[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-users
Subject: Fwd: Re: [users@httpd] apache and ssl
From: Dave Henderson <dhenderson () digital-pipe ! com>
Date: 2006-06-29 18:30:35
Message-ID: 20060629183035.79375.qmail () web606 ! biz ! mail ! mud ! yahoo ! com
[Download RAW message or body]
I found out that I had to add multiple NameVirtualHost definitions like the \
following:
NameVirtualHost 192.168.0.12:80
NameVirtualHost 192.168.0.12:443
and I also changed the virtual host section to use 192.168.0.12 instead of the \
192.168.0.13 ip address. Tried to go back to the ssl page and..... it still failed. \
I am pulling my hair out! This is so frustrating! Does anyone have any more \
information to share with me?
Thanks,
Dave
Dave Henderson <dhenderson@digital-pipe.com> wrote: Date: Thu, 29 Jun 2006 07:30:50 \
-0700 (PDT)
From: Dave Henderson <dhenderson@digital-pipe.com>
To: users@httpd.apache.org
Subject: Re: [users@httpd] apache and ssl
Ok, if I try to separate them, I will have to modify my NameVirtualHost definition \
file to something like:
NameVirtualHost: 192.168.0.12:*
or
NameVirtualHost: 192.168.0.12
but if I do that, I get error messages when I try to stop and restart the server:
[Thu Jun 29 10:27:31 2006] [error] VirtualHost 192.168.0.12:80 -- mixing * ports \
and non-* ports with a NameVirtualHost address is not supported, proceeding with \
undefined results
Do I need to modify my "Listen" definition to be something like:
Listen 192.168.0.12:80
Listen 192.168.0.12:443
Thanks,
Dave
(Sorry for direct response, I didn't know you were being sent an email as well)
Pid <p@pidster.com> wrote: Date: Thu, 29 Jun 2006 15:06:29 +0100
From: Pid <p@pidster.com>
To: Dave Henderson <dhenderson@digital-pipe.com>
Subject: Re: [users@httpd] apache and ssl
I don't think you gain anything by separating the IPs if they're
actually on one physical connection.
(reply to the list only please)
Dave Henderson wrote:
> I do have two NameVirtualHost definitions:
>
> NameVirtualHost 192.168.0.12:80
> NameVirtualHost 192.168.0.13:443
>
> On my firewall, I have port 80 traffic going to 192.168.0.12 and 443
> traffic going to 192.168.0.13. Both ip's are used on the same server by
> way of assigning multiple ip addresses to one nic. Should I change my
> vhost definitions to use on the 192.168.0.12 ip address instead of using
> the two shown above?
>
> Thanks,
> Dave
>
>
>
> */Pid /* wrote:
>
> Does anyone else think that this is wrong?
>
> SSLCertificateFile /etc/apache2/ssl/certs/sitename.com.crt
> SSLCertificateKeyFile /etc/apache2/ssl/keys/sitename.com.key
> > > SSLCACertificateFile /etc/apache2/ssl/root/sitename.com.crt
>
> It looks like you're telling it that the Certificate Authority is the
> same file as the Certificate itself. I could be wrong tho.
>
>
>
> As regards to the VHost defs: it depends what you've got in front of the
> server in the way of DNS or loadbalancers.
>
> Your domain name can only resolve to point at one IP address (unless
> you're using load balancers or proxies etc etc). So any request for the
> SSL port of demo.sitename.com is going to arrive at the same IP as the
> port 80 connection.
>
> http://demo.sitename.com > IP1
> https://demo.sitename.com > Still IP1
>
>
> (Have you set "NameVirtualHost" or not?)
>
>
>
> Dave Henderson wrote:
> > I am wondering if the virtual host definitions are wrong. Can I do the
> > following (even though the ServerName options have the same
> value)? Can
> > I use the IP addresses like I have done below?
> >
> >
> >
> > ServerAdmin webmaster@sitename.com
> > ServerName demo.sitename.com
> > DocumentRoot /var/www/sitename.com/demo
> >
> > # This should be changed to whatever you set DocumentRoot to.
> >
> > Options Indexes Includes
> > AllowOverride Options
> > Order allow,deny
> > Allow from all
> >
> > ErrorLog /var/log/apache2/sitename.com/demo/error.log
> > CustomLog /var/log/apache2/sitename.com/demo/access.log common
> > CustomLog /var/log/apache2/sitename.com/demo/referer.log referer
> > CustomLog /var/log/apache2/sitename.com/demo/agent.log agent
> >
> > # Possible values: debug, info, notice, warn, error, crit,
> > alert, emerg.
