It looks like I have to make the whole server ssl then? Yes, SSLRequireSSL gives me a 403 denied access. Boyle Owen wrote:
-----Original Message-----From: pat [mailto:pat@xxxxxxxxxx] Sent: Tuesday, February 19, 2008 1:19 PMTo: users@xxxxxxxxxxxxxxxx Subject: Re: httpd2 vhost & ssl configuration problem Hello Boyle Just the default ssl vhost is on port 443: Listen 443 <VirtualHost _default_:443> ServerName company.com Include /etc/apache2/vhosts.d/default_vhost.include ... </VirtualHost>So this is the VH that serves any HTTPS requests. Remember that SSL cannot be name-based so you can only have one SSL VH per ip:port. The simplest thing is just to put the required docroot in here.Hm okay. What I want is that someone can connect on http:80 and gets forwarded to https:443, because there is directory based ssl forced.Do you mean SSLRequireSSL? That doesn't forward or redirect or anything - it just denies access if the protocol is not HTTPS. Is this working - do you get a 403?Should I use default_vhost.conf as template for that? I used default_ssl_vhost.conf for that... (I am using gentoo)Personally, I'm a one-big-monolithic-config guy. I never use included configs and know nothing about how gentoo set things up. Rgds, Owen BoyleDisclaimer: Any disclaimer attached to this message may be ignored.This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. The sender's company reserves the right to monitor all e-mail communications through their networks.Regards, pat Boyle Owen wrote:to combine-----Original Message-----From: pat [mailto:pat@xxxxxxxxxx] Sent: Tuesday, February 19, 2008 12:11 PMTo: users@xxxxxxxxxxxxxxxx Subject: httpd2 vhost & ssl configuration problem HelloI have a problem with the apache2 configuration if I wantLANGUAGE -Dvhost and ssl settings.My apache opts: APACHE2_OPTS="-D DEFAULT_VHOST -D INFO -Dhttp://host.company.com worksSSL -D SSL_DEFAULT_VHOST -D PHP5 -D PERL -D PYTHON -D SUEXEC" This is my vhost config: <IfDefine SSL_DEFAULT_VHOST> <IfModule ssl_module> <VirtualHost *:80>Do you have a VH on port 443? NB: SSL is a separate port-based VH, not an extra attribute you tack onto a plain HTTP VH. Rgds, Owen BoyleDisclaimer: Any disclaimer attached to this message may be ignored.ServerName host.company.com DirectoryIndex index.php index.html DocumentRoot "/var/www/localhost/htdocs/host-company-com" ServerAlias host.company.com *.host.company.com ErrorLog /var/log/apache2/vhosts/error_log CustomLog /var/log/apache2/vhosts/access_log common <Directory "/var/www/localhost/htdocs/host-company-com"> SSLRequireSSL Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> </VirtualHost>Now my problem is that if I connect to"host.company.com" but(the content from /var/www/localhost/htdocs/host-company-com is shown), but if I connect to https://host.company.com it doesn't work correctly and the content from /var/www/localhost/htdocs/ (default DocumentRoot) is shown. Why? I want to have ssl support for my vhostapache forwards to the wrong DocumentRoot. Does anyone have an idea, what the problem is? Thank you and best regards, pat---------------------------------------------------------------------contain confidential, proprietary or legally privileged information. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. The sender's company reserves the right to monitor all e-mail communications through their networks.The official User-To-User support forum of the Apache HTTP Server Project.This message is for the named person's use only. It maySee <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx---------------------------------------------------------------------The official User-To-User support forum of the Apache HTTPServer Project.See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx-- Patrick Grieshaber http://www.ng-lab.org sysspoof@xxxxxxxxxx pgr@xxxxxxxxxx ---------------------------------------------------------------------The official User-To-User support forum of the Apache HTTP Server Project.See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
-- Patrick Grieshaber http://www.ng-lab.org sysspoof@xxxxxxxxxx pgr@xxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|