your domain name can only resolve to point at one IP address (unless
> you're using load balancers or proxies etc etc). So any request for the
> SSL port of demo.sitename.com is going to arrive at the same IP as the
> port 80 connection.
>
> http://demo.sitename.com > IP1
> https://demo.sitename.com > Still IP1
>
>
> (Have you set "NameVirtualHost" or not?)
>
>
>
> Dave Henderson wrote:
> > I am wondering if the virtual host definitions are wrong. Can I do the
> > following (even though the ServerName options have the same
> value)? Can
> > I use the IP addresses like I have done below?
> >
> >
> >
> > ServerAdmin webmaster@xxxxxxxxxxxx
> > ServerName demo.sitename.com
> > DocumentRoot /var/www/sitename.com/demo
> >
> > # This should be changed to whatever you set DocumentRoot to.
> >
> > Options Indexes Includes
> > AllowOverride Options
> > Order allow,deny
> > Allow from all
> >
> > ErrorLog /var/log/apache2/sitename.com/demo/error.log
> > CustomLog /var/log/apache2/sitename.com/demo/access.log common
> > CustomLog /var/log/apache2/sitename.com/demo/referer.log referer
> > CustomLog /var/log/apache2/sitename.com/demo/agent.log agent
> >
> > # Possible values: debug, info, notice, warn, error, crit,
> > alert, emerg.
> > LogLevel warn
> >
> > ServerSignature On
> >
> >
> >
> >
> > ServerAdmin webmaster@xxxxxxxxxxxx
> > ServerName demo.sitename.com
> > DocumentRoot /var/www/sitename.com/demo/ssl
> >
> > # SSL specifications
> > SSLEngine On
> > SSLCertificateFile /etc/apache2/ssl/certs/sitename.com.crt
> > SSLCertificateKeyFile /etc/apache2/ssl/keys/sitename.com.key
> > SSLCACertificateFile /etc/apache2/ssl/root/sitename.com.crt
> > SSLCipherSuite SSLv2:+HIGH:+MEDIUM
> > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> >
> > # SSLVerifyClient require
> > # SSLVerifyDepth 1
> > # CustomLog /var/log/apache2/ssl \ "%t %h %{SSL_PROTOCOL}x
> > %{SSL_CIPHER}x$
> > #
> > # SSLCipherSuite SSLv2:+HIGH:+MEDIUM
> > # SSLVerifyClient require
> > # SSLVerifyDepth 1
> > #
> >
> > # This should be changed to whatever you set DocumentRoot to.
> >
> > Options Indexes Includes
> > AllowOverride Options
> > Order allow,deny
> > Allow from all
> >
> > ErrorLog /var/log/apache2/sitename.com/demo/error.log
> > CustomLog /var/log/apache2/sitename.com/demo/access.log common
> > CustomLog /var/log/apache2/sitename.com/demo/referer.log referer
> > CustomLog /var/log/apache2/sitename.com/demo/agent.log agent
> >
> > # Possible values: debug, info, notice, warn, error, crit,
> > alert, emerg.
> > LogLevel warn
> >
> > ServerSignature On
> >
> >
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>
>