Re: Port 80 and 443 Running Name Based Virtual Host on a Single IP Address - need an example

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Well you can give a go to the following configuration:


Make the end of the httpd.conf look like this:

==SNIP==
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

NameVirtualHost IP_ADDRESS:80
<VirtualHost IP_ADDRESS:80>
DocumentRoot "/usr/local/apache2/htdocs"
ServerName example2.com
ServerAlias www.example2.com
ServerAdmin you@xxxxxxxxxxxx

ErrorLog "|/usr/local/apache2/bin/rotatelogs /usr/local/apache2/logs/error_log.%Y-%m-%d-%H_%M_%S 86400"
CustomLog "|/usr/local/apache2/bin/rotatelogs /usr/local/apache2/logs/access_log.%Y-%m-%d-%H_%M_%S 86400" common
LogLevel info

</VirtualHost>


This should include the SSL virtual server configuration (note the "Include conf/extra/httpd-ssl.conf" line) and create virtual host on port 80.


For the SSL host on port 443, make the conf/extra/httpd-ssl.conf file look like:

==SNIP==
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLSessionCache        "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

SSLMutex  "file:/usr/local/apache2/logs/ssl_mutex"

NameVirtualHost IP_ADDRESS:443
<VirtualHost IP_ADDRESS:443>
DocumentRoot "/usr/local/apache2/htdocs"
ServerName  example1.com
ServerAlias www.example1.com
ServerAdmin you@xxxxxxxxxxxx
ErrorLog "|/usr/local/apache2/bin/rotatelogs /usr/local/apache2/logs/error_log.%Y-%m-%d-%H_%M_%S 86400"
CustomLog "|/usr/local/apache2/bin/rotatelogs /usr/local/apache2/logs/access_log.%Y-%m-%d-%H_%M_%S 86400" common
LogLevel info

SSLEngine on
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/www.example1.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.crt/unencrypted.key
SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/intermediatecrt.crt

#SSLVerifyClient require
#SSLVerifyDepth  10

#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#CustomLog "/usr/local/apache2/logs/ssl_request_log" \
#          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
==SNIP==

I'm assuming you are running apache2 on Unix/Linux and it's been installed in /usr/local/apache2 directory. I also assume that you have the knowledge of creating self generated certificate and/or installing third party certificate from a legal body (like Verisign etc). Please note that you might want to change some of the config settings for the SSL or the file names of the logs or the path where the certificate is going to be installed.

If any more help needed, or something not working please let me know :)

Igor


On Wed, May 5, 2010 at 11:11 AM, Wang, Mary Y <mary.y.wang@xxxxxxxxxx> wrote:
Hi,

How do I declare a port 80 and port 443 name-based virtual host on a single IP address?
For example:
I've two aliases (CNAMES)  are pointing to same machine in DNS.  I want www.example1.com to be main server configuration.
www.example1.com ->  port 443
www.example2.com -> port 80

and both of them are on single IP.

Can someone give me example?

Thanks
Mary




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux