Re: IP-based SSL virtualhosts problem - with attachment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Joshua,

the certificates are now different for each virtual host - I sent a
different file earlier. I have removed the NameVirtualHost directives. I
still have the same problem. I've restarted apache after the changes and
the problem still remains, when I access 192.168.2.250 via browser, I get
redirected to /var/www/store/, but the used certificate is the "198.crt".

Why is the Directory section not correct? It was copied from apache2's
default file...

Thank you for your help.

Bruno Teixeira

Config file:

<VirtualHost 192.168.2.198:443>
        ServerAdmin webmaster@localhost
        ServerName 192.168.2.198

        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/198.crt
        SSLCertificateKeyFile /etc/apache2/ssl/198.key


        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                RedirectMatch ^/$ /site/
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

<VirtualHost 192.168.2.250:443>
        ServerAdmin webmaster@localhost
        ServerName 192.168.2.250

        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/250.crt
        SSLCertificateKeyFile /etc/apache2/ssl/250.key

        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                RedirectMatch ^/$ /store/
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>



> On 2/8/07, bruno alves teixeira <l16331@xxxxxxxxxxxxxxxx> wrote:
>> Hi,
>>
>> I've been all over the web and mailling list archives, so I know
>> multiple
>> SSL hosts on one machine is a problem for name-based virtual hosts, but
>> shouldn't IP aliasing and IP-based virtual hosts solve this?
>>
>> I seem to be doing everything correctly but the certificate of the top
>> virtual host is used for all hosts. The RedirectMatch for each IP is
>> correct, but the top certificate is always used. You can check out the
>> attached file, to verify the definition of the virtual hosts.
>>
>> What am I doing wrong?
>
> 1. Don't attach your config using base64 encoding and an incorrect
> mime type.  Just copy-past it into the message.
>
> 2. You are not use name-based virtual hosts, therefore you shouldn't
> use the NameVirtualHost directive.  See:
> http://httpd.apache.org/docs/2.2/vhosts/ip-based.html
>
> 3. What RedirectMatch are you talking about?  The only RedirectMatch
> in your config is inside a <Directory> section, which is not correct.
>
> 4. Your example config uses the same SSLCertificateFile for both
> vhosts, which is probably the main source of your problem.
>
> Joshua.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux