RE: [users@httpd] Port 80 and 443 Running Name Based Virtual Host on a Single IP Address - need an example

["Wang, Mary Y" <ma...@boeing.com>]

Igor,

Thanks for your time.  I'm going to try it.  Yes.  I'm running Apache 2 on a Linux platform.  I actually have a production system that is running on Apache 1.3.x and am in the process of migration to Apache 2.

I've a question, why do I need to following?
"# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
"
I don't recall using this <IfModule> in Apache 1.3.x.
Mary


________________________________
From: Igor Cicimov [mailto:icicimov@gmail.com]
Sent: Tuesday, May 04, 2010 7:31 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Port 80 and 443 Running Name Based Virtual Host on a Single IP Address - need an example

Well you can give a go to the following configuration:


Make the end of the httpd.conf look like this:

==SNIP==
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

NameVirtualHost IP_ADDRESS:80
<VirtualHost IP_ADDRESS:80>
DocumentRoot "/usr/local/apache2/htdocs"
ServerName example2.com<http://example2.com>
ServerAlias www.example2.com<http://www.example2.com>
ServerAdmin you@example2.com<ma...@example2.com>

ErrorLog "|/usr/local/apache2/bin/rotatelogs /usr/local/apache2/logs/error_log.%Y-%m-%d-%H_%M_%S 86400"
CustomLog "|/usr/local/apache2/bin/rotatelogs /usr/local/apache2/logs/access_log.%Y-%m-%d-%H_%M_%S 86400" common
LogLevel info

</VirtualHost>


This should include the SSL virtual server configuration (note the "Include conf/extra/httpd-ssl.conf" line) and create virtual host on port 80.


For the SSL host on port 443, make the conf/extra/httpd-ssl.conf file look like:

==SNIP==
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLSessionCache        "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

SSLMutex  "file:/usr/local/apache2/logs/ssl_mutex"

NameVirtualHost IP_ADDRESS:443
<VirtualHost IP_ADDRESS:443>
DocumentRoot "/usr/local/apache2/htdocs"
ServerName  example1.com<http://example1.com>
ServerAlias www.example1.com<http://www.example1.com>
ServerAdmin you@example1.com<ma...@example1.com>
ErrorLog "|/usr/local/apache2/bin/rotatelogs /usr/local/apache2/logs/error_log.%Y-%m-%d-%H_%M_%S 86400"
CustomLog "|/usr/local/apache2/bin/rotatelogs /usr/local/apache2/logs/access_log.%Y-%m-%d-%H_%M_%S 86400" common
LogLevel info

SSLEngine on
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/www.example1.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.crt/unencrypted.key
SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/intermediatecrt.crt

#SSLVerifyClient require
#SSLVerifyDepth  10

#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache2/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#CustomLog "/usr/local/apache2/logs/ssl_request_log" \
#          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
==SNIP==

I'm assuming you are running apache2 on Unix/Linux and it's been installed in /usr/local/apache2 directory. I also assume that you have the knowledge of creating self generated certificate and/or installing third party certificate from a legal body (like Verisign etc). Please note that you might want to change some of the config settings for the SSL or the file names of the logs or the path where the certificate is going to be installed.

If any more help needed, or something not working please let me know :)

Igor


On Wed, May 5, 2010 at 11:11 AM, Wang, Mary Y <ma...@boeing.com>> wrote:
Hi,

How do I declare a port 80 and port 443 name-based virtual host on a single IP address?
For example:
I've two aliases (CNAMES)  are pointing to same machine in DNS.  I want www.example1.com<http://www.example1.com> to be main server configuration.
www.example1.com<http://www.example1.com> ->  port 443
www.example2.com<http://www.example2.com> -> port 80

and both of them are on single IP.

Can someone give me example?

Thanks
Mary




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org<ma...@httpd.apache.org>
  "   from the digest: users-digest-unsubscribe@httpd.apache.org<ma...@httpd.apache.org>
For additional commands, e-mail: users-help@httpd.apache.org<ma...@httpd.apache.org>