> > LogLevel warn
> >
> > ServerSignature On
> >
> >
> >
> >
> > ServerAdmin webmaster@sitename.com
> > ServerName demo.sitename.com
> > DocumentRoot /var/www/sitename.com/demo/ssl
> >
> > # SSL specifications
> > SSLEngine On
> > SSLCertificateFile /etc/apache2/ssl/certs/sitename.com.crt
> > SSLCertificateKeyFile /etc/apache2/ssl/keys/sitename.com.key
> > SSLCACertificateFile /etc/apache2/ssl/root/sitename.com.crt
> > SSLCipherSuite SSLv2:+HIGH:+MEDIUM
> > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> >
> > # SSLVerifyClient require
> > # SSLVerifyDepth 1
> > # CustomLog /var/log/apache2/ssl \ "%t %h %{SSL_PROTOCOL}x
> > %{SSL_CIPHER}x$
> > #
> > # SSLCipherSuite SSLv2:+HIGH:+MEDIUM
> > # SSLVerifyClient require
> > # SSLVerifyDepth 1
> > #
> >
> > # This should be changed to whatever you set DocumentRoot to.
> >
> > Options Indexes Includes
> > AllowOverride Options
> > Order allow,deny
> > Allow from all
> >
> > ErrorLog /var/log/apache2/sitename.com/demo/error.log
> > CustomLog /var/log/apache2/sitename.com/demo/access.log common
> > CustomLog /var/log/apache2/sitename.com/demo/referer.log referer
> > CustomLog /var/log/apache2/sitename.com/demo/agent.log agent
> >
> > # Possible values: debug, info, notice, warn, error, crit,
> > alert, emerg.
> > LogLevel warn
> >
> > ServerSignature On
> >
> >
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
[Attachment #3 (text/html)]
I found out that I had to add multiple NameVirtualHost definitions like the \
following:<br> <br> NameVirtualHost 192.168.0.12:80<br> NameVirtualHost \
192.168.0.12:443<br> <br> and I also changed the virtual host section to use \
192.168.0.12 instead of the 192.168.0.13 ip address. Tried to go back to the \
ssl page and..... it still failed. I am pulling my hair out! This is so \
frustrating! Does anyone have any more information to share with me?<br> <br> \
Thanks,<br> Dave<br> <br> <br><br><b><i>Dave Henderson \
<dhenderson@digital-pipe.com></i></b> wrote:<blockquote class="replbq" \
style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: \
5px;"> Date: Thu, 29 Jun 2006 07:30:50 -0700 (PDT)<br>From: Dave Henderson \
<dhenderson@digital-pipe.com><br>To: users@httpd.apache.org<br>Subject: Re: \
[users@httpd] apache and ssl<br><br> Ok, if I try to separate them, I will have to \
modify my NameVirtualHost definition file to something like:<br> <br> \
NameVirtualHost: 192.168.0.12:*<br> or<br> NameVirtualHost: 192.168.0.12<br> <br> \
but if I do that, I get error messages when I try to stop and restart the server:<br> \
<br> [Thu Jun 29 10:27:31 2006] [error] VirtualHost 192.168.0.12:80 -- mixing * \
ports and non-* ports with a NameVirtualHost address is not supported, proceeding \
with undefined results<br> <br> Do I need to modify my "Listen" definition to be \
something like:<br> <br> Listen 192.168.0.12:80<br> Listen 192.168.0.12:443<br> \
<br> Thanks,<br> Dave<br> <br> (Sorry for direct response, I didn't know you were \
being sent an email as well)<br><br><b><i>Pid <p@pidster.com></i></b> \
wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); \
margin-left: 5px; padding-left: 5px;"> Date: Thu, 29 Jun 2006 15:06:29 \
+0100<br>From: Pid <p@pidster.com><br>To: Dave Henderson \
<dhenderson@digital-pipe.com><br>Subject: Re: [users@httpd] apache and \
ssl<br><br> I don't think you gain anything by separating the IPs if \
they're<br>actually on one physical connection.<br><br>(reply to the list only \
please)<br><br><br><br>Dave Henderson wrote:<br>> I do have two NameVirtualHost \
definitions:<br>> <br>> NameVirtualHost 192.168.0.12:80<br>> NameVirtualHost \
192.168.0.13:443<br>> <br>> On my firewall, I have port 80 traffic going to \
192.168.0.12 and 443<br>> traffic going to 192.168.0.13. Both ip's are used on \
the same server by<br>> way of assigning multiple ip addresses to one nic. Should \
I change my<br>> vhost definitions to use on the 192.168.0.12 ip address instead \
of using<br>> the two shown above?<br>> <br>> Thanks,<br>> Dave<br>> \
