1. Sorry about cc'ing to you personally - I did a Reply All to keep the
message and forgot to amend the headers.
2. Reproducible fix:
Finally got the secured site to server by adding to
/etc/apache2/mods-available/ssl.conf one line:
Listen 443
3. Reproducible fix:
I eliminated the wrong-DNS dialog after accepting the certificate by
regenerating the cert. Problem with apache2's mod_ssl ssl_faq is that it
doesn't say that the CommonName needs to be the fully qualified server
name!
Unfortunately I may not have undone all the things I found by googling -
most of which had no immediate effects. One of which installed Apache 1
as a by-product, which I uninstalled.
4. Problems, non-fatal:
I've added back the *:80 forwarding part to the secure site, and added a
second vhost file with another *:80 entry in it for a separate but related
website. On startup Apache2 gives these errors:
- apache2: Could not determine the server's fully qualified domain
name, using 127.0.0.1 for ServerName
- [Fri Aug...] [warn] NameVirtualHost *:80 has no VirtualHosts
But it starts up.
5. Problem, incorrect behaviour:
The Alias + Directory command which worked before the SSL seems to work
for the plain *:80 site but no longer for the newly SSL'd site. The
secured site tries to serve it directly as content instead of Apache using
the Directory directive:
Alias /images/ /www/sites/images/
<Directory /www/sites/images>
Order allow,deny
Allow from all
</Directory>
I've tried copying the Alias with/without Directory into the secured
VirtualHost tags, but with no change in behaviour. Otherwise secured
content does show up correctly on the unsecured site without a certificate
dialog as desired.
Ideas on how to correct either 4 or 5 is appreciated. I always stop and
start apache between changes when trying them out, and force Firefox to
refresh content. Apache's error.log shows only SIGTERM shutdown/startup
entries now, and I am using Apache2 on Ubuntu 6.
Thanks!
-Chris
Chris Dagnon said:
> Thanks for that hint - I didn't think to check log files since it didn't
> start. error.log said the app's log file couldn't be created so I updated
> that location to match my previous values. Victim of cut-and-paste-itis.
>
> But I'm back to 'can't establish a connection to the server at...' when
> trying to reach the SSL'd site from Firefox. With apache2's stop and
> start I continue to see:
>
> apache2: Could not determine the server's fully qualified domain name,
> using 127.0.1.1 for ServerName (sic)
>
> This is Ubuntu 6, and it automatically put a hosts entry of 127.0.1.1 to
> the machine's name which explains the odd IP, but what I have for the
> VirtualHost *:443's ServerName is also sitting in the hosts file on the
> line for 127.0.0.1, just like the PHP site's name which works fine. I
> also tried commenting out the VirtualHost *:80's entry in case there was
> forwarding confusion, but that tag actually works forwarding the http to
> https.
>
> The only intelligent question I can ask is: could Apache2 be confused
> because I have an https proxied to an http://localhost:3000/ ? I wouldn't
> think so, but maybe ProxyPass/Reverse forwards the encrypted request
> instead of decrypting it and passing it along..?
>
> Thanks again,
>
> -Chris
>
>
> Joshua Slive said:
>> On 8/24/06, Chris Dagnon <chris.dagnon@xxxxxxxxxxxxxxxx> wrote:
>>> Hello all,
>>>
>>> I've been using a site configured to Proxy requests to another port for
>>> one ServerName and another on the same Apache2 directly serving PHP
>>> pages.
>>> That's been working fine. But now I want to add SSL to the proxied
>>> pages
>>> and it isn't going so smoothly. I had hints from a coworker and tried
>>> integrating that with my existing vhost files, but even at the best of
>>> times Apache2 fails startup.
>>
>> What does the error log say?
>>
>> Joshua.
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|