You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Pol Hallen <ap...@fuckaround.org> on 2013/12/31 12:56:39 UTC

[users@httpd] virtualhost: both http and https too

Hi folks! I use debian 7 with apache2 and several virtualhost.

Now I need for each site connect to it using http and https too.

So, do I need add new https virtualhost config to default-ssl? or merge
ssl config to http virtual host?

Thanks for help!

Pol


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] virtualhost: both http and https too

Posted by Fred Miller <fj...@gmail.com>.

Please take me off this email list. I've already unsubscribed.


On Tue, Dec 31, 2013 at 6:56 AM, Pol Hallen <ap...@fuckaround.org> wrote:

> Hi folks! I use debian 7 with apache2 and several virtualhost.
>
> Now I need for each site connect to it using http and https too.
>
> So, do I need add new https virtualhost config to default-ssl? or merge
> ssl config to http virtual host?
>
> Thanks for help!
>
> Pol
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

[users@httpd] Re: virtualhost: both http and https too

Posted by Andrew Schulman <an...@alumni.utexas.net>.

> > So, do I need add new https virtualhost config to default-ssl? or merge
> > ssl config to http virtual host?
> 
> So, I've done exactly the same config file for http virtualhost and the
> rendering of browser is ok. I've added (debian) new https virtualhost to
> /etc/apache/site-available but the rendering of browsers has incorrect.
> 
> You can show both sites going:
> 
> http://www.mokaccino.it/index.php (works)
> https://www.mokaccino.it/index.php (bad)

I see two problems with the https site.

One, the SSL certificate is for pineappleweb.it, so you get a certificate
error when you try to load it.

Two, the page is trying to load some scripts by HTTP instead of HTTPS, for
example:

	<script type="text/javascript" src="http://www.mokaccino.it/js/jquery.carouFredSel-6.2.1-packed.js"></script>
	<script type="text/javascript" src="http://www.mokaccino.it/js/jquery.min.js"></script>
	<script type="text/javascript" src="http://www.mokaccino.it/js/jquery.mobile.customized.min.js"></script>
	<script type="text/javascript" src="http://www.mokaccino.it/js/jquery.easing.1.3.js"></script> 
	<script type="text/javascript" src="http://www.mokaccino.it/js/camera.min.js"></script> 

Most browsers won't load HTTP content within an HTTPS page, because they
consider it insecure.  Some (IE, Firefox?) will pop up a dialog to ask the
user if they want to load unsafe content.  Chrome won't load the scripts by
default, but it adds a little shield icon in the URL bar where the user can
ask to "Load unsafe scripts".

So that's why your page looks wrong in HTTPS, at least in Chrome - it's not
loading your scripts, because they're HTTP and not HTTPS.  Once I tell Chrome
to load the unsafe scripts, the HTTPS page looks just like the HTTP one.

To make your page work in both HTTP and HTTPS, the best solution is to take
away the protocol and hostname in the src attributes:

	<script type="text/javascript" src="/js/jquery.carouFredSel-6.2.1-packed.js"></script>
	<script type="text/javascript" src="/js/jquery.min.js"></script>
	<script type="text/javascript" src="/js/jquery.mobile.customized.min.js"></script>
	<script type="text/javascript" src="/js/jquery.easing.1.3.js"></script> 
	<script type="text/javascript" src="/js/camera.min.js"></script> 

Good luck,
Andrew


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] virtualhost: both http and https too

Posted by Pol Hallen <ap...@fuckaround.org>.

> So, do I need add new https virtualhost config to default-ssl? or merge
> ssl config to http virtual host?

So, I've done exactly the same config file for http virtualhost and the
rendering of browser is ok. I've added (debian) new https virtualhost to
/etc/apache/site-available but the rendering of browsers has incorrect.

You can show both sites going:

http://www.mokaccino.it/index.php (works)
https://www.mokaccino.it/index.php (bad)

<VirtualHost *:443>
ServerSignature Off
ServerAdmin info@example.com
ServerName example.com
ServerAlias www.example.com
SSLEngine on
SSLCertificateFile    /etc/apache2/ssl/apache.pem
DirectoryIndex index.html index.php
DocumentRoot /home/example.com/

suPHP_Engine on
AddHandler x-httpd-php .php .php3 .php4 .php5
suPHP_AddHandler x-httpd-php

suPHP_ConfigPath /home/example.com/
<Directory /home/example.com/>
Options -Includes -Indexes -FollowSymLinks -ExecCGI +MultiViews
AllowOverride none
Order allow,deny
Allow from all
</Directory>

ErrorLog /home/example.com/logs/error.log
CustomLog /home/example.com/logs/access.log combined
</VirtualHost>

Any idea?

Thanks!

Pol


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org