<br>> <br>> <br>> */Pid <div @pidster.com="">/* wrote:<br>> <br>> \
Does anyone else think that this is wrong?<br>> <br>> SSLCertificateFile \
/etc/apache2/ssl/certs/sitename.com.crt<br>> SSLCertificateKeyFile \
/etc/apache2/ssl/keys/sitename.com.key<br>> >> SSLCACertificateFile \
/etc/apache2/ssl/root/sitename.com.crt<br>> <br>> It looks like you're \
telling it that the Certificate Authority is the<br>> same file as the \
Certificate itself. I could be wrong tho.<br>> <br>> <br>> <br>> As \
regards to the VHost defs: it depends what you've got in front of the<br>> \
server in the way of DNS or loadbalancers.<br>> <br>> Your domain name can \
only resolve to point at one IP address (unless<br>> you're using load \
balancers or proxies etc etc). So any request for the<br>> SSL port of \
demo.sitename.com is going to arrive at the same IP as the<br>> port 80 \
connection.<br>> <br>> http://demo.sitename.com > IP1<br>> \
https://demo.sitename.com > Still IP1<br>> <br>> <br>> (Have you set \
"NameVirtualHost" or not?)<br>> <br>> <br>> <br>> Dave Henderson \
wrote:<br>> > I am wondering if the virtual host definitions are wrong. Can I \
do the<br>> > following (even though the ServerName options have the \
same<br>> value)? Can<br>> > I use the IP addresses like I have done \
below?<br>> ><br>> ><br>> ><br>> > \
ServerAdmin webmaster@sitename.com<br>> > ServerName \
demo.sitename.com<br>> > DocumentRoot /var/www/sitename.com/demo<br>> \
><br>> > # This should be changed to whatever you set DocumentRoot \
to.<br>> ><br>> > Options Indexes Includes<br>> > \
AllowOverride Options<br>> > Order allow,deny<br>> > Allow from \
all<br>> ><br>> > ErrorLog \
/var/log/apache2/sitename.com/demo/error.log<br>> > CustomLog \
/var/log/apache2/sitename.com/demo/access.log common<br>> > CustomLog \
/var/log/apache2/sitename.com/demo/referer.log referer<br>> > CustomLog \
/var/log/apache2/sitename.com/demo/agent.log agent<br>> ><br>> > \
# Possible values: debug, info, notice, warn, error, crit,<br>> > alert, \
emerg.<br>> > LogLevel warn<br>> ><br>> > \
ServerSignature On<br>> ><br>> ><br>> ><br>> \
><br>> > ServerAdmin webmaster@sitename.com<br>> > ServerName \
demo.sitename.com<br>> > DocumentRoot \
/var/www/sitename.com/demo/ssl<br>> ><br>> > # SSL \
specifications<br>> > SSLEngine On<br>> > SSLCertificateFile \
/etc/apache2/ssl/certs/sitename.com.crt<br>> > SSLCertificateKeyFile \
/etc/apache2/ssl/keys/sitename.com.key<br>> > SSLCACertificateFile \
/etc/apache2/ssl/root/sitename.com.crt<br>> > SSLCipherSuite \
SSLv2:+HIGH:+MEDIUM<br>> > SetEnvIf User-Agent ".*MSIE.*" nokeepalive \
ssl-unclean-shutdown<br>> ><br>> > # SSLVerifyClient \
require<br>> > # SSLVerifyDepth 1<br>> > # CustomLog \
/var/log/apache2/ssl \ "%t %h %{SSL_PROTOCOL}x<br>> > \
%{SSL_CIPHER}x$<br>> > #<br>> > # SSLCipherSuite \
SSLv2:+HIGH:+MEDIUM<br>> > # SSLVerifyClient require<br>> > # \
SSLVerifyDepth 1<br>> > #<br>> ><br>> > # This should \
be changed to whatever you set DocumentRoot to.<br>> ><br>> > \
Options Indexes Includes<br>> > AllowOverride Options<br>> > \
Order allow,deny<br>> > Allow from all<br>> ><br>> > \
ErrorLog /var/log/apache2/sitename.com/demo/error.log<br>> > CustomLog \
/var/log/apache2/sitename.com/demo/access.log common<br>> > CustomLog \
/var/log/apache2/sitename.com/demo/referer.log referer<br>> > CustomLog \
/var/log/apache2/sitename.com/demo/agent.log agent<br>> ><br>> > \
# Possible values: debug, info, notice, warn, error, crit,<br>> > alert, \
emerg.<br>> > LogLevel warn<br>> ><br>> > \
ServerSignature On<br>> ><br>> ><br>> <br>> \
---------------------------------------------------------------------<br>> The \
official User-To-User support forum of the Apache HTTP Server<br>> \
Project.<br>> See for more info.<br>> To unsubscribe, e-mail: \
users-unsubscribe@httpd.apache.org<br>> " from the digest: \
users-digest-unsubscribe@httpd.apache.org<br>> For additional commands, \
e-mail: users-help@httpd.apache.org<br>> <br>> \
<br></div></blockquote><br></blockquote><br>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic