Re: httpd2 vhost & ssl configuration problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Okay, I was already wondering if there is a problem with more then one VH and SSL all on the same port (443).
It looks like I have to make the whole server ssl then?

Yes, SSLRequireSSL gives me a 403 denied access.

Boyle Owen wrote:
-----Original Message-----
From: pat [mailto:pat@xxxxxxxxxx] Sent: Tuesday, February 19, 2008 1:19 PM
To: users@xxxxxxxxxxxxxxxx
Subject: Re:  httpd2 vhost & ssl configuration problem

Hello Boyle

Just the default ssl vhost is on port 443:
    Listen 443

    <VirtualHost _default_:443>
            ServerName company.com
            Include /etc/apache2/vhosts.d/default_vhost.include
            ...
    </VirtualHost>

So this is the VH that serves any HTTPS requests. Remember that SSL
cannot be name-based so you can only have one SSL VH per ip:port.

The simplest thing is just to put the required docroot in here.

Hm okay. What I want is that someone can connect on http:80 and gets forwarded to https:443, because there is directory based ssl forced.

Do you mean SSLRequireSSL? That doesn't forward or redirect or anything
- it just denies access if the protocol is not HTTPS. Is this working -
do you get a 403?


Should I use default_vhost.conf as template for that? I used default_ssl_vhost.conf for that... (I am using gentoo)

Personally, I'm a one-big-monolithic-config guy. I never use included
configs and know nothing about how gentoo set things up.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
Regards,
pat


Boyle Owen wrote:
-----Original Message-----
From: pat [mailto:pat@xxxxxxxxxx] Sent: Tuesday, February 19, 2008 12:11 PM
To: users@xxxxxxxxxxxxxxxx
Subject:  httpd2 vhost & ssl configuration problem

Hello

I have a problem with the apache2 configuration if I want
to combine
vhost and ssl settings.
My apache opts: APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -D
LANGUAGE -D
SSL -D SSL_DEFAULT_VHOST -D PHP5 -D PERL -D PYTHON -D SUEXEC"

This is my vhost config:
<IfDefine SSL_DEFAULT_VHOST>
<IfModule ssl_module>
<VirtualHost *:80>
Do you have a VH on port 443?


NB: SSL is a separate port-based VH, not an extra attribute you tack
onto a plain HTTP VH.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
      ServerName host.company.com

      DirectoryIndex index.php index.html
      DocumentRoot "/var/www/localhost/htdocs/host-company-com"
      ServerAlias host.company.com *.host.company.com
      ErrorLog /var/log/apache2/vhosts/error_log
      CustomLog /var/log/apache2/vhosts/access_log common

      <Directory "/var/www/localhost/htdocs/host-company-com">
              SSLRequireSSL
              Options Indexes FollowSymLinks
              AllowOverride None
              Order allow,deny
              Allow from all
      </Directory>
</VirtualHost>

Now my problem is that if I connect to
http://host.company.com works
(the content from /var/www/localhost/htdocs/host-company-com is shown), but if I connect to https://host.company.com it doesn't work correctly and the content from /var/www/localhost/htdocs/ (default DocumentRoot) is shown. Why? I want to have ssl support for my vhost
"host.company.com" but
apache forwards to the wrong DocumentRoot.
Does anyone have an idea, what the problem is?

Thank you and best regards,
pat


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

This message is for the named person's use only. It may
contain confidential, proprietary or legally privileged information. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. The sender's company reserves the right to monitor all e-mail communications through their networks.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP
Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


--
Patrick Grieshaber
http://www.ng-lab.org
sysspoof@xxxxxxxxxx
pgr@xxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. The sender's company reserves the right to monitor all e-mail communications through their networks.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




--
Patrick Grieshaber
http://www.ng-lab.org
sysspoof@xxxxxxxxxx
pgr@xxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux